Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8dafa80e-23c0-4310-ae76-0199a9aafc6f.roa
File:                     8dafa80e-23c0-4310-ae76-0199a9aafc6f.roa (raw, json)
Hash identifier:          sUba33l0pr8oB5zxmfY/y/dspuArrR9YpBF5A9hQ9XA=
Subject key identifier:   7E:12:57:C1:B5:61:C7:0C:D2:F7:57:0E:73:46:A0:CF:C2:15:8A:E3
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       12F836F125BBD692AFB712604D60862D9A35EAB7
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8dafa80e-23c0-4310-ae76-0199a9aafc6f.roa
Signing time:             Sat 25 May 2024 00:00:00 +0000
ROA not before:           Sat 25 May 2024 00:00:00 +0000
ROA not after:            Sat 29 Jun 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        159.248.128.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/manifest.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 17 Jun 2024 15:04:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:f8:36:f1:25:bb:d6:92:af:b7:12:60:4d:60:86:2d:9a:35:ea:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: May 25 00:00:00 2024 GMT
            Not After : Jun 29 23:59:59 2024 GMT
        Subject: serialNumber=20b7e45ef21e2d3a48970359dfb6b2253eab665fb3ceb941facecd372df1ded4, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ac:04:94:4c:32:2e:ac:53:b1:bb:af:b1:6a:
                    45:78:6f:d9:ea:15:03:06:87:9a:3b:f5:46:8f:d7:
                    81:71:00:44:08:3c:f0:43:68:a9:99:84:89:47:77:
                    e3:73:29:17:f3:5a:a4:7c:dc:c6:b3:c4:bd:7b:2c:
                    01:d8:ac:ff:43:a3:d8:cb:71:34:3c:95:59:a8:f9:
                    18:8e:b3:98:60:ff:3e:41:27:52:a6:de:9a:89:7c:
                    0e:56:49:58:e9:b6:13:6f:a9:47:5f:7a:4a:5b:f6:
                    8c:77:fd:4b:c3:a1:24:a8:1b:2f:8b:a7:48:a6:b1:
                    c7:d7:db:a3:fa:2a:8a:40:20:b7:5f:28:44:7e:ea:
                    02:27:95:57:bb:d4:3e:4c:88:94:d8:b6:9a:4a:bc:
                    3e:7e:3d:17:2a:1c:54:08:54:71:c3:ec:57:5a:2b:
                    4a:89:f3:25:97:b3:4d:67:07:56:16:83:68:bf:c7:
                    14:52:8e:50:8e:b1:3a:bd:b9:85:87:ed:72:1c:f5:
                    4b:2f:85:8e:33:e7:e7:b5:bb:1a:b1:b8:32:f2:b5:
                    12:38:29:b0:d2:10:45:d0:a1:0b:a4:31:cf:1d:7b:
                    25:29:d0:71:20:43:f3:59:1a:49:3a:3f:c9:a7:57:
                    56:b3:45:4b:ef:4d:14:99:cd:12:d0:a8:89:0d:8e:
                    ad:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:12:57:C1:B5:61:C7:0C:D2:F7:57:0E:73:46:A0:CF:C2:15:8A:E3
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8dafa80e-23c0-4310-ae76-0199a9aafc6f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:ec:fd:54:70:7c:db:85:08:6e:a6:78:1e:68:85:69:4a:a7:
         fa:65:57:1b:b6:4b:05:71:26:e3:be:59:45:cf:c4:f0:6a:cd:
         f0:07:9c:dc:e6:ca:a6:ec:f0:ed:1a:66:a0:69:22:65:f9:10:
         dc:f5:6c:79:dc:c7:e8:6d:a7:33:2c:3d:a4:91:2b:b7:4d:18:
         1e:b7:e0:eb:77:26:46:0f:24:2f:5c:a3:4d:0a:92:71:d0:84:
         4a:34:09:e1:f1:4d:28:33:1b:48:4b:a6:1f:20:b8:d0:c1:66:
         fb:a2:d7:d2:0b:95:e8:d3:4b:46:92:c0:32:7d:e0:d4:0b:e3:
         05:77:51:67:85:bf:63:73:78:50:29:e5:37:81:37:75:20:64:
         32:ac:f3:4d:04:69:34:84:96:2f:62:ef:14:1b:be:c0:01:b3:
         56:18:73:f1:d6:10:85:68:5b:f0:48:5e:3b:56:63:23:2c:66:
         62:a9:f2:49:7b:4b:6a:98:6e:e3:d8:62:01:67:1c:d6:07:d9:
         78:3c:fe:68:f4:a6:91:fa:c9:11:55:cc:51:9d:b4:4d:47:16:
         23:8d:31:37:a0:f6:87:58:e4:f5:6a:5e:14:ce:8f:83:82:93:
         4a:f1:80:d1:54:72:33:90:a3:35:d8:51:cf:3d:63:ac:b5:27:
         f0:95:a7:f3
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUEvg28SW71pKvtxJgTWCGLZo16rcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI0MDUyNTAwMDAwMFoX
DTI0MDYyOTIzNTk1OVowejFJMEcGA1UEBRNAMjBiN2U0NWVmMjFlMmQzYTQ4OTcw
MzU5ZGZiNmIyMjUzZWFiNjY1ZmIzY2ViOTQxZmFjZWNkMzcyZGYxZGVkNDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqwElEwyLqxTsbuvsWpFeG/Z6hUD
BoeaO/VGj9eBcQBECDzwQ2ipmYSJR3fjcykX81qkfNzGs8S9eywB2Kz/Q6PYy3E0
PJVZqPkYjrOYYP8+QSdSpt6aiXwOVklY6bYTb6lHX3pKW/aMd/1Lw6EkqBsvi6dI
prHH19uj+iqKQCC3XyhEfuoCJ5VXu9Q+TIiU2LaaSrw+fj0XKhxUCFRxw+xXWitK
ifMll7NNZwdWFoNov8cUUo5QjrE6vbmFh+1yHPVLL4WOM+fntbsasbgy8rUSOCmw
0hBF0KELpDHPHXslKdBxIEPzWRpJOj/Jp1dWs0VL700Umc0S0KiJDY6tawIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFH4SV8G1YccM0vdXDnNGoM/CFYrjMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzhkYWZhODBlLTIzYzAtNDMxMC1hZTc2LTAxOTlhOWFhZmM2Zi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCn/iAMA0GCSqGSIb3DQEBCwUAA4IBAQCK7P1UcHzbhQhupngeaIVp
Sqf6ZVcbtksFcSbjvllFz8Twas3wB5zc5sqm7PDtGmagaSJl+RDc9Wx53Mfobacz
LD2kkSu3TRget+DrdyZGDyQvXKNNCpJx0IRKNAnh8U0oMxtIS6YfILjQwWb7otfS
C5Xo00tGksAyfeDUC+MFd1Fnhb9jc3hQKeU3gTd1IGQyrPNNBGk0hJYvYu8UG77A
AbNWGHPx1hCFaFvwSF47VmMjLGZiqfJJe0tqmG7j2GIBZxzWB9l4PP5o9KaR+skR
VcxRnbRNRxYjjTE3oPaHWOT1al4Uzo+DgpNK8YDRVHIzkKM12FHPPWOstSfwlafz
-----END CERTIFICATE-----
Generated at Fri Jun 14 01:28:02 2024 by rpki-client on console-ams.rpki-client.org