Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4dd57872-4286-4ae3-96b4-e36652d55044.roa
File:                     4dd57872-4286-4ae3-96b4-e36652d55044.roa (raw, json)
Hash identifier:          CfVHEh0nZ8PVQ3ZmrczTtf669zfx1Yu3+OyRbJltLDg=
Subject key identifier:   E7:3D:AB:7B:7F:35:16:B8:90:06:6B:25:FD:8A:51:D1:78:FE:A7:47
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       43B5F7C2BC1576C0143F2B9DB6E99D0055A0E00F
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4dd57872-4286-4ae3-96b4-e36652d55044.roa
Signing time:             Mon 03 Jun 2024 00:00:00 +0000
ROA not before:           Mon 03 Jun 2024 00:00:00 +0000
ROA not after:            Mon 08 Jul 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        160.235.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/manifest.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 15:04:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:b5:f7:c2:bc:15:76:c0:14:3f:2b:9d:b6:e9:9d:00:55:a0:e0:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Jun  3 00:00:00 2024 GMT
            Not After : Jul  8 23:59:59 2024 GMT
        Subject: serialNumber=7260f0ff1ccf9431dc82b51ae859666c689ceeaff502f54194739c770ba81410, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:0a:d8:83:01:c8:c3:e5:e9:f8:b5:ad:3c:c6:
                    f9:e9:0e:1a:88:85:c9:2e:e5:a0:b9:c4:10:db:53:
                    a4:76:af:e3:34:2a:19:06:36:2d:bc:5b:a2:0b:7d:
                    dd:57:dc:e2:9c:ac:5f:35:19:95:14:4f:14:13:21:
                    2e:50:b1:9f:10:04:02:56:c1:d2:ac:a3:1e:10:76:
                    a2:5d:bd:58:75:4a:8f:08:10:86:2e:92:a9:14:c8:
                    97:0a:84:63:04:c1:b1:70:14:a2:20:c3:b2:21:e1:
                    3f:67:f2:3e:64:e2:8c:96:09:15:75:69:ef:e5:a9:
                    fb:7a:a7:c9:0c:9f:a5:ec:76:0d:c7:47:90:9d:cd:
                    b8:67:bb:d1:94:01:20:34:88:d5:a5:e4:29:39:97:
                    8f:e4:70:dd:88:80:0f:eb:84:cf:b6:79:a1:0c:e1:
                    81:df:09:5c:f9:6a:49:93:7a:76:02:3a:b0:4a:0b:
                    28:20:c3:82:01:54:49:d5:93:2d:50:01:22:2d:72:
                    fe:d4:2b:3a:05:c2:43:19:1d:7e:55:ce:97:b4:9d:
                    1e:34:0e:88:d1:a4:15:5a:1d:13:cc:42:35:1b:ea:
                    51:68:ed:bf:0f:f1:18:e3:8c:1a:df:ea:dd:58:21:
                    67:b9:e4:40:24:c5:d0:76:25:18:da:14:43:06:44:
                    62:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:3D:AB:7B:7F:35:16:B8:90:06:6B:25:FD:8A:51:D1:78:FE:A7:47
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4dd57872-4286-4ae3-96b4-e36652d55044.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.235.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         61:0e:0f:e2:95:7d:ea:73:d4:b3:e6:cc:3f:46:6e:65:85:46:
         db:52:65:93:c9:63:6b:61:3e:7d:07:93:d1:9e:54:1b:7a:8c:
         e4:7a:ac:43:f8:f4:fd:65:8a:35:3b:7e:da:68:e9:eb:49:03:
         a1:72:2c:27:9d:45:95:2d:c0:78:f4:6a:56:a3:27:53:17:b7:
         8c:08:f7:de:0b:69:55:7d:99:c4:98:d1:05:bf:38:bf:ac:14:
         91:a2:51:61:46:e7:fb:94:b3:af:48:01:2e:9a:2f:76:6f:66:
         72:86:da:8c:17:d4:80:dc:be:9c:d7:79:82:01:5c:83:0b:43:
         71:75:24:ed:9b:e8:5a:5a:4e:82:c3:8b:f7:19:1d:73:d0:75:
         e7:9b:72:4c:5f:a9:1c:b2:45:f3:a0:48:15:8e:b5:c0:fe:f7:
         db:d7:be:20:00:59:57:df:b6:fe:38:e7:02:44:e2:c5:49:41:
         96:b1:f1:b3:1b:ba:19:a7:dc:25:7d:9a:62:d1:d0:1e:4f:f8:
         6f:1e:85:ae:0d:08:83:02:2c:0b:10:f2:ac:c1:f4:b3:8c:7b:
         b6:e2:78:75:42:a8:d9:16:be:58:18:ce:22:b1:53:2e:b7:e3:
         a0:df:aa:ba:9a:84:40:0a:8b:4b:70:46:f2:38:ee:fd:86:b3:
         06:b3:01:3b
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUQ7X3wrwVdsAUPyudtumdAFWg4A8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI0MDYwMzAwMDAwMFoX
DTI0MDcwODIzNTk1OVowejFJMEcGA1UEBRNANzI2MGYwZmYxY2NmOTQzMWRjODJi
NTFhZTg1OTY2NmM2ODljZWVhZmY1MDJmNTQxOTQ3MzljNzcwYmE4MTQxMDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswrYgwHIw+Xp+LWtPMb56Q4aiIXJ
LuWgucQQ21Okdq/jNCoZBjYtvFuiC33dV9zinKxfNRmVFE8UEyEuULGfEAQCVsHS
rKMeEHaiXb1YdUqPCBCGLpKpFMiXCoRjBMGxcBSiIMOyIeE/Z/I+ZOKMlgkVdWnv
5an7eqfJDJ+l7HYNx0eQnc24Z7vRlAEgNIjVpeQpOZeP5HDdiIAP64TPtnmhDOGB
3wlc+WpJk3p2AjqwSgsoIMOCAVRJ1ZMtUAEiLXL+1Cs6BcJDGR1+Vc6XtJ0eNA6I
0aQVWh0TzEI1G+pRaO2/D/EY44wa3+rdWCFnueRAJMXQdiUY2hRDBkRiRQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFOc9q3t/NRa4kAZrJf2KUdF4/qdHMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRkZDU3ODcyLTQyODYtNGFlMy05NmI0LWUzNjY1MmQ1NTA0NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMAoOswDQYJKoZIhvcNAQELBQADggEBAGEOD+KVfepz1LPmzD9GbmWF
RttSZZPJY2thPn0Hk9GeVBt6jOR6rEP49P1lijU7ftpo6etJA6FyLCedRZUtwHj0
alajJ1MXt4wI994LaVV9mcSY0QW/OL+sFJGiUWFG5/uUs69IAS6aL3ZvZnKG2owX
1IDcvpzXeYIBXIMLQ3F1JO2b6FpaToLDi/cZHXPQdeebckxfqRyyRfOgSBWOtcD+
99vXviAAWVfftv445wJE4sVJQZax8bMbuhmn3CV9mmLR0B5P+G8eha4NCIMCLAsQ
8qzB9LOMe7bieHVCqNkWvlgYziKxUy6346DfqrqahEAKi0twRvI47v2GswazATs=
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:42:05 2024 by rpki-client on console-ams.rpki-client.org