Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/65f60eb5-aea2-48c7-83e9-3e1305e6dbea.roa
File:                     65f60eb5-aea2-48c7-83e9-3e1305e6dbea.roa (raw, json)
Hash identifier:          ynx17mt8h346GlOCZeqwNitzXr8FhcZiKfTGjzZPKG0=
Subject key identifier:   64:DB:8F:D8:67:B9:1A:85:45:FE:D1:66:BD:0A:FD:0E:B0:79:E7:13
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       70D3FA9D5714C474B2AC24FD4648476BA55E4E92
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/65f60eb5-aea2-48c7-83e9-3e1305e6dbea.roa
Signing time:             Tue 12 Mar 2024 00:00:00 +0000
ROA not before:           Tue 12 Mar 2024 00:00:00 +0000
ROA not after:            Tue 16 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:8018::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 03:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:d3:fa:9d:57:14:c4:74:b2:ac:24:fd:46:48:47:6b:a5:5e:4e:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Mar 12 00:00:00 2024 GMT
            Not After : Apr 16 23:59:59 2024 GMT
        Subject: serialNumber=ea45ed6cb0a897febd89a93563a2b26981c47cec34a93159ec85fbfe43b44efe, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d5:71:b0:ff:45:f4:ef:c9:74:9b:ca:b3:24:
                    c8:4d:a9:32:e1:f1:b5:1b:a6:f3:34:07:da:4e:64:
                    e3:03:17:17:86:d7:8e:cc:0a:0a:9a:b4:bf:c4:d5:
                    a1:38:37:2f:6e:66:e7:06:91:9d:26:c4:c5:a5:02:
                    bc:bc:f9:95:d4:56:2d:3a:55:81:36:75:21:bf:64:
                    cb:46:9d:89:20:52:4e:83:ed:d4:39:be:14:2e:61:
                    a7:60:ab:39:19:28:f1:f3:10:1d:ba:54:32:6f:69:
                    02:56:57:cb:4a:dc:94:68:f8:49:9a:84:fd:c5:06:
                    eb:e6:80:7c:d2:8a:c1:e9:d5:c2:9b:05:03:23:3a:
                    ba:eb:65:79:79:8c:a3:4b:6d:82:ef:78:cb:1f:21:
                    2a:48:38:bb:b1:d1:09:b0:58:64:c6:c2:1f:43:6f:
                    36:95:cc:ec:1d:5a:5a:90:fc:39:de:f6:34:06:07:
                    66:0d:a2:12:c8:f2:79:82:b2:d4:fc:4a:81:2a:60:
                    f9:83:7d:d0:3a:48:71:12:80:6f:cc:f8:06:05:e3:
                    6e:76:d2:23:0f:18:39:bd:2c:3a:25:26:e4:4a:c3:
                    a3:57:91:04:22:e5:b4:c3:1f:e1:c9:87:54:6d:d3:
                    d8:17:59:ab:7f:c2:c6:32:d1:d1:a9:a6:62:f3:89:
                    20:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:DB:8F:D8:67:B9:1A:85:45:FE:D1:66:BD:0A:FD:0E:B0:79:E7:13
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/65f60eb5-aea2-48c7-83e9-3e1305e6dbea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:8018::/36

    Signature Algorithm: sha256WithRSAEncryption
         ad:f2:2d:4d:1f:6b:6c:86:86:39:b4:1a:f4:17:c8:f7:7d:70:
         b6:44:fa:0d:79:c6:ff:fe:fd:33:47:a9:5a:7f:19:0b:15:cb:
         93:07:d3:b4:63:82:7a:f4:1f:df:45:72:20:39:fe:12:e1:1b:
         22:e0:2a:a3:4d:aa:75:a5:8d:b5:f6:c6:ac:cd:33:34:b1:94:
         fd:94:c6:7b:bc:4c:9b:e3:07:ac:96:80:7d:1e:d1:24:9a:3d:
         d6:9e:50:9f:83:14:2f:14:17:63:20:d6:78:91:bc:9a:cc:f1:
         51:0a:9d:58:65:00:51:a1:4f:54:2a:4a:9e:15:2a:cb:34:e7:
         1d:7a:d8:ff:e7:e7:c5:f2:bd:10:2e:c9:fd:6e:cd:2a:93:58:
         80:df:07:bf:32:12:ee:e0:47:3e:66:7d:39:00:43:73:40:94:
         63:2d:f8:b6:d9:43:bb:4f:6d:0a:30:21:d5:60:bd:bf:62:cb:
         28:ee:25:7d:49:2d:6f:b1:5f:97:52:c1:cf:c2:be:0e:3e:7e:
         76:d7:61:0d:70:40:aa:19:26:55:15:72:df:47:c5:11:03:a8:
         62:a6:5a:7a:d0:55:fd:2c:de:5e:8a:1e:9d:69:61:b2:c3:88:
         72:24:ea:86:e4:ff:2f:f3:a2:8d:2d:4c:1c:0e:10:83:4f:d5:
         6d:42:6a:9e
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUcNP6nVcUxHSyrCT9RkhHa6VeTpIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI0MDMxMjAwMDAwMFoX
DTI0MDQxNjIzNTk1OVowejFJMEcGA1UEBRNAZWE0NWVkNmNiMGE4OTdmZWJkODlh
OTM1NjNhMmIyNjk4MWM0N2NlYzM0YTkzMTU5ZWM4NWZiZmU0M2I0NGVmZTEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdVxsP9F9O/JdJvKsyTITaky4fG1
G6bzNAfaTmTjAxcXhteOzAoKmrS/xNWhODcvbmbnBpGdJsTFpQK8vPmV1FYtOlWB
NnUhv2TLRp2JIFJOg+3UOb4ULmGnYKs5GSjx8xAdulQyb2kCVlfLStyUaPhJmoT9
xQbr5oB80orB6dXCmwUDIzq662V5eYyjS22C73jLHyEqSDi7sdEJsFhkxsIfQ282
lczsHVpakPw53vY0BgdmDaISyPJ5grLU/EqBKmD5g33QOkhxEoBvzPgGBeNudtIj
Dxg5vSw6JSbkSsOjV5EEIuW0wx/hyYdUbdPYF1mrf8LGMtHRqaZi84kgTwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFGTbj9hnuRqFRf7RZr0K/Q6weecTMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzY1ZjYwZWI1LWFlYTItNDhjNy04M2U5LTNlMTMwNWU2ZGJlYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJA+AGAAwDQYJKoZIhvcNAQELBQADggEBAK3yLU0fa2yGhjm0GvQX
yPd9cLZE+g15xv/+/TNHqVp/GQsVy5MH07Rjgnr0H99FciA5/hLhGyLgKqNNqnWl
jbX2xqzNMzSxlP2Uxnu8TJvjB6yWgH0e0SSaPdaeUJ+DFC8UF2Mg1niRvJrM8VEK
nVhlAFGhT1QqSp4VKss05x162P/n58XyvRAuyf1uzSqTWIDfB78yEu7gRz5mfTkA
Q3NAlGMt+LbZQ7tPbQowIdVgvb9iyyjuJX1JLW+xX5dSwc/Cvg4+fnbXYQ1wQKoZ
JlUVct9HxREDqGKmWnrQVf0s3l6KHp1pYbLDiHIk6obk/y/zoo0tTBwOEINP1W1C
ap4=
-----END CERTIFICATE-----
Generated at Wed Mar 27 15:59:30 2024 by rpki-client on console-fra.rpki-client.org