Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/00971cda-f8a5-49a0-a1dc-2285c68a8e9f.roa
File:                     00971cda-f8a5-49a0-a1dc-2285c68a8e9f.roa (raw, json)
Hash identifier:          NE6dpbMsWzIFhgI4ehjJ4lI6ajCsS0VMGigS7n4Y7Xg=
Subject key identifier:   65:98:29:6D:6E:9F:4B:E3:EC:E2:DD:59:03:86:BA:EC:90:4A:CD:47
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1F5E1232CEF6C6BF622B96931EEE52840EBCFF1F
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/00971cda-f8a5-49a0-a1dc-2285c68a8e9f.roa
Signing time:             Sat 22 Jun 2024 00:00:00 +0000
ROA not before:           Sat 22 Jun 2024 00:00:00 +0000
ROA not after:            Sat 27 Jul 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        43.200.0.0/13 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 28 Jun 2024 00:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:5e:12:32:ce:f6:c6:bf:62:2b:96:93:1e:ee:52:84:0e:bc:ff:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 22 00:00:00 2024 GMT
            Not After : Jul 27 23:59:59 2024 GMT
        Subject: serialNumber=95a5f7ed29e2a7cefc8376ce12fa2102aa06dd19b9886d4ce717695977747ccd, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b4:af:0c:e8:6f:35:eb:85:02:27:06:dd:eb:
                    8d:68:26:00:13:c6:13:dc:c2:22:dc:ae:9b:ba:db:
                    f2:d7:f7:22:ec:03:63:f6:29:90:2c:d7:88:f2:bb:
                    c8:11:23:33:bc:dd:d9:20:03:fa:04:1e:39:4f:12:
                    e1:ba:63:e6:b2:f2:9d:10:4c:43:b4:28:96:7f:30:
                    f6:e8:f4:e1:27:0e:d3:58:bc:02:a7:32:8b:30:fe:
                    10:4f:e2:23:43:af:a1:2b:1f:0c:4e:53:01:e8:d5:
                    80:62:cb:2b:c2:5c:75:9a:2e:81:d0:c0:89:33:f6:
                    33:71:72:d6:a7:fd:50:f9:a0:21:3a:79:17:01:5f:
                    7f:3a:7a:e5:35:df:4c:f4:0b:91:3e:5c:29:92:db:
                    a6:e5:a4:14:cd:e1:7a:b9:9b:5c:36:b1:92:c4:97:
                    47:26:ce:e0:88:4d:86:4d:65:69:97:27:c0:7a:04:
                    76:79:81:cc:66:18:1d:20:c4:e5:c4:95:d9:54:35:
                    4a:fc:6a:26:3a:50:00:cd:2f:35:86:64:e4:b7:29:
                    98:13:31:d3:42:5c:f4:7c:7d:c8:1e:63:cd:80:4c:
                    66:93:b4:27:5e:11:f6:f0:be:eb:54:ed:b4:55:b9:
                    82:53:8c:99:a3:c0:d5:78:8e:26:2e:43:45:40:e2:
                    b9:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:98:29:6D:6E:9F:4B:E3:EC:E2:DD:59:03:86:BA:EC:90:4A:CD:47
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/00971cda-f8a5-49a0-a1dc-2285c68a8e9f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.200.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         89:0c:33:d5:d9:14:1e:c0:59:4f:c8:78:f7:e6:84:d4:b2:6f:
         c6:77:23:e8:d5:76:f9:fd:d5:3c:a5:38:43:d7:f1:26:f3:c5:
         23:8c:22:92:f1:79:81:3f:40:ea:f1:5b:f2:8b:89:6c:71:bf:
         5d:ee:c4:b6:e0:ca:7d:43:a4:fb:0e:22:99:81:87:1e:e0:7a:
         13:dd:17:5b:3f:c0:9a:38:c1:c1:c2:7b:18:57:27:de:ff:1a:
         a6:67:52:79:16:9e:e4:db:f4:2b:6a:dc:22:35:bc:0a:04:b1:
         ce:f2:3c:84:bf:88:2b:14:23:14:55:fb:57:10:a1:77:34:8e:
         4e:9f:d5:e6:22:ab:36:3d:ef:12:1d:dc:50:89:a9:35:7f:3c:
         78:a7:be:80:a4:b8:32:aa:f9:84:5d:50:b1:93:a8:7a:07:bf:
         66:9c:8c:95:9e:47:25:a5:7c:3e:a8:27:79:1f:3f:b7:b2:6b:
         f9:96:de:f7:c3:70:e7:18:04:cd:0c:81:3e:14:20:3b:d9:2b:
         00:a3:80:55:20:c2:5c:2d:97:f1:70:d1:47:c9:5a:f7:87:8d:
         3f:37:34:8e:89:a0:62:7e:6d:72:fc:af:30:d0:7f:42:d6:a6:
         f3:42:03:cc:54:41:b2:86:07:bc:3b:a2:bc:0a:61:9d:99:35:
         85:df:8b:19
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUH14SMs72xr9iK5aTHu5ShA68/x8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMjAwMDAwMFoX
DTI0MDcyNzIzNTk1OVowejFJMEcGA1UEBRNAOTVhNWY3ZWQyOWUyYTdjZWZjODM3
NmNlMTJmYTIxMDJhYTA2ZGQxOWI5ODg2ZDRjZTcxNzY5NTk3Nzc0N2NjZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLSvDOhvNeuFAicG3euNaCYAE8YT
3MIi3K6butvy1/ci7ANj9imQLNeI8rvIESMzvN3ZIAP6BB45TxLhumPmsvKdEExD
tCiWfzD26PThJw7TWLwCpzKLMP4QT+IjQ6+hKx8MTlMB6NWAYssrwlx1mi6B0MCJ
M/YzcXLWp/1Q+aAhOnkXAV9/OnrlNd9M9AuRPlwpktum5aQUzeF6uZtcNrGSxJdH
Js7giE2GTWVplyfAegR2eYHMZhgdIMTlxJXZVDVK/GomOlAAzS81hmTktymYEzHT
Qlz0fH3IHmPNgExmk7QnXhH28L7rVO20VbmCU4yZo8DVeI4mLkNFQOK5wwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFGWYKW1un0vj7OLdWQOGuuyQSs1HMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzAwOTcxY2RhLWY4YTUtNDlhMC1hMWRjLTIyODVjNjhhOGU5Zi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMDK8gwDQYJKoZIhvcNAQELBQADggEBAIkMM9XZFB7AWU/IePfmhNSy
b8Z3I+jVdvn91TylOEPX8SbzxSOMIpLxeYE/QOrxW/KLiWxxv13uxLbgyn1DpPsO
IpmBhx7gehPdF1s/wJo4wcHCexhXJ97/GqZnUnkWnuTb9Ctq3CI1vAoEsc7yPIS/
iCsUIxRV+1cQoXc0jk6f1eYiqzY97xId3FCJqTV/PHinvoCkuDKq+YRdULGTqHoH
v2acjJWeRyWlfD6oJ3kfP7eya/mW3vfDcOcYBM0MgT4UIDvZKwCjgFUgwlwtl/Fw
0UfJWveHjT83NI6JoGJ+bXL8rzDQf0LWpvNCA8xUQbKGB7w7orwKYZ2ZNYXfixk=
-----END CERTIFICATE-----
Generated at Mon Jun 24 00:42:55 2024 by rpki-client on console-fra.rpki-client.org