Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/b46597ac-06b0-4ab7-aa80-8ed6514ffe89.roa
File:                     b46597ac-06b0-4ab7-aa80-8ed6514ffe89.roa (raw, json)
Hash identifier:          Hck7lZKq3+QOfVcBiK/sG3VFPTG8k4/0U/GJUElx8TA=
Subject key identifier:   8D:AC:3C:8E:94:47:53:AB:60:E4:92:3C:9C:25:9F:84:05:42:C4:67
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       17498D67B8C2806EEC5D70082CAB20F584B67481
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/b46597ac-06b0-4ab7-aa80-8ed6514ffe89.roa
Signing time:             Sat 16 Sep 2023 00:00:00 +0000
ROA not before:           Sat 16 Sep 2023 00:00:00 +0000
ROA not after:            Sat 21 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:8014::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 17 Sep 2023 12:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:49:8d:67:b8:c2:80:6e:ec:5d:70:08:2c:ab:20:f5:84:b6:74:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Sep 16 00:00:00 2023 GMT
            Not After : Oct 21 23:59:59 2023 GMT
        Subject: serialNumber=4f11dab16b1b424d6e2ca3b53e3e5ffb3724467fa3140293cec945bc3dcd5791, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d0:5c:b4:17:61:30:6b:ff:fb:f1:42:13:e8:
                    26:74:49:37:da:21:1a:96:eb:6d:08:39:dd:fd:cf:
                    85:b6:14:9d:56:ce:55:60:3f:2d:4d:60:4b:58:c6:
                    84:59:96:12:ab:4a:17:58:22:6f:2a:bb:af:4c:38:
                    c9:28:37:fe:7f:f9:41:40:e0:79:62:ff:20:3c:c3:
                    90:82:1e:52:56:4b:8b:da:35:72:81:90:a5:ad:61:
                    a7:a4:63:e5:dc:fb:73:0e:b1:48:cf:ab:6a:73:ce:
                    27:c5:65:63:99:6d:75:9e:68:02:45:33:0d:52:4f:
                    5f:08:0b:98:f9:bf:18:f2:ef:22:07:7f:f6:de:4b:
                    49:fa:af:73:cb:26:9c:3d:e7:93:e2:d5:16:05:84:
                    94:e7:92:e0:e8:3e:98:84:49:5a:39:28:a7:3a:7d:
                    6f:11:9d:ee:b4:d3:1d:a5:b7:b6:89:68:69:07:72:
                    e3:20:c3:d2:2d:b4:ae:30:9d:d9:88:53:ca:85:d2:
                    da:43:d6:27:10:4d:3d:7e:5c:ac:47:95:7e:b1:20:
                    3b:c0:00:02:15:07:5f:ed:30:97:fa:c9:d0:e3:12:
                    dd:7e:5a:1b:1c:cd:19:fc:d2:08:b7:94:2d:e2:91:
                    4e:88:47:91:49:82:d1:55:66:7e:5c:e6:7a:9f:e3:
                    37:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:AC:3C:8E:94:47:53:AB:60:E4:92:3C:9C:25:9F:84:05:42:C4:67
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/b46597ac-06b0-4ab7-aa80-8ed6514ffe89.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:8014::/36

    Signature Algorithm: sha256WithRSAEncryption
         b9:91:52:eb:6f:2e:dd:ab:fb:48:98:f2:81:0b:8e:e2:85:b8:
         c6:76:17:29:08:88:ee:ea:21:61:20:e4:e9:51:2f:da:11:49:
         0c:f1:2f:41:ab:52:88:6b:bd:10:4d:81:06:bd:e3:55:fc:e9:
         20:d0:46:ae:b3:ff:0e:ab:02:b3:ec:c9:65:b6:77:6c:ff:a5:
         bd:02:32:f8:ae:52:cb:19:1a:03:18:f4:60:4a:02:ef:a3:4d:
         b6:73:26:05:86:82:56:8a:26:ab:a8:bc:25:66:a9:c9:47:10:
         4d:79:d9:9e:b8:ef:be:70:c6:e1:b3:0d:8b:36:25:4a:c7:86:
         32:52:e6:6a:ef:c0:04:aa:ee:26:7b:1d:ad:61:20:e7:b7:46:
         b9:10:b8:92:09:73:a4:a1:a3:10:fd:78:fe:22:26:88:9d:b3:
         37:b9:84:65:99:1f:ee:f9:f2:f3:78:1f:91:bf:5c:8b:77:be:
         79:a6:ab:2f:69:54:e7:d6:b2:df:0c:1f:69:09:f6:70:49:bc:
         7d:59:83:bc:0a:a2:4b:ee:95:11:ba:c3:fb:5a:98:13:f6:e6:
         ae:0f:17:41:9c:90:03:46:98:1e:ab:85:0c:2c:e1:97:56:5f:
         53:1b:1e:c4:23:77:48:3b:87:7f:29:a2:4f:72:dd:2f:97:c2:
         8b:95:4a:1f
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUF0mNZ7jCgG7sXXAILKsg9YS2dIEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTIzMDkxNjAwMDAwMFoX
DTIzMTAyMTIzNTk1OVowejFJMEcGA1UEBRNANGYxMWRhYjE2YjFiNDI0ZDZlMmNh
M2I1M2UzZTVmZmIzNzI0NDY3ZmEzMTQwMjkzY2VjOTQ1YmMzZGNkNTc5MTEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtBctBdhMGv/+/FCE+gmdEk32iEa
luttCDnd/c+FthSdVs5VYD8tTWBLWMaEWZYSq0oXWCJvKruvTDjJKDf+f/lBQOB5
Yv8gPMOQgh5SVkuL2jVygZClrWGnpGPl3PtzDrFIz6tqc84nxWVjmW11nmgCRTMN
Uk9fCAuY+b8Y8u8iB3/23ktJ+q9zyyacPeeT4tUWBYSU55Lg6D6YhElaOSinOn1v
EZ3utNMdpbe2iWhpB3LjIMPSLbSuMJ3ZiFPKhdLaQ9YnEE09flysR5V+sSA7wAAC
FQdf7TCX+snQ4xLdflobHM0Z/NIIt5Qt4pFOiEeRSYLRVWZ+XOZ6n+M3hwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFI2sPI6UR1OrYOSSPJwln4QFQsRnMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2I0NjU5N2FjLTA2YjAtNGFiNy1hYTgwLThlZDY1MTRmZmU4OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJA+AFAAwDQYJKoZIhvcNAQELBQADggEBALmRUutvLt2r+0iY8oEL
juKFuMZ2FykIiO7qIWEg5OlRL9oRSQzxL0GrUohrvRBNgQa941X86SDQRq6z/w6r
ArPsyWW2d2z/pb0CMviuUssZGgMY9GBKAu+jTbZzJgWGglaKJquovCVmqclHEE15
2Z64775wxuGzDYs2JUrHhjJS5mrvwASq7iZ7Ha1hIOe3RrkQuJIJc6ShoxD9eP4i
Joidsze5hGWZH+758vN4H5G/XIt3vnmmqy9pVOfWst8MH2kJ9nBJvH1Zg7wKokvu
lRG6w/tamBP25q4PF0GckANGmB6rhQws4ZdWX1MbHsQjd0g7h38pok9y3S+XwouV
Sh8=
-----END CERTIFICATE-----
Generated at Sat Sep 16 00:16:47 2023 by rpki-client on console-fra.rpki-client.org