Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/427017ca-fc05-4df1-9de8-dc6182848704.roa
File:                     427017ca-fc05-4df1-9de8-dc6182848704.roa (raw, json)
Hash identifier:          7UodUE0vkop8/R57txrLdWN/wcYUTLOiUoFlnPgQe/c=
Subject key identifier:   E9:62:AF:62:5A:8C:71:20:12:C0:23:DC:2E:AC:07:8D:29:4A:79:89
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       45D1AD1FAE0409A074C5A3F7F545DD847016D3E7
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/427017ca-fc05-4df1-9de8-dc6182848704.roa
Signing time:             Sat 22 Jun 2024 00:00:00 +0000
ROA not before:           Sat 22 Jun 2024 00:00:00 +0000
ROA not after:            Sat 27 Jul 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        43.198.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 28 Jun 2024 00:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:d1:ad:1f:ae:04:09:a0:74:c5:a3:f7:f5:45:dd:84:70:16:d3:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 22 00:00:00 2024 GMT
            Not After : Jul 27 23:59:59 2024 GMT
        Subject: serialNumber=5eb31579dd8786cfdfbdbeab3c723bfe7c79d7d87f0e0580cf8c9015877e5c36, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:8e:ab:13:3f:83:af:d3:b9:06:8d:dc:7c:dd:
                    55:61:9d:2c:1c:21:12:ff:5b:7f:eb:90:df:a9:9b:
                    2d:a0:4e:0c:1f:76:9d:74:19:ac:a3:2c:ea:06:f9:
                    26:f1:78:b9:37:63:63:3f:32:2b:cf:29:f6:82:ab:
                    b8:c4:63:e9:1c:89:c9:ca:b7:2b:60:31:1f:1c:c9:
                    96:6b:a8:fc:53:85:76:a9:3e:2c:ac:08:b9:97:bb:
                    4d:4b:97:29:bd:45:9c:c9:8a:88:72:e0:b3:57:c4:
                    2f:1a:15:22:5a:7a:52:0e:8a:06:9e:20:99:ec:1e:
                    62:34:e0:04:23:28:f7:0a:33:ee:b7:c2:e7:e9:0c:
                    69:6b:3f:89:2b:6e:4c:a8:e7:b4:27:31:a0:5b:66:
                    bc:b0:c9:a2:9d:13:1e:7e:cc:d1:95:6e:e4:74:62:
                    29:23:65:4d:93:19:35:7b:5f:33:f3:82:3d:32:42:
                    17:1a:1e:07:5d:a0:48:45:f2:bb:86:81:e7:06:fe:
                    55:04:31:33:7e:ea:08:f0:2e:63:e0:eb:98:9a:ec:
                    d0:3f:30:15:b2:43:c3:d4:35:9e:28:55:a6:08:95:
                    f6:ad:be:3e:8e:cd:43:9a:44:bb:29:3e:89:fd:09:
                    f8:36:c1:53:83:1e:07:4a:7f:10:20:29:80:ea:ba:
                    ed:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:62:AF:62:5A:8C:71:20:12:C0:23:DC:2E:AC:07:8D:29:4A:79:89
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/427017ca-fc05-4df1-9de8-dc6182848704.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.198.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         b9:0b:e5:43:4e:a4:05:e5:b0:04:2a:e2:a7:f4:97:94:3a:9d:
         55:60:0c:af:46:d7:9d:3f:6b:8a:8c:6e:80:f6:14:52:4e:99:
         0a:1f:47:f5:ff:00:2b:b9:97:fc:94:21:30:3a:a9:36:ab:d6:
         67:24:fc:b6:f1:8d:32:df:bb:39:bf:85:41:de:40:0d:0e:91:
         10:88:a8:85:26:87:15:a2:2a:d7:c2:24:3d:9e:93:99:12:40:
         4a:51:90:a0:ab:36:dc:27:9a:2a:f8:19:1d:00:fc:33:35:ff:
         6b:fa:8b:bc:4c:59:67:e9:14:5f:04:6e:10:4c:ea:3b:81:ea:
         da:77:b2:e4:8a:bd:0a:40:e6:99:83:37:58:6f:b8:8f:04:c1:
         3c:88:84:ff:fb:36:8d:61:50:91:9a:6d:2d:36:cc:e9:bf:13:
         f2:84:8d:8b:34:2e:ab:d6:37:68:0b:b9:bd:6d:9c:cf:c7:c5:
         01:99:55:0b:38:3e:c6:a3:50:71:02:48:db:72:00:40:83:3b:
         9b:1b:56:e7:87:5c:90:31:61:7b:50:c2:b8:ae:fa:84:26:7e:
         f4:11:44:55:da:00:2d:67:25:86:d8:b5:e2:ab:97:d9:8c:26:
         98:2d:2b:17:cf:01:9e:8c:6c:d5:d6:bf:50:ac:81:c4:d2:71:
         47:3b:93:a3
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIURdGtH64ECaB0xaP39UXdhHAW0+cwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMjAwMDAwMFoX
DTI0MDcyNzIzNTk1OVowejFJMEcGA1UEBRNANWViMzE1NzlkZDg3ODZjZmRmYmRi
ZWFiM2M3MjNiZmU3Yzc5ZDdkODdmMGUwNTgwY2Y4YzkwMTU4NzdlNWMzNjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAno6rEz+Dr9O5Bo3cfN1VYZ0sHCES
/1t/65DfqZstoE4MH3addBmsoyzqBvkm8Xi5N2NjPzIrzyn2gqu4xGPpHInJyrcr
YDEfHMmWa6j8U4V2qT4srAi5l7tNS5cpvUWcyYqIcuCzV8QvGhUiWnpSDooGniCZ
7B5iNOAEIyj3CjPut8Ln6Qxpaz+JK25MqOe0JzGgW2a8sMminRMefszRlW7kdGIp
I2VNkxk1e18z84I9MkIXGh4HXaBIRfK7hoHnBv5VBDEzfuoI8C5j4OuYmuzQPzAV
skPD1DWeKFWmCJX2rb4+js1DmkS7KT6J/Qn4NsFTgx4HSn8QICmA6rrtGwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFOlir2JajHEgEsAj3C6sB40pSnmJMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzQyNzAxN2NhLWZjMDUtNGRmMS05ZGU4LWRjNjE4Mjg0ODcwNC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMBK8YwDQYJKoZIhvcNAQELBQADggEBALkL5UNOpAXlsAQq4qf0l5Q6
nVVgDK9G150/a4qMboD2FFJOmQofR/X/ACu5l/yUITA6qTar1mck/LbxjTLfuzm/
hUHeQA0OkRCIqIUmhxWiKtfCJD2ek5kSQEpRkKCrNtwnmir4GR0A/DM1/2v6i7xM
WWfpFF8EbhBM6juB6tp3suSKvQpA5pmDN1hvuI8EwTyIhP/7No1hUJGabS02zOm/
E/KEjYs0LqvWN2gLub1tnM/HxQGZVQs4PsajUHECSNtyAECDO5sbVueHXJAxYXtQ
wriu+oQmfvQRRFXaAC1nJYbYteKrl9mMJpgtKxfPAZ6MbNXWv1CsgcTScUc7k6M=
-----END CERTIFICATE-----
Generated at Mon Jun 24 00:42:55 2024 by rpki-client on console-fra.rpki-client.org