Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9787bdbe-f3f0-457d-8edc-d01a0d2e9001.roa
File:                     9787bdbe-f3f0-457d-8edc-d01a0d2e9001.roa (raw, json)
Hash identifier:          gqynRnhLMy5YWtL2DQSchnxhSvoECwKsAWvcXrK197k=
Subject key identifier:   41:1B:9D:6D:06:9D:8F:81:E3:75:5F:A0:F6:D8:35:5B:90:A7:C9:6F
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3D15FD79D3DDEA94A229D02DF3E306CE78BF0EFA
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9787bdbe-f3f0-457d-8edc-d01a0d2e9001.roa
Signing time:             Sat 25 May 2024 00:00:00 +0000
ROA not before:           Sat 25 May 2024 00:00:00 +0000
ROA not after:            Sat 29 Jun 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        43.208.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:15:fd:79:d3:dd:ea:94:a2:29:d0:2d:f3:e3:06:ce:78:bf:0e:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 25 00:00:00 2024 GMT
            Not After : Jun 29 23:59:59 2024 GMT
        Subject: serialNumber=a8da70e46cc412265fd6f27da5ec7ea8800c65d39486804aecb724529ab605c0, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:07:a5:4a:91:e2:38:7b:f7:07:4e:ca:52:4d:
                    c2:b7:91:91:5a:84:e9:df:38:03:81:89:46:b0:c4:
                    ea:66:64:20:a2:29:7e:d2:67:ab:de:2c:22:8b:61:
                    0d:8c:02:a5:fc:3b:dc:c3:70:e5:9b:1e:6b:19:ee:
                    80:ad:30:e0:b9:a0:85:15:17:96:05:4d:6b:69:76:
                    40:18:10:91:2c:36:85:ee:fe:db:e1:42:33:81:46:
                    d2:e6:82:b5:2c:16:69:63:a6:8e:e3:a2:e6:c8:ed:
                    46:ba:78:0f:af:6c:c3:9f:90:40:d3:a2:4b:68:f0:
                    cd:ed:93:c2:23:37:26:4e:8b:4f:b3:6e:fd:b0:3c:
                    64:ad:0d:c0:50:df:90:58:1b:b5:c9:2c:38:83:8a:
                    1c:98:15:26:19:23:27:df:45:fd:41:97:d9:5b:52:
                    fb:4f:21:ca:8a:19:ec:4f:a2:0b:05:e6:a2:5a:4e:
                    b6:05:d5:5c:d4:f3:a4:ae:17:2d:af:b6:e1:00:10:
                    91:db:19:f2:5a:16:42:7f:dc:66:bb:d8:ca:7f:91:
                    7c:89:48:51:71:f4:b6:d8:ab:41:d3:1d:a6:bb:7e:
                    5e:bb:80:1e:74:08:ed:b7:e4:fe:8d:92:bc:eb:29:
                    7f:8a:04:a0:88:12:cf:6a:c3:ea:12:ee:1e:4a:20:
                    a3:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:1B:9D:6D:06:9D:8F:81:E3:75:5F:A0:F6:D8:35:5B:90:A7:C9:6F
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9787bdbe-f3f0-457d-8edc-d01a0d2e9001.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.208.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         c0:c3:9b:f9:57:b6:4a:f3:78:fc:00:c3:bf:a3:1e:22:1a:99:
         e8:a3:04:8b:cf:d7:67:6e:18:23:f4:07:fb:00:98:5a:3d:05:
         35:80:2e:63:9b:14:fa:f5:4b:ec:e7:cc:dc:c6:a7:75:1f:c5:
         2f:ba:9b:60:26:44:3e:f4:2f:19:3b:3c:1f:65:6a:74:4b:10:
         5d:a9:0d:65:28:69:b6:11:66:31:b2:57:1e:d0:cf:e4:38:48:
         1c:aa:5b:c3:d3:2e:06:ff:8e:91:8c:9e:a6:18:73:c9:28:88:
         34:88:9a:db:70:50:f9:8b:46:f0:db:b2:05:7a:84:84:cf:bc:
         63:1d:23:de:ee:69:d5:38:62:ab:f5:95:7e:d4:93:41:c9:c5:
         cf:6c:ce:e8:70:d0:8e:84:c5:1f:10:6b:f5:8b:17:d7:9b:28:
         69:b1:6a:46:aa:00:b3:c8:43:db:00:4d:0a:1f:ad:6b:15:1a:
         ca:ee:ca:40:af:b9:0f:94:9e:ba:c0:6e:e5:ff:fa:41:d5:7a:
         50:07:1d:76:c6:4e:ba:54:f4:9d:bb:58:74:d4:66:53:e2:bc:
         eb:85:09:8e:17:12:37:de:ef:0a:c8:58:30:1b:5a:1c:c1:23:
         fb:87:90:84:bb:ee:77:ab:a1:70:d4:3a:65:a4:90:0a:5d:01:
         c0:11:07:e0
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUPRX9edPd6pSiKdAt8+MGzni/DvowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDUyNTAwMDAwMFoX
DTI0MDYyOTIzNTk1OVowejFJMEcGA1UEBRNAYThkYTcwZTQ2Y2M0MTIyNjVmZDZm
MjdkYTVlYzdlYTg4MDBjNjVkMzk0ODY4MDRhZWNiNzI0NTI5YWI2MDVjMDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAelSpHiOHv3B07KUk3Ct5GRWoTp
3zgDgYlGsMTqZmQgoil+0mer3iwii2ENjAKl/Dvcw3Dlmx5rGe6ArTDguaCFFReW
BU1raXZAGBCRLDaF7v7b4UIzgUbS5oK1LBZpY6aO46LmyO1GungPr2zDn5BA06JL
aPDN7ZPCIzcmTotPs279sDxkrQ3AUN+QWBu1ySw4g4ocmBUmGSMn30X9QZfZW1L7
TyHKihnsT6ILBeaiWk62BdVc1POkrhctr7bhABCR2xnyWhZCf9xmu9jKf5F8iUhR
cfS22KtB0x2mu35eu4AedAjtt+T+jZK86yl/igSgiBLPasPqEu4eSiCjawIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFEEbnW0GnY+B43VfoPbYNVuQp8lvMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzk3ODdiZGJlLWYzZjAtNDU3ZC04ZWRjLWQwMWEwZDJlOTAwMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMBK9AwDQYJKoZIhvcNAQELBQADggEBAMDDm/lXtkrzePwAw7+jHiIa
meijBIvP12duGCP0B/sAmFo9BTWALmObFPr1S+znzNzGp3UfxS+6m2AmRD70Lxk7
PB9lanRLEF2pDWUoabYRZjGyVx7Qz+Q4SByqW8PTLgb/jpGMnqYYc8koiDSImttw
UPmLRvDbsgV6hITPvGMdI97uadU4Yqv1lX7Uk0HJxc9szuhw0I6ExR8Qa/WLF9eb
KGmxakaqALPIQ9sATQofrWsVGsruykCvuQ+UnrrAbuX/+kHVelAHHXbGTrpU9J27
WHTUZlPivOuFCY4XEjfe7wrIWDAbWhzBI/uHkIS77neroXDUOmWkkApdAcARB+A=
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:42:06 2024 by rpki-client on console-ams.rpki-client.org