Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a9d7c5f5-36de-4340-a315-95bb96771dbe.roa
File:                     a9d7c5f5-36de-4340-a315-95bb96771dbe.roa (raw, json)
Hash identifier:          +7SFLMWYq88ONWDj8JJ/CkAyfInCwDOdT5ijMyFWnYU=
Subject key identifier:   32:AE:D6:C7:F1:60:C1:72:7B:7C:2C:0B:B3:AA:BF:92:54:0C:37:E2
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       09B67F5A107C0C8F216D0636CD27013893455D51
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a9d7c5f5-36de-4340-a315-95bb96771dbe.roa
Signing time:             Sat 22 Jun 2024 00:00:00 +0000
ROA not before:           Sat 22 Jun 2024 00:00:00 +0000
ROA not after:            Sat 27 Jul 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        27.0.0.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 28 Jun 2024 00:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:b6:7f:5a:10:7c:0c:8f:21:6d:06:36:cd:27:01:38:93:45:5d:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 22 00:00:00 2024 GMT
            Not After : Jul 27 23:59:59 2024 GMT
        Subject: serialNumber=7f4124cebb85695d667505461126566e9eeb691dd118e9d13afd3592ca1a8bcb, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:17:ad:24:74:4c:7b:8b:a0:57:7c:81:46:25:
                    9e:7f:c6:cf:ba:80:3d:86:52:62:c6:36:23:5e:82:
                    62:fa:68:54:46:ef:f9:94:ab:1a:47:b2:82:df:a0:
                    4c:04:75:af:e2:30:b3:84:ab:9c:46:f9:98:f1:66:
                    cc:d6:96:4b:90:2c:c5:69:01:39:48:3c:6b:bb:17:
                    f5:25:b7:04:a3:22:f0:cb:bc:26:92:dd:ca:c0:f1:
                    98:a9:e4:30:01:40:1f:9c:53:30:07:c4:35:48:4e:
                    e0:85:9a:c0:9f:0d:da:6a:fd:84:26:b3:74:e5:25:
                    e4:95:62:f9:8c:dd:1b:c3:92:b1:49:2a:e5:f9:4c:
                    49:f8:8c:6a:86:10:7f:f0:27:64:7c:25:55:1c:79:
                    22:00:2c:d2:31:7b:b2:e7:7b:b5:cb:b9:a5:ed:8b:
                    17:79:a6:33:91:2f:16:b6:d6:5a:1f:a6:a4:b9:ad:
                    1e:03:69:9c:c0:e0:36:0d:8d:0d:bd:2d:a5:ea:32:
                    b8:cc:58:e1:0a:67:3f:9f:e9:6d:98:a6:fa:40:ff:
                    19:6c:ee:b4:5c:0a:f9:00:fa:30:4b:e8:26:51:73:
                    7f:54:c5:09:13:43:4f:ae:dc:37:f5:88:a5:43:36:
                    43:2d:4d:b8:8a:b5:93:25:c5:cd:65:61:c7:e3:3c:
                    68:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:AE:D6:C7:F1:60:C1:72:7B:7C:2C:0B:B3:AA:BF:92:54:0C:37:E2
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a9d7c5f5-36de-4340-a315-95bb96771dbe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.0.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:3c:a1:af:fc:5d:33:2c:4e:30:2f:e1:fc:6d:fc:e8:77:11:
         b6:4e:74:94:63:0c:d3:bb:de:b5:02:b5:40:6a:9e:6e:29:d3:
         a5:fb:84:76:6e:ea:01:cd:2c:ab:0c:46:a5:e9:3f:ed:dc:68:
         60:2b:81:3c:ad:3c:f3:83:90:f0:47:5e:25:4e:d3:57:29:36:
         83:be:2f:ed:76:6c:ae:f6:87:5d:a5:c7:b3:07:e3:5b:80:04:
         4b:73:79:ad:bf:2f:cc:b9:8b:b3:a4:8c:5a:dc:15:5a:5f:44:
         9f:92:09:4c:e7:e8:2f:d8:14:3e:26:86:1a:4d:ca:47:23:53:
         b4:c1:db:12:cf:89:05:34:76:40:db:d4:bc:8d:17:53:c3:a5:
         63:6b:fb:4d:f0:54:3f:b6:31:5a:86:dd:bd:1b:55:9b:ac:72:
         21:51:16:56:ff:e8:7f:0b:b0:77:d6:9a:39:86:70:2e:48:d9:
         2e:3f:2c:50:8d:14:ad:d3:64:8e:ef:07:44:32:cb:07:19:72:
         f7:58:83:bd:f1:47:8e:ae:4f:dd:8f:b5:c3:af:d4:b8:d9:9e:
         28:32:15:87:db:14:a6:2e:6e:55:54:44:94:46:64:36:e5:73:
         e1:8b:93:b3:85:77:99:a5:71:3d:48:c7:fb:d2:63:3e:db:01:
         38:2a:93:2b
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUCbZ/WhB8DI8hbQY2zScBOJNFXVEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMjAwMDAwMFoX
DTI0MDcyNzIzNTk1OVowejFJMEcGA1UEBRNAN2Y0MTI0Y2ViYjg1Njk1ZDY2NzUw
NTQ2MTEyNjU2NmU5ZWViNjkxZGQxMThlOWQxM2FmZDM1OTJjYTFhOGJjYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRetJHRMe4ugV3yBRiWef8bPuoA9
hlJixjYjXoJi+mhURu/5lKsaR7KC36BMBHWv4jCzhKucRvmY8WbM1pZLkCzFaQE5
SDxruxf1JbcEoyLwy7wmkt3KwPGYqeQwAUAfnFMwB8Q1SE7ghZrAnw3aav2EJrN0
5SXklWL5jN0bw5KxSSrl+UxJ+IxqhhB/8CdkfCVVHHkiACzSMXuy53u1y7ml7YsX
eaYzkS8WttZaH6akua0eA2mcwOA2DY0NvS2l6jK4zFjhCmc/n+ltmKb6QP8ZbO60
XAr5APowS+gmUXN/VMUJE0NPrtw39YilQzZDLU24irWTJcXNZWHH4zxoYQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFDKu1sfxYMFye3wsC7Oqv5JUDDfiMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2E5ZDdjNWY1LTM2ZGUtNDM0MC1hMzE1LTk1YmI5Njc3MWRiZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCGwAAMA0GCSqGSIb3DQEBCwUAA4IBAQAKPKGv/F0zLE4wL+H8bfzo
dxG2TnSUYwzTu961ArVAap5uKdOl+4R2buoBzSyrDEal6T/t3GhgK4E8rTzzg5Dw
R14lTtNXKTaDvi/tdmyu9oddpcezB+NbgARLc3mtvy/MuYuzpIxa3BVaX0SfkglM
5+gv2BQ+JoYaTcpHI1O0wdsSz4kFNHZA29S8jRdTw6Vja/tN8FQ/tjFaht29G1Wb
rHIhURZW/+h/C7B31po5hnAuSNkuPyxQjRSt02SO7wdEMssHGXL3WIO98UeOrk/d
j7XDr9S42Z4oMhWH2xSmLm5VVESURmQ25XPhi5OzhXeZpXE9SMf70mM+2wE4KpMr
-----END CERTIFICATE-----
Generated at Mon Jun 24 01:28:15 2024 by rpki-client on console-ams.rpki-client.org