Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/86cfd33f-a067-4c5c-8ad5-49ec8cde1823.roa
File:                     86cfd33f-a067-4c5c-8ad5-49ec8cde1823.roa (raw, json)
Hash identifier:          vZeUemINXMwQd2GQPes8YN+8IZHndwrcJHOwuQG8nyY=
Subject key identifier:   92:A5:59:80:A7:E9:3B:A6:2B:41:F7:0D:F6:05:11:2C:EB:58:D7:A5
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       744D1146F5391335D56ED66CB54F4461A5750B83
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/86cfd33f-a067-4c5c-8ad5-49ec8cde1823.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80fc:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 03:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:4d:11:46:f5:39:13:35:d5:6e:d6:6c:b5:4f:44:61:a5:75:0b:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=f2afbb6d7d96e0b977e1939bc3bb8ce2f1ad728833ba48f65beb20384f3b54ff, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:bc:e4:10:4b:13:95:ad:97:99:b2:dc:56:02:
                    97:5e:52:cd:73:0a:ca:f5:15:d6:19:3e:4d:97:58:
                    78:06:9d:c1:64:03:28:27:01:61:8f:76:13:18:b1:
                    85:77:90:e8:49:33:54:26:f5:c8:92:cb:e1:0a:e1:
                    b3:45:31:f4:0b:b1:39:e1:9e:14:94:86:6d:10:56:
                    11:19:82:3e:d2:e7:cc:83:81:a0:f4:31:88:53:68:
                    12:b6:33:2c:38:68:d7:d3:d4:52:35:3f:a1:60:d4:
                    33:ab:d3:c6:c9:15:c8:78:95:e9:5c:63:39:1a:1b:
                    1d:0e:3f:c4:ff:75:b9:9e:82:0d:1a:45:e3:c0:e7:
                    9f:1b:ba:39:9f:50:3f:33:f1:7a:14:65:fc:38:9e:
                    5e:2d:2a:53:dd:6e:bb:9f:7f:1a:2d:2d:9a:5e:fb:
                    cf:f8:81:42:5f:7a:3c:ab:23:1c:29:14:f5:6d:94:
                    ad:9a:90:4a:fe:bc:52:e6:2b:5a:a7:f1:7b:6c:2e:
                    10:cd:15:32:14:67:c8:c1:8b:81:27:34:f5:2a:71:
                    09:52:ae:1a:2d:10:9d:0c:4f:b0:38:f8:77:4e:da:
                    32:37:e1:32:95:7a:92:95:6f:28:4f:df:8f:93:48:
                    2f:ae:b0:01:80:5b:19:f1:81:db:d1:2c:68:23:ec:
                    b4:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:A5:59:80:A7:E9:3B:A6:2B:41:F7:0D:F6:05:11:2C:EB:58:D7:A5
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/86cfd33f-a067-4c5c-8ad5-49ec8cde1823.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80fc:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         ab:3a:bd:df:36:16:86:fb:6c:8d:63:1b:1b:c4:b6:8b:71:71:
         40:1d:c4:20:b6:22:56:e3:be:fb:33:4c:da:c0:c7:8d:f0:60:
         d6:30:8e:24:66:e7:f6:c0:38:57:d5:35:5b:44:91:8b:13:77:
         b9:20:5a:f3:1d:64:85:46:d6:0a:81:5b:68:44:82:2b:4b:d2:
         44:7b:77:9a:12:48:32:ef:6d:e7:3e:cc:b2:99:fc:9a:0b:26:
         b8:be:8f:41:55:fe:bb:2d:57:6f:4a:35:e4:01:e3:10:18:f1:
         4c:c0:09:ad:c5:25:0c:74:69:99:d9:91:b0:b5:ec:8d:f9:49:
         86:60:2d:5d:43:67:aa:d2:d2:ed:22:59:2b:e8:9e:0e:ed:9a:
         b4:c8:5f:d6:22:30:e5:ef:a6:5a:8b:d8:e6:d2:a2:fa:54:1e:
         60:5c:2c:6a:18:24:66:3d:ee:2f:e8:6f:51:8f:76:79:5c:e1:
         3f:56:8b:a3:f0:3d:38:e2:ea:31:7a:66:bc:ba:f7:39:42:4e:
         40:7f:fd:ba:37:a4:8f:d0:ca:e7:f4:b2:4e:68:cf:be:6d:f4:
         90:50:67:4a:e3:b0:67:29:8e:66:a0:8b:bd:7b:b4:3e:ac:9e:
         10:14:3b:2f:fb:8b:7e:ba:32:ec:d2:2f:70:08:0e:7d:5a:62:
         34:4a:a8:aa
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUdE0RRvU5EzXVbtZstU9EYaV1C4MwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTIzMDkxODAwMDAwMFoX
DTIzMTAyMzIzNTk1OVowejFJMEcGA1UEBRNAZjJhZmJiNmQ3ZDk2ZTBiOTc3ZTE5
MzliYzNiYjhjZTJmMWFkNzI4ODMzYmE0OGY2NWJlYjIwMzg0ZjNiNTRmZjEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7zkEEsTla2XmbLcVgKXXlLNcwrK
9RXWGT5Nl1h4Bp3BZAMoJwFhj3YTGLGFd5DoSTNUJvXIksvhCuGzRTH0C7E54Z4U
lIZtEFYRGYI+0ufMg4Gg9DGIU2gStjMsOGjX09RSNT+hYNQzq9PGyRXIeJXpXGM5
GhsdDj/E/3W5noINGkXjwOefG7o5n1A/M/F6FGX8OJ5eLSpT3W67n38aLS2aXvvP
+IFCX3o8qyMcKRT1bZStmpBK/rxS5itap/F7bC4QzRUyFGfIwYuBJzT1KnEJUq4a
LRCdDE+wOPh3TtoyN+EylXqSlW8oT9+Pk0gvrrABgFsZ8YHb0SxoI+y0ZQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFJKlWYCn6TumK0H3DfYFESzrWNelMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
Lzg2Y2ZkMzNmLWEwNjctNGM1Yy04YWQ1LTQ5ZWM4Y2RlMTgyMy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A/IAwDQYJKoZIhvcNAQELBQADggEBAKs6vd82Fob7bI1jGxvE
totxcUAdxCC2IlbjvvszTNrAx43wYNYwjiRm5/bAOFfVNVtEkYsTd7kgWvMdZIVG
1gqBW2hEgitL0kR7d5oSSDLvbec+zLKZ/JoLJri+j0FV/rstV29KNeQB4xAY8UzA
Ca3FJQx0aZnZkbC17I35SYZgLV1DZ6rS0u0iWSvong7tmrTIX9YiMOXvplqL2ObS
ovpUHmBcLGoYJGY97i/ob1GPdnlc4T9Wi6PwPTji6jF6Zry69zlCTkB//bo3pI/Q
yuf0sk5oz75t9JBQZ0rjsGcpjmagi717tD6snhAUOy/7i366MuzSL3AIDn1aYjRK
qKo=
-----END CERTIFICATE-----
Generated at Mon Sep 18 15:40:40 2023 by rpki-client on console-ams.rpki-client.org