Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/378e4fe4-326c-4ab3-850f-d313975e272e.roa
File:                     378e4fe4-326c-4ab3-850f-d313975e272e.roa (raw, json)
Hash identifier:          pWZbj4mC6cn/cAuH0obU2Z9VrAQmDDNbwxTefn/nRiI=
Subject key identifier:   23:B9:64:23:78:70:7E:E2:4E:90:E0:E1:61:AE:75:1F:E5:4A:0F:6B
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       F0744AE7892F91037ABB46B4E7B56F3593D366
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/378e4fe4-326c-4ab3-850f-d313975e272e.roa
Signing time:             Wed 20 Nov 2024 00:00:00 +0000
ROA not before:           Wed 20 Nov 2024 00:00:00 +0000
ROA not after:            Wed 25 Dec 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        203.83.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 08 Dec 2024 00:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            f0:74:4a:e7:89:2f:91:03:7a:bb:46:b4:e7:b5:6f:35:93:d3:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Nov 20 00:00:00 2024 GMT
            Not After : Dec 25 23:59:59 2024 GMT
        Subject: serialNumber=066f0109f6fffa32b14e42bf523639541dbbd2f4b56e43fcb4542fe5d60de869, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:42:fc:b9:6a:2f:69:1e:bb:9f:82:a8:5b:2f:
                    80:27:33:1d:3f:66:81:24:15:c8:e6:01:ff:27:81:
                    b5:44:b5:ce:71:53:d0:2c:5c:45:b8:48:95:9f:94:
                    cd:8f:84:59:2d:30:6b:d4:91:ff:fd:42:77:1e:f5:
                    08:22:26:28:c4:c7:03:46:b9:b5:02:3a:1e:99:e8:
                    ea:44:99:a9:cd:d1:dc:17:8a:e6:3d:85:12:ec:ac:
                    95:ca:33:46:cb:c4:91:91:02:b0:4a:bc:55:d4:06:
                    1a:34:e1:b1:2f:56:4c:dd:1d:d2:a3:33:17:4b:90:
                    3a:ca:e3:b2:73:82:ee:8e:7a:dd:fd:43:a9:f1:86:
                    ab:0d:5c:56:14:cf:f2:ef:3d:b4:21:8e:50:4a:68:
                    9d:93:ad:96:73:bc:dc:f3:54:f7:8e:b6:3b:49:dc:
                    82:4a:69:d0:b0:12:c8:1a:ef:df:f7:ca:ca:e4:54:
                    2e:23:bb:ba:f1:c0:29:5c:21:19:8e:ad:aa:78:01:
                    85:4a:a6:46:13:f8:02:ec:dd:6a:05:39:f1:22:d9:
                    bf:37:28:ca:54:4d:96:2c:96:44:45:58:97:3f:fe:
                    c5:4f:a2:ad:3c:7d:01:91:e6:e1:e5:fc:0b:3c:f1:
                    d8:e9:37:ba:ae:e8:9e:dd:36:95:38:ca:a9:48:3a:
                    fe:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:B9:64:23:78:70:7E:E2:4E:90:E0:E1:61:AE:75:1F:E5:4A:0F:6B
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/378e4fe4-326c-4ab3-850f-d313975e272e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.83.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:25:0d:53:1e:b9:cb:b2:e8:e1:fa:0e:aa:9e:23:a0:3d:f8:
         2b:38:40:26:ed:f0:e9:7e:1d:3c:8f:fe:60:88:12:3b:e0:59:
         e4:e7:68:cc:83:e0:c4:d4:a9:05:b5:68:6f:6c:c8:69:1d:9c:
         f5:16:7d:27:f2:6b:bc:ae:b9:56:e2:5b:67:ce:49:b8:c8:a3:
         45:83:f2:6f:ec:61:7d:23:75:ac:ef:09:91:43:8d:ce:8d:b7:
         09:53:08:65:05:8b:e3:11:df:06:7b:6a:38:f0:a7:4c:11:0b:
         a0:e2:ee:86:0f:bc:70:dd:44:b2:6a:59:09:4d:27:cb:36:58:
         e9:ee:ac:38:eb:32:1d:bd:bb:cb:ca:da:fa:99:11:87:39:e5:
         2d:f2:ae:cc:18:d1:23:6d:92:1c:d2:e5:66:44:34:e8:96:eb:
         45:b4:17:98:22:25:82:4a:d9:d4:e6:83:18:fd:4d:82:9d:2c:
         3d:22:25:76:e0:92:0b:c1:ed:b0:f4:bc:04:c8:be:32:d7:17:
         f6:f4:44:48:18:24:f0:1e:49:ae:84:61:b0:b8:cf:c3:b2:75:
         be:06:0b:15:db:43:41:ba:f6:3c:65:f9:51:10:aa:0f:f7:4d:
         27:6d:84:4a:60:46:9d:73:b6:6a:f9:13:d5:41:4a:6f:02:04:
         a2:65:ce:5c
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUAPB0SueJL5EDertGtOe1bzWT02YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTEyMDAwMDAwMFoX
DTI0MTIyNTIzNTk1OVowejFJMEcGA1UEBRNAMDY2ZjAxMDlmNmZmZmEzMmIxNGU0
MmJmNTIzNjM5NTQxZGJiZDJmNGI1NmU0M2ZjYjQ1NDJmZTVkNjBkZTg2OTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUL8uWovaR67n4KoWy+AJzMdP2aB
JBXI5gH/J4G1RLXOcVPQLFxFuEiVn5TNj4RZLTBr1JH//UJ3HvUIIiYoxMcDRrm1
AjoemejqRJmpzdHcF4rmPYUS7KyVyjNGy8SRkQKwSrxV1AYaNOGxL1ZM3R3SozMX
S5A6yuOyc4Lujnrd/UOp8YarDVxWFM/y7z20IY5QSmidk62Wc7zc81T3jrY7SdyC
SmnQsBLIGu/f98rK5FQuI7u68cApXCEZjq2qeAGFSqZGE/gC7N1qBTnxItm/NyjK
VE2WLJZERViXP/7FT6KtPH0Bkebh5fwLPPHY6Te6ruie3TaVOMqpSDr+wQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFCO5ZCN4cH7iTpDg4WGudR/lSg9rMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzM3OGU0ZmU0LTMyNmMtNGFiMy04NTBmLWQzMTM5NzVlMjcyZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCy1PcMA0GCSqGSIb3DQEBCwUAA4IBAQAVJQ1THrnLsujh+g6qniOg
PfgrOEAm7fDpfh08j/5giBI74Fnk52jMg+DE1KkFtWhvbMhpHZz1Fn0n8mu8rrlW
4ltnzkm4yKNFg/Jv7GF9I3Ws7wmRQ43OjbcJUwhlBYvjEd8Ge2o48KdMEQug4u6G
D7xw3USyalkJTSfLNljp7qw46zIdvbvLytr6mRGHOeUt8q7MGNEjbZIc0uVmRDTo
lutFtBeYIiWCStnU5oMY/U2CnSw9IiV24JILwe2w9LwEyL4y1xf29ERIGCTwHkmu
hGGwuM/DsnW+BgsV20NBuvY8ZflREKoP900nbYRKYEadc7Zq+RPVQUpvAgSiZc5c
-----END CERTIFICATE-----
Generated at Wed Dec 4 01:20:52 2024 by rpki-client on console-ams.rpki-client.org