Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/16f57147-886c-4350-a247-eceffe69fb96.roa
File:                     16f57147-886c-4350-a247-eceffe69fb96.roa (raw, json)
Hash identifier:          zvvU3k1Qp7Z+U36vQnl3XixMWYduCcksvnWvcaQ1WVQ=
Subject key identifier:   17:E5:76:A4:10:F3:E7:FA:45:AB:41:AA:64:AC:69:B7:4F:2C:9C:32
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       0CDF96FE0A75F28CB20BEC78AE538E13988D18C7
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/16f57147-886c-4350-a247-eceffe69fb96.roa
Signing time:             Mon 03 Jun 2024 00:00:00 +0000
ROA not before:           Mon 03 Jun 2024 00:00:00 +0000
ROA not after:            Mon 08 Jul 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        160.235.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/manifest.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 29 Jun 2024 00:02:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:df:96:fe:0a:75:f2:8c:b2:0b:ec:78:ae:53:8e:13:98:8d:18:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Jun  3 00:00:00 2024 GMT
            Not After : Jul  8 23:59:59 2024 GMT
        Subject: serialNumber=3f09393a513235275b7325090f95620d0dfb879a0f42a5e4c66224b648dc01db, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:da:da:4f:8b:ab:c8:81:09:d5:b8:d7:a9:79:
                    28:8b:c7:63:cb:ff:91:bb:5d:0e:b5:a1:2e:8c:72:
                    e6:93:80:64:2a:13:aa:d7:be:69:04:07:d9:d9:e5:
                    15:4f:a7:91:3c:aa:cd:8b:b8:d2:74:8f:73:27:99:
                    49:e6:f0:18:83:98:d3:15:f4:21:00:bc:7c:e4:ab:
                    38:98:b1:29:3b:d3:68:89:54:29:4d:7e:a2:93:52:
                    4c:5b:98:92:cd:e4:59:80:ac:d4:6c:e1:61:eb:5e:
                    c5:df:50:1e:7f:0b:12:f8:51:eb:ba:2b:89:d6:93:
                    7e:45:b8:43:89:c5:8f:60:48:67:00:0c:fc:95:a4:
                    18:37:e9:fb:3b:24:06:23:59:13:5a:c5:c6:4f:f0:
                    f5:85:af:e9:d3:cb:1d:c7:b7:74:f6:8c:99:df:43:
                    ba:89:74:78:d7:76:5a:63:ff:57:c9:2d:f3:5c:90:
                    4c:ce:3e:6d:29:e3:39:c6:d7:3c:d7:b0:aa:d1:4c:
                    34:72:d3:41:57:08:07:35:bc:83:4b:3a:d5:e5:f7:
                    18:5e:8a:39:e9:41:2e:2b:a0:bf:0f:ba:95:3c:02:
                    da:19:30:32:52:78:29:88:ba:69:e6:fc:47:08:45:
                    a5:77:85:a1:e5:dd:9f:36:75:b5:eb:20:c7:a3:53:
                    c1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:E5:76:A4:10:F3:E7:FA:45:AB:41:AA:64:AC:69:B7:4F:2C:9C:32
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/16f57147-886c-4350-a247-eceffe69fb96.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.235.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         18:00:94:07:35:41:ad:ba:e0:25:fe:e3:aa:d6:64:01:1b:e6:
         3b:06:a8:3d:d7:b5:0c:2b:e2:49:56:d8:c5:56:d5:a5:99:72:
         d2:19:02:88:f1:5c:c8:3b:b8:00:77:fe:d6:d7:cb:46:6d:a7:
         42:d7:f8:9a:8b:87:9e:36:62:89:f5:f1:36:a4:af:c4:89:1c:
         0d:46:fa:6c:42:21:26:1b:c5:fd:b4:67:bb:ba:b1:5c:ce:c9:
         8e:79:de:22:e8:a1:d0:ed:a5:32:2c:04:d2:1f:ef:42:e5:22:
         48:3b:62:1d:cf:7c:13:b4:d4:bb:e0:42:18:c5:68:32:82:60:
         c0:48:7e:b7:ed:28:d3:c0:f0:e0:2d:f3:f9:45:de:91:c0:44:
         68:b7:47:b4:52:46:60:62:9c:25:f7:50:e5:7a:d1:ba:c3:98:
         83:7a:4a:1c:9a:3b:51:a4:6f:8d:0b:b8:a3:a9:b5:eb:b6:a0:
         14:8f:df:cd:46:b9:a3:78:eb:ac:60:8f:52:33:dc:83:4f:df:
         59:3b:a8:b0:b0:eb:c6:31:77:c2:3e:31:73:78:23:7c:e9:39:
         f5:7a:73:99:0f:46:a3:f5:4d:3d:44:c2:ed:3c:ee:3d:4c:8e:
         03:3a:6f:f9:33:76:95:6e:11:53:a2:94:a8:4a:7a:c0:54:30:
         53:f0:d7:a6
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUDN+W/gp18oyyC+x4rlOOE5iNGMcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI0MDYwMzAwMDAwMFoX
DTI0MDcwODIzNTk1OVowejFJMEcGA1UEBRNAM2YwOTM5M2E1MTMyMzUyNzViNzMy
NTA5MGY5NTYyMGQwZGZiODc5YTBmNDJhNWU0YzY2MjI0YjY0OGRjMDFkYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstraT4uryIEJ1bjXqXkoi8djy/+R
u10OtaEujHLmk4BkKhOq175pBAfZ2eUVT6eRPKrNi7jSdI9zJ5lJ5vAYg5jTFfQh
ALx85Ks4mLEpO9NoiVQpTX6ik1JMW5iSzeRZgKzUbOFh617F31AefwsS+FHruiuJ
1pN+RbhDicWPYEhnAAz8laQYN+n7OyQGI1kTWsXGT/D1ha/p08sdx7d09oyZ30O6
iXR413ZaY/9XyS3zXJBMzj5tKeM5xtc817Cq0Uw0ctNBVwgHNbyDSzrV5fcYXoo5
6UEuK6C/D7qVPALaGTAyUngpiLpp5vxHCEWld4Wh5d2fNnW16yDHo1PBfwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFBfldqQQ8+f6RatBqmSsabdPLJwyMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzE2ZjU3MTQ3LTg4NmMtNDM1MC1hMjQ3LWVjZWZmZTY5ZmI5Ni5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMAoOswDQYJKoZIhvcNAQELBQADggEBABgAlAc1Qa264CX+46rWZAEb
5jsGqD3XtQwr4klW2MVW1aWZctIZAojxXMg7uAB3/tbXy0Ztp0LX+JqLh542Yon1
8Takr8SJHA1G+mxCISYbxf20Z7u6sVzOyY553iLoodDtpTIsBNIf70LlIkg7Yh3P
fBO01LvgQhjFaDKCYMBIfrftKNPA8OAt8/lF3pHARGi3R7RSRmBinCX3UOV60brD
mIN6ShyaO1Gkb40LuKOpteu2oBSP381GuaN466xgj1Iz3INP31k7qLCw68Yxd8I+
MXN4I3zpOfV6c5kPRqP1TT1Ewu087j1MjgM6b/kzdpVuEVOilKhKesBUMFPw16Y=
-----END CERTIFICATE-----
Generated at Tue Jun 25 02:50:49 2024 by rpki-client on console-fra.rpki-client.org