Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/7cf17e61-b049-438c-8aaf-2d4714b51857.roa
File:                     7cf17e61-b049-438c-8aaf-2d4714b51857.roa (raw, json)
Hash identifier:          UbIODB0cDFxC51k9vnqW1HXpUB1gYzEEA1ISNd331ik=
Subject key identifier:   F7:6E:8F:35:35:4A:2C:F2:C4:72:AD:DF:81:42:AC:A5:03:C1:17:8D
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       77B7F20F53AD6B038F4DFB6DA7E237CDFE931D9D
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/7cf17e61-b049-438c-8aaf-2d4714b51857.roa
Signing time:             Tue 12 Mar 2024 00:00:00 +0000
ROA not before:           Tue 12 Mar 2024 00:00:00 +0000
ROA not after:            Tue 16 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80fa:4000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 03:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:b7:f2:0f:53:ad:6b:03:8f:4d:fb:6d:a7:e2:37:cd:fe:93:1d:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Mar 12 00:00:00 2024 GMT
            Not After : Apr 16 23:59:59 2024 GMT
        Subject: serialNumber=f728e3245f1e6210e41f7ebc8559546e48d3535874b4cab3e992175c2df7e4bb, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:42:11:ce:6b:0c:be:fd:9e:f7:ab:57:d3:7b:
                    a0:be:04:03:27:14:85:7f:6f:10:24:a1:14:07:e3:
                    b4:49:86:0f:8e:05:b0:37:00:49:e3:24:bc:f8:77:
                    f2:56:68:5b:60:81:e2:76:16:4b:23:e9:e4:2d:9b:
                    70:6c:cc:f2:08:66:a6:3b:66:d5:65:45:96:14:ee:
                    92:5d:d7:3f:00:8d:e9:a1:7b:45:e7:bf:72:c5:24:
                    bf:50:12:dd:e1:76:05:af:99:cc:2f:99:14:1f:a3:
                    e5:40:72:8f:a0:0e:8a:6d:60:60:e7:52:26:4d:83:
                    85:c0:9c:41:08:4c:4c:36:20:54:dd:1a:8a:33:1f:
                    02:15:30:c9:13:0b:19:49:31:67:04:ee:83:33:18:
                    89:c2:df:2d:d0:cf:f2:3f:75:b6:ca:a4:be:2a:25:
                    11:51:cc:7a:31:13:87:2b:90:42:39:43:a3:7c:a0:
                    ea:76:81:52:06:26:3b:51:80:c5:16:77:e7:af:aa:
                    2e:1d:c0:0c:8e:ef:ad:ed:b4:50:4b:1a:2b:4f:66:
                    fa:28:e8:81:c1:9a:29:ef:45:a3:6d:94:3a:67:5c:
                    b8:3a:94:cf:ba:80:e5:76:37:16:9f:a7:d0:8f:fd:
                    39:f3:38:78:6e:dd:d8:de:8d:a6:43:69:0c:e0:8f:
                    3b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:6E:8F:35:35:4A:2C:F2:C4:72:AD:DF:81:42:AC:A5:03:C1:17:8D
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/7cf17e61-b049-438c-8aaf-2d4714b51857.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80fa:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         69:2c:af:29:20:fa:05:38:65:c3:04:55:92:8f:f7:da:88:0d:
         84:88:e0:c5:54:f0:c0:c7:29:5a:9a:86:e9:67:76:1f:a8:7d:
         c3:bd:42:12:df:52:0e:91:b1:b7:c6:61:4b:75:e4:aa:c9:d5:
         ba:3b:a8:ca:03:93:97:cb:54:1b:82:fa:82:48:71:c9:03:d0:
         0c:53:b7:3d:67:b1:ab:19:37:dd:c5:2f:81:c7:31:40:98:55:
         65:e4:b2:ad:77:e1:a0:a0:40:17:d5:2f:f2:c7:59:ce:0d:78:
         68:40:f0:d6:62:ac:57:f4:5d:d9:4f:91:ca:1c:bd:0f:74:31:
         81:62:4c:c4:40:b0:6f:de:90:07:86:58:f5:90:cc:88:50:de:
         91:a7:32:78:e0:54:26:76:e0:c6:f5:03:d8:db:db:f4:20:2a:
         47:84:32:cd:6f:eb:68:25:52:e1:ae:50:46:ef:84:c0:60:1b:
         58:e3:74:9a:15:eb:04:d9:ac:14:f4:ef:87:83:e8:4c:00:e1:
         8a:5c:87:49:96:f8:64:85:c5:8c:2a:30:64:20:be:5e:22:a5:
         9b:b3:d9:60:a0:33:22:82:a5:21:9f:ff:40:57:dc:1d:37:c9:
         a6:55:77:27:ed:ac:96:e8:db:ba:81:27:20:e4:6d:bd:1a:9f:
         ab:b0:37:64
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUd7fyD1OtawOPTfttp+I3zf6THZ0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI0MDMxMjAwMDAwMFoX
DTI0MDQxNjIzNTk1OVowejFJMEcGA1UEBRNAZjcyOGUzMjQ1ZjFlNjIxMGU0MWY3
ZWJjODU1OTU0NmU0OGQzNTM1ODc0YjRjYWIzZTk5MjE3NWMyZGY3ZTRiYjEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUIRzmsMvv2e96tX03ugvgQDJxSF
f28QJKEUB+O0SYYPjgWwNwBJ4yS8+HfyVmhbYIHidhZLI+nkLZtwbMzyCGamO2bV
ZUWWFO6SXdc/AI3poXtF579yxSS/UBLd4XYFr5nML5kUH6PlQHKPoA6KbWBg51Im
TYOFwJxBCExMNiBU3RqKMx8CFTDJEwsZSTFnBO6DMxiJwt8t0M/yP3W2yqS+KiUR
Ucx6MROHK5BCOUOjfKDqdoFSBiY7UYDFFnfnr6ouHcAMju+t7bRQSxorT2b6KOiB
wZop70WjbZQ6Z1y4OpTPuoDldjcWn6fQj/058zh4bt3Y3o2mQ2kM4I878wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPdujzU1SizyxHKt34FCrKUDwReNMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzdjZjE3ZTYxLWIwNDktNDM4Yy04YWFmLTJkNDcxNGI1MTg1Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A+kAwDQYJKoZIhvcNAQELBQADggEBAGksrykg+gU4ZcMEVZKP
99qIDYSI4MVU8MDHKVqahulndh+ofcO9QhLfUg6RsbfGYUt15KrJ1bo7qMoDk5fL
VBuC+oJIcckD0AxTtz1nsasZN93FL4HHMUCYVWXksq134aCgQBfVL/LHWc4NeGhA
8NZirFf0XdlPkcocvQ90MYFiTMRAsG/ekAeGWPWQzIhQ3pGnMnjgVCZ24Mb1A9jb
2/QgKkeEMs1v62glUuGuUEbvhMBgG1jjdJoV6wTZrBT074eD6EwA4Ypch0mW+GSF
xYwqMGQgvl4ipZuz2WCgMyKCpSGf/0BX3B03yaZVdyftrJbo27qBJyDkbb0an6uw
N2Q=
-----END CERTIFICATE-----
Generated at Wed Mar 27 15:59:30 2024 by rpki-client on console-fra.rpki-client.org