Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/297539b4-7a62-452c-952f-8f3d17400754.roa
File:                     297539b4-7a62-452c-952f-8f3d17400754.roa (raw, json)
Hash identifier:          F6NPv0XSM5+ipSm5zJSRn3vFA0ZJ+lPldUAfMp6JQN8=
Subject key identifier:   7D:BF:73:DD:E0:73:43:FE:D2:6B:44:65:B7:21:84:8A:F6:BB:BB:0E
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0C673491C62E6097A618E9AABFEBB40A9814DC75
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/297539b4-7a62-452c-952f-8f3d17400754.roa
Signing time:             Fri 31 May 2024 00:00:00 +0000
ROA not before:           Fri 31 May 2024 00:00:00 +0000
ROA not after:            Fri 05 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        43.212.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 00:10:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:67:34:91:c6:2e:60:97:a6:18:e9:aa:bf:eb:b4:0a:98:14:dc:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 31 00:00:00 2024 GMT
            Not After : Jul  5 23:59:59 2024 GMT
        Subject: serialNumber=5cf8c739e7d59cd0f3676d9b26dbaa68270d64d2992c872c6fe7d0c7ae657061, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c8:72:33:3f:dc:93:58:46:0f:c0:03:d2:40:
                    20:1b:7f:9e:10:1a:b9:de:a4:2c:4d:55:73:9b:70:
                    2c:f2:20:f7:75:5a:05:c5:3b:d7:8d:a7:af:fc:6b:
                    dd:15:28:30:f8:98:1e:e9:2f:bb:ec:5c:04:7b:6c:
                    71:cb:bc:cb:6d:13:4d:8d:ab:07:1f:7e:8b:a0:98:
                    44:d1:dc:a9:a8:d7:0a:66:a9:58:d8:7f:27:98:31:
                    af:22:00:f5:4d:fe:92:c3:09:22:7c:9b:66:03:79:
                    06:af:e9:26:5d:c8:be:52:fb:4d:0f:7e:39:0f:30:
                    a6:af:31:e0:d0:e2:9e:a3:8b:bc:19:b3:98:11:20:
                    ac:df:39:66:ee:6e:d1:fa:61:76:3d:3a:bd:ee:d1:
                    c4:3a:4a:1b:6e:34:ac:71:a6:2c:89:ba:55:74:e8:
                    ea:0f:2b:e9:18:35:08:05:28:83:df:96:ae:51:f3:
                    a1:e2:63:31:ba:f8:84:97:e6:8c:b4:6e:f7:43:d5:
                    53:2e:94:1e:64:3b:5b:cc:6d:d1:8d:b9:3b:5b:a1:
                    f3:ad:db:a8:21:e8:71:42:c1:e6:35:42:09:40:e1:
                    3d:f1:d3:c3:f8:32:28:4d:0d:70:ff:bf:16:86:39:
                    8e:ca:82:4a:97:eb:e6:2a:03:2e:06:3e:e7:11:92:
                    dd:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:BF:73:DD:E0:73:43:FE:D2:6B:44:65:B7:21:84:8A:F6:BB:BB:0E
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/297539b4-7a62-452c-952f-8f3d17400754.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.212.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         83:de:06:0e:dd:19:e5:6f:09:b5:5d:a3:cf:c6:24:ea:c0:1d:
         1b:9a:f3:4e:7e:41:b3:4c:a3:dc:95:e9:6b:38:70:5c:34:cb:
         14:28:8f:99:1b:7e:7a:62:ff:4e:ad:45:d4:13:f1:42:07:ee:
         67:a3:b0:51:a6:24:cc:f0:5a:ee:10:96:4b:3a:95:7b:1d:b7:
         59:11:46:07:8a:a5:52:42:13:95:aa:20:02:42:9c:95:8e:94:
         fe:e1:b8:0f:85:1c:ec:1f:ee:0f:54:ef:33:96:b0:fb:8d:06:
         9c:1b:db:4b:79:1d:18:19:93:0c:5a:87:f6:be:bd:06:5d:bf:
         eb:3a:2e:34:09:2c:55:b8:4d:78:56:ca:f2:45:de:c9:28:21:
         bb:a8:83:d3:a9:b1:b6:9e:b0:14:a7:32:88:68:2c:3d:73:de:
         96:55:8b:6b:02:80:60:e9:e8:a1:a9:89:c9:57:b8:3e:d7:21:
         14:38:7d:86:a2:26:71:9c:4e:b5:ca:6e:eb:49:ef:53:5f:83:
         b5:48:33:dd:6a:6c:56:60:f4:79:97:50:4f:73:3b:cf:7a:4c:
         7f:3d:90:8b:69:05:08:29:99:76:ca:ea:1b:9b:c8:b3:ab:cd:
         3d:0b:21:a3:4d:e2:23:d9:05:7c:3f:08:47:64:05:91:11:55:
         2c:0e:76:81
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUDGc0kcYuYJemGOmqv+u0CpgU3HUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUzMTAwMDAwMFoX
DTI0MDcwNTIzNTk1OVowejFJMEcGA1UEBRNANWNmOGM3MzllN2Q1OWNkMGYzNjc2
ZDliMjZkYmFhNjgyNzBkNjRkMjk5MmM4NzJjNmZlN2QwYzdhZTY1NzA2MTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzshyMz/ck1hGD8AD0kAgG3+eEBq5
3qQsTVVzm3As8iD3dVoFxTvXjaev/GvdFSgw+Jge6S+77FwEe2xxy7zLbRNNjasH
H36LoJhE0dypqNcKZqlY2H8nmDGvIgD1Tf6SwwkifJtmA3kGr+kmXci+UvtND345
DzCmrzHg0OKeo4u8GbOYESCs3zlm7m7R+mF2PTq97tHEOkobbjSscaYsibpVdOjq
DyvpGDUIBSiD35auUfOh4mMxuviEl+aMtG73Q9VTLpQeZDtbzG3Rjbk7W6Hzrduo
IehxQsHmNUIJQOE98dPD+DIoTQ1w/78WhjmOyoJKl+vmKgMuBj7nEZLdOwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFH2/c93gc0P+0mtEZbchhIr2u7sOMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzI5NzUzOWI0LTdhNjItNDUyYy05NTJmLThmM2QxNzQwMDc1NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMBK9QwDQYJKoZIhvcNAQELBQADggEBAIPeBg7dGeVvCbVdo8/GJOrA
HRua805+QbNMo9yV6Ws4cFw0yxQoj5kbfnpi/06tRdQT8UIH7mejsFGmJMzwWu4Q
lks6lXsdt1kRRgeKpVJCE5WqIAJCnJWOlP7huA+FHOwf7g9U7zOWsPuNBpwb20t5
HRgZkwxah/a+vQZdv+s6LjQJLFW4TXhWyvJF3skoIbuog9OpsbaesBSnMohoLD1z
3pZVi2sCgGDp6KGpiclXuD7XIRQ4fYaiJnGcTrXKbutJ71Nfg7VIM91qbFZg9HmX
UE9zO896TH89kItpBQgpmXbK6hubyLOrzT0LIaNN4iPZBXw/CEdkBZERVSwOdoE=
-----END CERTIFICATE-----
Generated at Fri Jun 14 16:48:07 2024 by rpki-client on console-fra.rpki-client.org