Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/7cf17e61-b049-438c-8aaf-2d4714b51857.roa
File:                     7cf17e61-b049-438c-8aaf-2d4714b51857.roa (raw, json)
Hash identifier:          8XHAnQ7kt9wsqQT1SVx+5OewFGJn+0TrifQwUpn77Ls=
Subject key identifier:   3C:37:CB:C9:5B:A9:C5:DB:E6:BE:AA:68:87:85:39:BB:C0:AE:6B:24
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       4BE423712108ADEE5564A26CBF28E6FE4ABF9D04
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/7cf17e61-b049-438c-8aaf-2d4714b51857.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80fa:4000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 03:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:e4:23:71:21:08:ad:ee:55:64:a2:6c:bf:28:e6:fe:4a:bf:9d:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=eb3b2562062b92638dd0d10bde4ab6d7e5fd0c24e62bd23e328e3c31c440fc04, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:5b:37:18:80:f6:5c:2b:12:b5:c8:65:33:06:
                    50:bd:46:c9:ed:62:4b:f1:3b:26:65:f6:58:4f:c5:
                    3b:3d:ea:20:81:ad:49:ab:ca:7d:90:82:39:b2:fe:
                    72:f5:ad:c3:51:96:59:9e:57:1a:d4:3c:ef:8e:be:
                    77:f5:53:65:b6:81:48:99:3f:86:bf:e1:ac:c3:b8:
                    da:33:74:33:9f:55:aa:3d:fd:1c:e5:fb:57:03:6f:
                    ca:1b:32:07:95:9d:44:fd:e0:73:b4:81:30:1d:99:
                    6d:ba:86:79:d6:ed:af:09:39:ae:d4:00:e3:18:e3:
                    96:9b:08:41:f4:5e:3d:e5:15:df:83:b8:b7:20:3c:
                    08:34:48:db:2c:a7:e8:77:00:17:35:a8:2f:1f:6b:
                    be:91:cb:c7:d0:9e:39:1a:09:63:c0:6e:45:f4:4d:
                    1b:9d:ec:de:49:ea:0b:c4:c2:52:f7:89:a6:b6:79:
                    26:af:c5:ff:19:68:dc:f7:2d:90:21:1e:2d:93:a9:
                    70:36:19:74:fe:6e:b8:0a:3e:ab:a2:03:d2:de:4b:
                    e9:22:11:fc:32:f2:99:a0:02:a9:61:19:3e:d7:db:
                    5d:3d:b7:16:8f:ec:63:ca:e5:c4:a1:62:d0:e2:52:
                    2d:78:59:90:30:ab:93:02:a0:61:b6:a0:a8:3b:d5:
                    d7:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:37:CB:C9:5B:A9:C5:DB:E6:BE:AA:68:87:85:39:BB:C0:AE:6B:24
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/7cf17e61-b049-438c-8aaf-2d4714b51857.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80fa:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         6d:11:04:2a:61:75:7a:0d:1a:29:17:d5:91:8e:b4:f7:7d:e5:
         87:c0:84:14:49:f0:55:38:97:c8:d0:ed:bf:e9:3a:f8:33:22:
         d5:a3:28:0b:06:4f:49:2e:5b:92:2c:29:c7:c7:2c:a2:5f:53:
         99:59:d7:d2:0d:ab:41:66:04:d2:42:76:22:18:36:c7:6f:f7:
         2d:de:64:eb:ce:32:29:17:fa:e8:25:18:56:f9:ad:cc:6a:55:
         d3:fd:39:86:2d:d4:81:46:7f:55:df:01:67:7a:7e:36:07:32:
         10:c9:97:9a:ca:5d:33:3d:a0:d3:28:60:c8:dc:00:b1:8c:37:
         92:ad:95:94:49:9f:4d:5f:49:f5:36:25:19:92:15:e7:09:3d:
         5b:38:ea:76:25:42:1a:82:6d:93:99:89:96:38:82:07:4c:6f:
         f1:71:82:5b:43:82:8c:08:fc:22:45:2f:87:9e:b5:20:55:92:
         6a:d9:ab:67:8c:d8:c4:a2:b6:2e:c5:2c:b4:e3:85:f3:d8:19:
         fd:0d:6c:bf:1c:91:61:66:96:03:3f:62:86:f8:2f:f9:9d:1f:
         25:ac:21:b6:17:6d:d3:24:d0:fe:ce:8d:42:1b:08:ab:1d:53:
         80:1b:86:f1:ee:cc:ee:c7:45:5a:cb:62:aa:32:79:cb:d8:6d:
         a0:70:4b:87
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUS+QjcSEIre5VZKJsvyjm/kq/nQQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTIzMDkxODAwMDAwMFoX
DTIzMTAyMzIzNTk1OVowejFJMEcGA1UEBRNAZWIzYjI1NjIwNjJiOTI2MzhkZDBk
MTBiZGU0YWI2ZDdlNWZkMGMyNGU2MmJkMjNlMzI4ZTNjMzFjNDQwZmMwNDEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Vs3GID2XCsStchlMwZQvUbJ7WJL
8TsmZfZYT8U7Peogga1Jq8p9kII5sv5y9a3DUZZZnlca1Dzvjr539VNltoFImT+G
v+Gsw7jaM3Qzn1WqPf0c5ftXA2/KGzIHlZ1E/eBztIEwHZltuoZ51u2vCTmu1ADj
GOOWmwhB9F495RXfg7i3IDwINEjbLKfodwAXNagvH2u+kcvH0J45GgljwG5F9E0b
nezeSeoLxMJS94mmtnkmr8X/GWjc9y2QIR4tk6lwNhl0/m64Cj6rogPS3kvpIhH8
MvKZoAKpYRk+19tdPbcWj+xjyuXEoWLQ4lIteFmQMKuTAqBhtqCoO9XXxwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDw3y8lbqcXb5r6qaIeFObvArmskMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzdjZjE3ZTYxLWIwNDktNDM4Yy04YWFmLTJkNDcxNGI1MTg1Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A+kAwDQYJKoZIhvcNAQELBQADggEBAG0RBCphdXoNGikX1ZGO
tPd95YfAhBRJ8FU4l8jQ7b/pOvgzItWjKAsGT0kuW5IsKcfHLKJfU5lZ19INq0Fm
BNJCdiIYNsdv9y3eZOvOMikX+uglGFb5rcxqVdP9OYYt1IFGf1XfAWd6fjYHMhDJ
l5rKXTM9oNMoYMjcALGMN5KtlZRJn01fSfU2JRmSFecJPVs46nYlQhqCbZOZiZY4
ggdMb/FxgltDgowI/CJFL4eetSBVkmrZq2eM2MSiti7FLLTjhfPYGf0NbL8ckWFm
lgM/Yob4L/mdHyWsIbYXbdMk0P7OjUIbCKsdU4AbhvHuzO7HRVrLYqoyecvYbaBw
S4c=
-----END CERTIFICATE-----
Generated at Mon Sep 18 15:40:40 2023 by rpki-client on console-ams.rpki-client.org