Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/00971cda-f8a5-49a0-a1dc-2285c68a8e9f.roa
File:                     00971cda-f8a5-49a0-a1dc-2285c68a8e9f.roa (raw, json)
Hash identifier:          tp/8zx6pT2CWF88ukfEMFWk9EK7KA8FJlY42Yz7Y8dc=
Subject key identifier:   80:8D:9A:3A:DB:E5:FA:BB:F5:53:CF:1C:11:6E:6B:AC:73:26:AC:C0
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7899AC165DC781669AFEB33FB224BD25ED37E0C4
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/00971cda-f8a5-49a0-a1dc-2285c68a8e9f.roa
Signing time:             Wed 13 Mar 2024 00:00:00 +0000
ROA not before:           Wed 13 Mar 2024 00:00:00 +0000
ROA not after:            Wed 17 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        43.200.0.0/13 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 12:04:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:99:ac:16:5d:c7:81:66:9a:fe:b3:3f:b2:24:bd:25:ed:37:e0:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 13 00:00:00 2024 GMT
            Not After : Apr 17 23:59:59 2024 GMT
        Subject: serialNumber=6cc38fa0cf8e1ec127c4d4d88bd6bd6fa817b6969fb04a6768888c616de601c3, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:90:f0:d4:82:ca:b7:bb:4a:ce:4c:8d:d0:c0:
                    77:bc:a1:e9:24:ea:e6:74:9c:9e:72:59:86:ea:3e:
                    3a:84:f7:89:94:01:6d:63:1c:c1:b6:4f:e7:63:ed:
                    e7:84:6c:28:af:88:98:ac:7f:5e:ae:1f:ff:af:d4:
                    67:87:db:ef:0c:89:2a:7f:b5:e3:30:a1:d9:7a:67:
                    6d:9e:1f:b2:70:97:a5:86:e1:81:34:a7:fc:d0:67:
                    6b:83:ac:41:a8:c1:1b:3d:eb:10:d9:7c:23:15:96:
                    67:34:8f:d7:6f:f0:25:96:a2:7f:33:f4:39:b0:ef:
                    84:a8:4c:9f:b1:5a:cd:6f:55:93:1f:a3:e4:e9:3e:
                    38:54:64:ca:02:ba:fa:3f:19:56:61:ed:c1:81:e1:
                    80:c2:d3:2e:b8:c8:77:dc:f6:7d:27:c9:91:f8:f8:
                    27:d7:dc:29:05:92:7c:20:02:ad:16:7a:81:95:dd:
                    6f:30:1e:3f:35:db:9c:71:3b:55:78:3c:96:cb:1f:
                    36:cf:b1:30:26:78:a5:a8:f1:9c:52:ea:e8:3d:99:
                    17:74:6d:3b:ea:ea:27:b3:c9:d8:29:e2:0c:f5:93:
                    1d:0c:58:1e:66:39:ca:1a:1b:8e:9c:f9:6d:8d:74:
                    5c:78:cc:c7:b2:36:37:3a:62:19:57:fc:17:9b:fe:
                    e9:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:8D:9A:3A:DB:E5:FA:BB:F5:53:CF:1C:11:6E:6B:AC:73:26:AC:C0
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/00971cda-f8a5-49a0-a1dc-2285c68a8e9f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.200.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         2b:4e:a9:a8:c5:8a:51:5b:09:34:ae:f7:fa:3e:1e:3d:0e:c2:
         e9:af:b3:2b:d1:19:e2:12:de:06:a4:9a:e9:12:3c:8c:8e:42:
         01:71:d9:01:3d:77:40:03:8b:1e:79:44:4c:16:37:af:aa:8e:
         36:43:60:31:37:2a:71:95:be:e1:a1:91:56:27:b8:6b:76:48:
         8b:0c:d2:04:08:6a:7b:9c:a0:0e:50:7b:4f:b0:a5:e9:de:55:
         9e:aa:03:c0:a7:96:b3:37:1a:b7:30:90:f3:36:e4:68:2a:86:
         11:9c:f6:88:0a:48:d8:e2:b9:87:70:03:3b:9c:f8:0c:9d:c5:
         56:f6:c1:91:59:b4:3c:7a:38:86:ff:f5:b1:f0:25:d2:3b:2f:
         3f:e9:ff:c7:94:d5:72:91:80:c7:ff:7c:e9:4e:24:66:a3:52:
         b8:71:b0:fd:18:7c:67:fd:57:07:cb:d3:bc:a9:2f:48:3a:b4:
         72:77:f1:5a:71:06:b0:fc:12:45:c6:30:34:4f:59:a8:20:ab:
         43:23:b1:95:81:90:22:1e:33:ee:b2:c3:3e:c3:df:ce:3f:4a:
         f8:83:e3:bb:03:7f:c9:82:54:fa:b1:59:84:17:b5:98:c8:96:
         96:2f:3e:9d:e9:91:46:38:d3:91:b7:48:30:59:c8:72:b7:29:
         79:87:94:16
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUeJmsFl3HgWaa/rM/siS9Je034MQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDMxMzAwMDAwMFoX
DTI0MDQxNzIzNTk1OVowejFJMEcGA1UEBRNANmNjMzhmYTBjZjhlMWVjMTI3YzRk
NGQ4OGJkNmJkNmZhODE3YjY5NjlmYjA0YTY3Njg4ODhjNjE2ZGU2MDFjMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZDw1ILKt7tKzkyN0MB3vKHpJOrm
dJyeclmG6j46hPeJlAFtYxzBtk/nY+3nhGwor4iYrH9erh//r9Rnh9vvDIkqf7Xj
MKHZemdtnh+ycJelhuGBNKf80Gdrg6xBqMEbPesQ2XwjFZZnNI/Xb/AllqJ/M/Q5
sO+EqEyfsVrNb1WTH6Pk6T44VGTKArr6PxlWYe3BgeGAwtMuuMh33PZ9J8mR+Pgn
19wpBZJ8IAKtFnqBld1vMB4/NduccTtVeDyWyx82z7EwJnilqPGcUuroPZkXdG07
6uons8nYKeIM9ZMdDFgeZjnKGhuOnPltjXRceMzHsjY3OmIZV/wXm/7pswIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFICNmjrb5fq79VPPHBFua6xzJqzAMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzAwOTcxY2RhLWY4YTUtNDlhMC1hMWRjLTIyODVjNjhhOGU5Zi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMDK8gwDQYJKoZIhvcNAQELBQADggEBACtOqajFilFbCTSu9/o+Hj0O
wumvsyvRGeIS3gakmukSPIyOQgFx2QE9d0ADix55REwWN6+qjjZDYDE3KnGVvuGh
kVYnuGt2SIsM0gQIanucoA5Qe0+wpeneVZ6qA8CnlrM3GrcwkPM25GgqhhGc9ogK
SNjiuYdwAzuc+AydxVb2wZFZtDx6OIb/9bHwJdI7Lz/p/8eU1XKRgMf/fOlOJGaj
UrhxsP0YfGf9VwfL07ypL0g6tHJ38VpxBrD8EkXGMDRPWaggq0MjsZWBkCIeM+6y
wz7D384/SviD47sDf8mCVPqxWYQXtZjIlpYvPp3pkUY405G3SDBZyHK3KXmHlBY=
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:16:49 2024 by rpki-client on console-ams.rpki-client.org