Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/32bf2c39-b536-43d0-b557-f68d8ee64091.roa
File:                     32bf2c39-b536-43d0-b557-f68d8ee64091.roa (raw, json)
Hash identifier:          4NnhQ6q1IX74pGx7cx5FhzFQpXd5kL/nuMk7JP/nWuA=
Subject key identifier:   61:58:03:34:5F:2D:F1:B1:0C:5F:E5:E1:7E:1A:1C:E3:2C:E1:8F:A8
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       6E47E70E9E43823CB2663C1270BA9CD24011E87A
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/32bf2c39-b536-43d0-b557-f68d8ee64091.roa
Signing time:             Sat 25 May 2024 00:00:00 +0000
ROA not before:           Sat 25 May 2024 00:00:00 +0000
ROA not after:            Sat 29 Jun 2024 23:59:59 +0000
asID:                     7224
IP address blocks:        159.248.128.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/manifest.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 15:04:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:47:e7:0e:9e:43:82:3c:b2:66:3c:12:70:ba:9c:d2:40:11:e8:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: May 25 00:00:00 2024 GMT
            Not After : Jun 29 23:59:59 2024 GMT
        Subject: serialNumber=9ea259da81079273dccff5a2a9781295f35b7d24b7aa0652e868ef8a6b9d9e67, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:04:c1:11:79:22:6a:c2:80:a8:d1:c7:8e:e2:
                    37:12:4e:5e:ca:f3:fe:4d:61:c4:fc:cc:b0:9c:f7:
                    69:11:cf:f5:42:79:15:b7:c3:72:91:79:44:b8:40:
                    5f:c0:0f:40:f4:d7:7d:e8:d3:fb:3a:7d:dc:1e:6c:
                    32:a3:c2:d9:ef:0e:8b:32:33:b4:31:a0:07:99:95:
                    38:2f:4a:a0:91:b6:28:de:1a:c4:da:ef:49:26:e9:
                    a4:27:f0:f0:89:a8:6a:2d:d1:6a:ae:b0:a8:ae:01:
                    75:5b:10:89:9d:95:aa:35:94:c4:38:41:07:50:68:
                    7e:d7:7a:8f:6b:25:9b:0c:ef:bb:2a:42:99:cb:1a:
                    7e:ca:b5:42:47:0c:4b:0a:68:4c:79:c6:b6:1a:b2:
                    bf:63:1b:8e:4b:b5:09:c8:7f:21:bc:6b:84:3c:37:
                    84:d8:aa:5d:59:d0:93:72:da:40:67:ad:12:9d:08:
                    7f:48:37:c7:cb:17:38:50:2b:6a:1a:7d:7e:4a:7c:
                    b4:da:1d:2e:68:43:5f:74:4c:b5:bb:29:6c:a6:6c:
                    12:20:36:1e:3a:20:71:b3:3a:92:f5:44:f5:96:2f:
                    1c:df:6b:c7:6a:5e:67:6c:9a:4f:97:21:15:0d:1f:
                    b7:bf:73:69:aa:af:cd:00:37:85:16:cc:80:fb:49:
                    95:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:58:03:34:5F:2D:F1:B1:0C:5F:E5:E1:7E:1A:1C:E3:2C:E1:8F:A8
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/32bf2c39-b536-43d0-b557-f68d8ee64091.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:42:6b:42:0d:a9:fd:35:c2:dc:cd:f2:47:ea:af:73:0e:a9:
         7a:ef:42:ab:60:29:72:2a:09:02:98:39:0e:1f:f7:89:af:8f:
         72:e3:b4:c0:aa:b4:e6:4e:5b:63:d7:40:df:85:21:40:0f:b5:
         c8:fd:64:f6:cb:bc:bc:8c:9c:d1:8b:4c:3f:39:64:a8:8d:55:
         8f:dc:a0:fa:19:39:ea:df:f0:8f:33:f2:4c:29:4b:0e:9e:a3:
         eb:e0:52:71:2c:19:67:ce:fb:e6:77:95:ed:61:c6:c2:44:9c:
         0a:26:fe:19:1b:7f:f1:6d:50:89:f0:02:0c:88:bd:99:04:46:
         39:eb:1b:d9:fd:40:04:9b:c4:2f:a7:bc:a7:40:15:93:e0:5b:
         af:c7:0b:f8:c2:71:1b:7e:2b:a9:49:58:ad:20:ed:30:69:bc:
         08:93:dc:46:6e:c8:ba:0e:db:57:ad:de:f3:d9:e0:c6:9b:c0:
         11:90:e6:11:b1:10:ad:8d:f3:1d:c3:28:0c:98:bd:fe:e9:3f:
         dd:8a:09:8e:5a:50:c6:56:aa:6c:b0:f3:75:00:e3:f6:22:a8:
         0c:8a:ef:97:0f:55:a8:f8:57:d8:37:f5:79:63:93:a8:14:71:
         30:b2:e6:62:4a:67:1b:c7:5f:c2:05:b4:fa:d9:af:06:32:bf:
         19:07:57:a2
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUbkfnDp5DgjyyZjwScLqc0kAR6HowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI0MDUyNTAwMDAwMFoX
DTI0MDYyOTIzNTk1OVowejFJMEcGA1UEBRNAOWVhMjU5ZGE4MTA3OTI3M2RjY2Zm
NWEyYTk3ODEyOTVmMzViN2QyNGI3YWEwNjUyZTg2OGVmOGE2YjlkOWU2NzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmATBEXkiasKAqNHHjuI3Ek5eyvP+
TWHE/MywnPdpEc/1QnkVt8NykXlEuEBfwA9A9Nd96NP7On3cHmwyo8LZ7w6LMjO0
MaAHmZU4L0qgkbYo3hrE2u9JJumkJ/DwiahqLdFqrrCorgF1WxCJnZWqNZTEOEEH
UGh+13qPayWbDO+7KkKZyxp+yrVCRwxLCmhMeca2GrK/YxuOS7UJyH8hvGuEPDeE
2KpdWdCTctpAZ60SnQh/SDfHyxc4UCtqGn1+Sny02h0uaENfdEy1uylspmwSIDYe
OiBxszqS9UT1li8c32vHal5nbJpPlyEVDR+3v3Npqq/NADeFFsyA+0mV+QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFGFYAzRfLfGxDF/l4X4aHOMs4Y+oMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzMyYmYyYzM5LWI1MzYtNDNkMC1iNTU3LWY2OGQ4ZWU2NDA5MS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCn/iAMA0GCSqGSIb3DQEBCwUAA4IBAQBmQmtCDan9NcLczfJH6q9z
Dql670KrYClyKgkCmDkOH/eJr49y47TAqrTmTltj10DfhSFAD7XI/WT2y7y8jJzR
i0w/OWSojVWP3KD6GTnq3/CPM/JMKUsOnqPr4FJxLBlnzvvmd5XtYcbCRJwKJv4Z
G3/xbVCJ8AIMiL2ZBEY56xvZ/UAEm8Qvp7ynQBWT4Fuvxwv4wnEbfiupSVitIO0w
abwIk9xGbsi6DttXrd7z2eDGm8ARkOYRsRCtjfMdwygMmL3+6T/digmOWlDGVqps
sPN1AOP2IqgMiu+XD1Wo+FfYN/V5Y5OoFHEwsuZiSmcbx1/CBbT62a8GMr8ZB1ei
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:42:05 2024 by rpki-client on console-ams.rpki-client.org