Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/08d6baab-c572-47df-8a68-08fddff235d6.roa
File:                     08d6baab-c572-47df-8a68-08fddff235d6.roa (raw, json)
Hash identifier:          rIGWKYUoU0sNIfUvnso3ixzn8n06Ickl/GH85hEnagY=
Subject key identifier:   15:4E:AA:8E:7D:F3:AB:70:95:ED:9C:DF:9C:7D:7D:4D:8D:B6:93:28
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1E4FCCB09C78F84753581069527341DE40F711C7
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/08d6baab-c572-47df-8a68-08fddff235d6.roa
Signing time:             Wed 17 Jul 2024 00:00:00 +0000
ROA not before:           Wed 17 Jul 2024 00:00:00 +0000
ROA not after:            Wed 21 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        43.218.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 22 Jul 2024 00:10:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:4f:cc:b0:9c:78:f8:47:53:58:10:69:52:73:41:de:40:f7:11:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 17 00:00:00 2024 GMT
            Not After : Aug 21 23:59:59 2024 GMT
        Subject: serialNumber=0b66626dddb8f5cf8c5e93bf701233ff7c9ff72d1f053670af4219162e622e20, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:03:ea:8e:6a:b4:c7:32:64:95:6d:7c:7e:c6:
                    22:f9:9e:a0:31:66:b9:f7:0a:ce:10:5e:13:10:78:
                    43:14:49:3d:ed:84:04:94:2b:31:2d:91:43:87:35:
                    fb:f6:7c:83:99:e4:b3:de:1e:d0:f2:ae:6e:20:59:
                    a1:73:01:72:7c:98:43:f5:20:5b:ac:4b:50:e9:36:
                    08:74:cb:c9:3a:7d:1d:19:bf:f4:1b:60:78:78:64:
                    bf:3c:fc:75:ec:a5:1f:15:70:f2:a7:c0:ba:08:b2:
                    b7:05:ea:a3:c3:db:d6:59:45:88:3c:b2:c3:3d:3c:
                    26:24:5d:cc:88:17:75:83:05:fb:5f:e7:85:9b:a7:
                    84:22:51:aa:f2:4e:6a:b6:8b:81:bd:99:43:96:3f:
                    c1:75:97:17:73:b0:0b:7d:5b:b1:b6:2f:c4:a8:be:
                    52:94:c6:3b:96:ba:e1:fe:88:5b:7f:1b:6a:87:74:
                    57:c5:29:7d:4a:96:f8:df:f3:e4:9a:79:a8:d8:3c:
                    ac:f8:de:03:a6:2e:45:4c:74:ae:01:ca:4a:3a:f9:
                    fc:66:42:a5:6d:09:4e:6a:2f:d7:ae:70:9f:c3:eb:
                    90:94:5a:86:8f:34:1c:b7:13:f0:6b:b6:a0:18:6b:
                    b5:9b:f6:cc:3f:69:42:f7:cb:ed:92:cf:4d:0f:a9:
                    1a:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:4E:AA:8E:7D:F3:AB:70:95:ED:9C:DF:9C:7D:7D:4D:8D:B6:93:28
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/08d6baab-c572-47df-8a68-08fddff235d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.218.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         98:ef:a8:71:78:93:53:17:7e:f3:b3:3f:5a:0f:ea:13:cc:be:
         63:a1:42:16:ee:38:13:62:75:ee:25:62:5e:13:2c:38:93:68:
         99:f3:b7:9a:bc:3f:59:de:dd:05:28:a7:18:9f:f8:8e:c6:9e:
         cb:db:53:f0:85:77:73:85:ac:29:50:b1:78:14:0d:b7:d8:cf:
         bd:88:67:e2:87:ff:a9:dc:f5:61:b0:1a:37:c4:ef:a0:02:62:
         4e:f7:98:1a:54:5a:92:bd:f1:9d:ca:1d:3b:8d:0c:c2:08:aa:
         87:38:6d:89:1d:0b:4a:0b:62:07:62:c4:14:2c:3d:24:9a:af:
         10:f0:0b:13:23:a4:bd:38:bd:98:10:da:67:26:90:85:50:98:
         1d:36:46:1e:cd:27:e8:ad:77:04:15:0f:c6:05:34:94:e8:0d:
         df:03:ab:c6:df:af:0f:f7:4e:c7:2b:99:ab:76:f3:89:3f:f5:
         49:3c:8d:df:2e:ba:bf:eb:5b:dc:4a:85:6a:85:6d:74:2d:7f:
         c0:b8:5d:11:16:e7:47:c3:b7:2a:52:8a:a5:d7:20:92:8d:96:
         a7:01:86:c7:c2:02:42:e7:6b:bf:47:aa:7c:1d:15:04:f9:d0:
         70:ff:56:17:96:1e:5b:96:11:d6:51:cb:bd:7c:ce:a8:3e:d6:
         80:ef:28:3e
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUHk/MsJx4+EdTWBBpUnNB3kD3EccwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDcxNzAwMDAwMFoX
DTI0MDgyMTIzNTk1OVowejFJMEcGA1UEBRNAMGI2NjYyNmRkZGI4ZjVjZjhjNWU5
M2JmNzAxMjMzZmY3YzlmZjcyZDFmMDUzNjcwYWY0MjE5MTYyZTYyMmUyMDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAPqjmq0xzJklW18fsYi+Z6gMWa5
9wrOEF4TEHhDFEk97YQElCsxLZFDhzX79nyDmeSz3h7Q8q5uIFmhcwFyfJhD9SBb
rEtQ6TYIdMvJOn0dGb/0G2B4eGS/PPx17KUfFXDyp8C6CLK3Beqjw9vWWUWIPLLD
PTwmJF3MiBd1gwX7X+eFm6eEIlGq8k5qtouBvZlDlj/BdZcXc7ALfVuxti/EqL5S
lMY7lrrh/ohbfxtqh3RXxSl9Spb43/Pkmnmo2Dys+N4Dpi5FTHSuAcpKOvn8ZkKl
bQlOai/XrnCfw+uQlFqGjzQctxPwa7agGGu1m/bMP2lC98vtks9ND6kabwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFBVOqo5986twle2c35x9fU2NtpMoMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzA4ZDZiYWFiLWM1NzItNDdkZi04YTY4LTA4ZmRkZmYyMzVkNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMAK9owDQYJKoZIhvcNAQELBQADggEBAJjvqHF4k1MXfvOzP1oP6hPM
vmOhQhbuOBNide4lYl4TLDiTaJnzt5q8P1ne3QUopxif+I7GnsvbU/CFd3OFrClQ
sXgUDbfYz72IZ+KH/6nc9WGwGjfE76ACYk73mBpUWpK98Z3KHTuNDMIIqoc4bYkd
C0oLYgdixBQsPSSarxDwCxMjpL04vZgQ2mcmkIVQmB02Rh7NJ+itdwQVD8YFNJTo
Dd8Dq8bfrw/3Tscrmat284k/9Uk8jd8uur/rW9xKhWqFbXQtf8C4XREW50fDtypS
iqXXIJKNlqcBhsfCAkLna79HqnwdFQT50HD/VheWHluWEdZRy718zqg+1oDvKD4=
-----END CERTIFICATE-----
Generated at Thu Jul 18 01:56:53 2024 by rpki-client on console-ams.rpki-client.org