Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c6c8c2c8-2610-4b46-9e55-67c12ceccbbe.roa
File:                     c6c8c2c8-2610-4b46-9e55-67c12ceccbbe.roa (raw, json)
Hash identifier:          d0DdM2JB04JBi7Y+9hFcdBe6JVG1uQhL3VwOghC4Q8Y=
Subject key identifier:   55:6F:B6:9F:61:9B:16:FA:7A:26:09:42:2F:1B:08:46:F3:47:6A:A5
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       4BF850E3361F70932D9D8A6B4571C9C5EA36FAAD
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c6c8c2c8-2610-4b46-9e55-67c12ceccbbe.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80fe:8000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 20 Feb 2025 00:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:f8:50:e3:36:1f:70:93:2d:9d:8a:6b:45:71:c9:c5:ea:36:fa:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e5:0b:21:c0:cc:2c:26:00:ec:a4:ff:e3:98:
                    99:c5:5a:96:7d:96:b4:88:d0:0d:1a:52:06:e7:e3:
                    3f:a6:12:6e:39:41:16:66:0f:40:17:ff:1c:88:3a:
                    f6:0d:64:9c:09:b4:23:91:58:33:c5:b1:92:87:a6:
                    85:c9:86:18:48:8d:ef:f0:45:6a:f5:20:8e:3a:4d:
                    87:e5:c3:0d:30:0c:a5:42:61:df:10:15:12:c4:aa:
                    1d:f7:c2:be:cc:8b:67:2b:5a:3e:a4:96:c8:46:16:
                    70:e3:7d:52:b0:58:eb:81:b4:38:c4:72:21:b7:45:
                    e8:b2:5c:fd:8e:a1:5e:c4:4e:e5:ea:3c:b2:31:df:
                    d4:68:3f:5a:f2:63:ce:c9:04:5b:50:05:fa:04:c0:
                    a8:91:bc:68:c0:d7:66:ee:07:14:7b:4c:9b:54:24:
                    4c:26:78:3b:34:0b:a7:f0:02:62:d3:82:b2:9c:7b:
                    da:67:b0:6d:3d:1c:42:3a:b0:4e:2e:0f:22:35:f8:
                    97:a8:01:71:e5:26:9c:aa:29:9e:80:9a:00:87:2b:
                    03:1d:81:94:30:40:43:97:37:98:66:eb:28:fc:b2:
                    4d:b2:4c:86:14:1a:2b:04:9a:d1:fc:ff:93:9d:99:
                    10:11:a3:99:61:e8:4c:a9:88:ae:93:1a:65:04:05:
                    74:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:6F:B6:9F:61:9B:16:FA:7A:26:09:42:2F:1B:08:46:F3:47:6A:A5
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c6c8c2c8-2610-4b46-9e55-67c12ceccbbe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80fe:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9b:98:54:c2:4b:df:38:f1:49:e4:b4:3b:da:6a:e0:4f:98:41:
         c5:ba:32:82:da:f3:07:74:ba:31:02:cc:1d:5a:bf:4e:23:f0:
         bc:b8:8a:db:5e:44:12:6a:41:ee:62:6c:c6:66:5d:c3:ba:8c:
         14:a6:ac:eb:00:8a:fb:05:93:ab:c7:b8:22:e4:31:0c:90:10:
         46:63:d0:b1:61:5f:67:ca:d3:e9:e9:42:ec:d8:5c:50:19:cc:
         ac:f2:bc:23:54:c2:82:b3:6f:32:a5:8a:bf:bc:b1:26:a5:e8:
         91:f5:0a:ff:11:5b:6b:ac:38:d5:73:a5:64:4a:17:c7:b1:c1:
         41:00:ff:a3:0b:9c:e9:fa:52:75:0b:14:08:b2:a7:83:4e:7f:
         17:c2:7f:77:d1:b0:b1:61:01:28:f2:f7:7f:c5:2c:42:60:e7:
         52:a2:0f:a9:c1:52:6a:a9:9e:0b:80:d8:26:33:f2:65:38:c8:
         43:a1:b8:b9:e2:3c:62:c9:8a:5d:c9:78:9f:19:3c:32:8e:e5:
         cf:28:fb:d4:78:a8:c7:7a:81:88:b3:8d:06:6e:3c:e8:1a:b1:
         26:aa:ab:c4:58:21:b7:2f:57:db:92:c6:75:ca:c0:8b:ba:43:
         af:f5:38:c3:80:7d:b0:71:7c:67:da:2b:37:e8:d2:b0:ce:90:
         4b:2f:74:12
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUS/hQ4zYfcJMtnYprRXHJxeo2+q0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDIwNTAwMDAwMFoX
DTI1MDMxMjIzNTk1OVowejFJMEcGA1UEBRNAMmIxNWZjNTcxNGEzM2Q0YTViMmEy
OTMxZGQ5ZGU0YTM4YTA4YmU4YWMyM2ZlZWE5MjdjN2MwNTI4Y2Q3OGQxNTEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuULIcDMLCYA7KT/45iZxVqWfZa0
iNANGlIG5+M/phJuOUEWZg9AF/8ciDr2DWScCbQjkVgzxbGSh6aFyYYYSI3v8EVq
9SCOOk2H5cMNMAylQmHfEBUSxKod98K+zItnK1o+pJbIRhZw431SsFjrgbQ4xHIh
t0Xoslz9jqFexE7l6jyyMd/UaD9a8mPOyQRbUAX6BMCokbxowNdm7gcUe0ybVCRM
Jng7NAun8AJi04KynHvaZ7BtPRxCOrBOLg8iNfiXqAFx5SacqimegJoAhysDHYGU
MEBDlzeYZuso/LJNskyGFBorBJrR/P+TnZkQEaOZYehMqYiukxplBAV0ewIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFVvtp9hmxb6eiYJQi8bCEbzR2qlMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2M2YzhjMmM4LTI2MTAtNGI0Ni05ZTU1LTY3YzEyY2VjY2JiZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A/oAwDQYJKoZIhvcNAQELBQADggEBAJuYVMJL3zjxSeS0O9pq
4E+YQcW6MoLa8wd0ujECzB1av04j8Ly4itteRBJqQe5ibMZmXcO6jBSmrOsAivsF
k6vHuCLkMQyQEEZj0LFhX2fK0+npQuzYXFAZzKzyvCNUwoKzbzKlir+8sSal6JH1
Cv8RW2usONVzpWRKF8exwUEA/6MLnOn6UnULFAiyp4NOfxfCf3fRsLFhASjy93/F
LEJg51KiD6nBUmqpnguA2CYz8mU4yEOhuLniPGLJil3JeJ8ZPDKO5c8o+9R4qMd6
gYizjQZuPOgasSaqq8RYIbcvV9uSxnXKwIu6Q6/1OMOAfbBxfGfaKzfo0rDOkEsv
dBI=
-----END CERTIFICATE-----
Generated at Sun Feb 16 15:15:09 2025 by rpki-client