Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0bce91dc-229b-42a7-9c92-722aa69f577e.roa
File:                     0bce91dc-229b-42a7-9c92-722aa69f577e.roa (raw, json)
Hash identifier:          wW4pzzlWgVJLc/9Q4bk2jo8EirBnRj0H0Qeqta0ks7Y=
Subject key identifier:   BF:8F:A2:61:6C:2D:BE:7B:C6:08:41:BF:DB:48:43:8C:45:39:78:5E
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       21BC8B4F2D15343895F593A8853F1A25083A164C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0bce91dc-229b-42a7-9c92-722aa69f577e.roa
Signing time:             Tue 19 Sep 2023 00:00:00 +0000
ROA not before:           Tue 19 Sep 2023 00:00:00 +0000
ROA not after:            Tue 24 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        43.198.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 12:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:bc:8b:4f:2d:15:34:38:95:f5:93:a8:85:3f:1a:25:08:3a:16:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep 19 00:00:00 2023 GMT
            Not After : Oct 24 23:59:59 2023 GMT
        Subject: serialNumber=709ca10379e3158f4453b0b94a086c15563ff5e0a3f9d46ad5091562b5f22b53, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fd:c6:d6:65:0d:ea:0e:85:0c:8c:1a:7c:d7:
                    6b:c0:b3:64:6e:7a:bf:52:94:26:d8:6b:f0:e1:30:
                    b5:cb:37:05:d9:ff:c9:63:ec:80:fe:cc:ff:3b:0e:
                    ae:e9:ab:f2:a9:06:ea:d6:ea:52:d6:10:f3:6e:47:
                    5a:00:6c:99:48:a6:d8:c2:b7:b5:6a:24:b4:c6:9d:
                    1c:83:0a:99:a9:fa:fa:35:84:63:c1:ef:f1:aa:50:
                    81:8b:96:42:fa:79:d1:e4:2f:1c:79:ec:c0:5e:db:
                    a9:27:44:cf:74:1a:3e:c4:1f:db:2c:e5:c3:a8:df:
                    74:33:71:11:83:f6:1d:f2:9e:84:fd:c9:19:26:b0:
                    9d:9e:3c:8e:1d:78:c8:10:17:94:89:29:90:d9:11:
                    c4:f2:48:b8:4c:fd:ed:d8:3f:2d:7d:ca:f6:47:65:
                    0a:d0:d4:c3:be:6b:4f:77:50:7a:1e:72:77:26:cb:
                    ad:20:fb:1f:ab:cc:45:73:f1:ea:8d:fb:22:c2:57:
                    b3:59:f0:e2:e3:4f:24:5b:7d:8d:81:5e:0a:19:07:
                    cf:5a:4f:bd:aa:39:08:4d:19:bb:0c:ba:78:b8:83:
                    27:c6:f6:1f:66:8d:c2:cc:c8:ec:bb:35:39:92:af:
                    fc:21:db:fb:0c:ad:ae:08:36:03:3d:71:04:82:0d:
                    cc:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:8F:A2:61:6C:2D:BE:7B:C6:08:41:BF:DB:48:43:8C:45:39:78:5E
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0bce91dc-229b-42a7-9c92-722aa69f577e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.198.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         8e:e3:25:24:c5:7f:74:68:eb:57:bd:0c:10:3e:27:48:4c:a7:
         68:bb:16:fd:83:6b:5c:04:59:0c:0a:1d:92:a2:92:e0:43:33:
         01:0f:05:2f:89:21:97:03:48:69:cd:85:46:a6:a4:0c:fe:65:
         29:6f:8f:53:43:5a:07:62:0d:0f:6d:6c:39:7b:5f:ca:a0:82:
         7f:15:9e:ef:8a:fd:ce:ca:bc:5c:1c:38:77:6e:cb:19:c8:75:
         d1:c8:77:79:90:ab:8a:53:f0:f7:2f:db:36:b8:86:93:42:9b:
         e6:db:47:43:ce:0f:a6:42:3a:51:fe:0a:3d:73:1c:d9:be:01:
         93:9a:06:d6:04:fa:1e:df:c6:90:c2:cb:94:a0:d8:87:45:9b:
         42:b9:82:10:24:f9:67:93:6b:98:d9:25:3c:ea:1d:df:ab:11:
         c2:81:0c:42:17:b4:4d:08:a6:71:0f:8a:85:e5:b0:3b:48:6a:
         ac:2c:26:e9:d7:93:b2:bd:77:01:24:45:fa:80:cf:9c:da:1e:
         9e:57:d2:74:da:48:96:e2:65:16:3a:62:69:74:85:d0:fa:b2:
         9f:2a:74:13:35:96:ea:2e:d2:c2:cc:ec:dc:61:5f:f9:7d:60:
         e0:db:1a:3b:f0:eb:ec:e4:e4:9f:1c:ed:07:ce:ec:1e:dd:99:
         8c:ae:9f:59
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUIbyLTy0VNDiV9ZOohT8aJQg6FkwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDkxOTAwMDAwMFoX
DTIzMTAyNDIzNTk1OVowejFJMEcGA1UEBRNANzA5Y2ExMDM3OWUzMTU4ZjQ0NTNi
MGI5NGEwODZjMTU1NjNmZjVlMGEzZjlkNDZhZDUwOTE1NjJiNWYyMmI1MzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/3G1mUN6g6FDIwafNdrwLNkbnq/
UpQm2Gvw4TC1yzcF2f/JY+yA/sz/Ow6u6avyqQbq1upS1hDzbkdaAGyZSKbYwre1
aiS0xp0cgwqZqfr6NYRjwe/xqlCBi5ZC+nnR5C8ceezAXtupJ0TPdBo+xB/bLOXD
qN90M3ERg/Yd8p6E/ckZJrCdnjyOHXjIEBeUiSmQ2RHE8ki4TP3t2D8tfcr2R2UK
0NTDvmtPd1B6HnJ3JsutIPsfq8xFc/HqjfsiwlezWfDi408kW32NgV4KGQfPWk+9
qjkITRm7DLp4uIMnxvYfZo3CzMjsuzU5kq/8Idv7DK2uCDYDPXEEgg3MhwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFL+PomFsLb57xghBv9tIQ4xFOXheMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzBiY2U5MWRjLTIyOWItNDJhNy05YzkyLTcyMmFhNjlmNTc3ZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMBK8YwDQYJKoZIhvcNAQELBQADggEBAI7jJSTFf3Ro61e9DBA+J0hM
p2i7Fv2Da1wEWQwKHZKikuBDMwEPBS+JIZcDSGnNhUampAz+ZSlvj1NDWgdiDQ9t
bDl7X8qggn8Vnu+K/c7KvFwcOHduyxnIddHId3mQq4pT8Pcv2za4hpNCm+bbR0PO
D6ZCOlH+Cj1zHNm+AZOaBtYE+h7fxpDCy5Sg2IdFm0K5ghAk+WeTa5jZJTzqHd+r
EcKBDEIXtE0IpnEPioXlsDtIaqwsJunXk7K9dwEkRfqAz5zaHp5X0nTaSJbiZRY6
Yml0hdD6sp8qdBM1luou0sLM7NxhX/l9YODbGjvw6+zk5J8c7QfO7B7dmYyun1k=
-----END CERTIFICATE-----
Generated at Tue Sep 19 00:49:50 2023 by rpki-client on console-ams.rpki-client.org