Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c46353d6-f66a-4ac6-aeca-c8f320ebee9a.roa
File:                     c46353d6-f66a-4ac6-aeca-c8f320ebee9a.roa (raw, json)
Hash identifier:          EhoWl8bNfcgiJ6avj7NjYumYDcGDu7RQXK+Py8z+wNE=
Subject key identifier:   94:66:E2:08:02:EB:A3:C6:5B:7C:37:3B:AC:35:F1:52:92:11:FD:AE
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       17370E462EE04B4D956C705975291C11CCF53600
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c46353d6-f66a-4ac6-aeca-c8f320ebee9a.roa
Signing time:             Wed 13 Mar 2024 00:00:00 +0000
ROA not before:           Wed 13 Mar 2024 00:00:00 +0000
ROA not after:            Wed 17 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        159.248.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/manifest.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 12:04:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:37:0e:46:2e:e0:4b:4d:95:6c:70:59:75:29:1c:11:cc:f5:36:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Mar 13 00:00:00 2024 GMT
            Not After : Apr 17 23:59:59 2024 GMT
        Subject: serialNumber=7e10232611a70d446b5ca4c6babc4dde3942b355f80f66d18ee1d7a896d2936c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f0:0a:a9:2e:b9:b5:30:81:6b:3c:d8:d6:c4:
                    4d:31:11:f6:06:20:f3:4a:dd:06:66:94:8c:0e:69:
                    d1:45:01:96:0b:44:f5:a1:3b:5d:06:85:2d:37:64:
                    aa:32:eb:44:23:a3:8f:6b:57:0b:b1:33:71:60:0b:
                    52:91:bf:79:de:ab:9d:4c:f4:55:49:bd:79:17:b3:
                    b6:82:a6:c9:b5:62:b0:bb:f3:d0:2a:0e:16:60:21:
                    dd:4e:7b:68:10:55:27:2a:2d:a4:a2:e2:29:47:fd:
                    1c:fe:9a:45:6e:33:14:71:98:86:c2:90:19:f5:9f:
                    8c:cc:2c:73:3c:5d:de:89:40:62:ad:44:9e:9f:12:
                    d1:bb:c9:29:38:31:a2:51:41:f6:cd:72:ed:0f:2c:
                    d9:7b:7b:85:0e:9a:48:02:6c:8a:85:21:5c:d6:b7:
                    ce:38:0b:a4:f7:9c:24:e4:1f:2b:df:b2:02:b1:45:
                    c7:9a:8b:ae:43:ab:37:e3:33:6c:fa:59:71:14:e0:
                    74:5c:67:04:e0:a1:d6:66:fe:eb:65:3a:45:7b:d4:
                    66:44:fe:50:3e:96:ca:61:a2:72:4f:40:dc:35:62:
                    48:59:b6:f1:d3:00:d3:b6:24:6f:1a:9e:d2:1e:9a:
                    3c:b8:73:cc:dc:32:7f:ed:e5:e1:23:88:8e:df:58:
                    f6:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:66:E2:08:02:EB:A3:C6:5B:7C:37:3B:AC:35:F1:52:92:11:FD:AE
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c46353d6-f66a-4ac6-aeca-c8f320ebee9a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         36:3d:2f:06:72:79:83:84:b1:31:d2:81:f7:9d:07:b0:85:c7:
         32:39:03:95:10:ec:37:bf:17:d9:37:11:62:22:a5:24:24:9f:
         e5:43:8c:82:ac:c7:ec:2d:30:77:9d:92:26:a6:db:99:46:9c:
         fd:b8:1b:f8:9e:e2:26:26:6e:a4:88:f7:1d:2d:3f:e5:68:02:
         a7:01:6d:78:d0:c9:7f:04:55:6b:86:5a:f3:4f:22:9d:3d:21:
         fe:e2:33:27:20:67:71:f5:25:7d:07:b0:6a:99:ed:a1:e8:50:
         64:61:7a:62:be:a9:9e:32:93:06:a5:cf:7f:9a:87:34:c3:98:
         5a:1c:e5:60:3c:6c:04:02:48:3d:76:4e:f6:f6:a6:09:71:37:
         4e:32:fb:42:54:2b:56:40:dd:8f:cd:91:ef:9a:1c:00:50:8e:
         20:6f:52:6e:e2:e5:4e:c0:fd:c6:9c:f5:e0:27:e9:1f:34:e6:
         62:eb:9d:9c:28:4a:15:87:89:be:87:1d:b5:12:f0:cf:fb:58:
         7e:a4:36:f2:56:ec:4c:58:5e:8d:10:6a:9f:d7:9f:9d:20:15:
         62:04:60:b1:45:d5:f3:95:e7:4c:f6:dc:b9:33:b5:6c:58:6a:
         34:9a:d9:7f:33:bb:96:86:ea:56:2b:d1:b5:36:9f:a7:44:b0:
         fb:73:7b:ee
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUFzcORi7gS02VbHBZdSkcEcz1NgAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI0MDMxMzAwMDAwMFoX
DTI0MDQxNzIzNTk1OVowejFJMEcGA1UEBRNAN2UxMDIzMjYxMWE3MGQ0NDZiNWNh
NGM2YmFiYzRkZGUzOTQyYjM1NWY4MGY2NmQxOGVlMWQ3YTg5NmQyOTM2YzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/AKqS65tTCBazzY1sRNMRH2BiDz
St0GZpSMDmnRRQGWC0T1oTtdBoUtN2SqMutEI6OPa1cLsTNxYAtSkb953qudTPRV
Sb15F7O2gqbJtWKwu/PQKg4WYCHdTntoEFUnKi2kouIpR/0c/ppFbjMUcZiGwpAZ
9Z+MzCxzPF3eiUBirUSenxLRu8kpODGiUUH2zXLtDyzZe3uFDppIAmyKhSFc1rfO
OAuk95wk5B8r37ICsUXHmouuQ6s34zNs+llxFOB0XGcE4KHWZv7rZTpFe9RmRP5Q
PpbKYaJyT0DcNWJIWbbx0wDTtiRvGp7SHpo8uHPM3DJ/7eXhI4iO31j2nQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFJRm4ggC66PGW3w3O6w18VKSEf2uMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2M0NjM1M2Q2LWY2NmEtNGFjNi1hZWNhLWM4ZjMyMGViZWU5YS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMAn/gwDQYJKoZIhvcNAQELBQADggEBADY9LwZyeYOEsTHSgfedB7CF
xzI5A5UQ7De/F9k3EWIipSQkn+VDjIKsx+wtMHedkiam25lGnP24G/ie4iYmbqSI
9x0tP+VoAqcBbXjQyX8EVWuGWvNPIp09If7iMycgZ3H1JX0HsGqZ7aHoUGRhemK+
qZ4ykwalz3+ahzTDmFoc5WA8bAQCSD12Tvb2pglxN04y+0JUK1ZA3Y/Nke+aHABQ
jiBvUm7i5U7A/cac9eAn6R805mLrnZwoShWHib6HHbUS8M/7WH6kNvJW7ExYXo0Q
ap/Xn50gFWIEYLFF1fOV50z23LkztWxYajSa2X8zu5aG6lYr0bU2n6dEsPtze+4=
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:36:31 2024 by rpki-client on console-fra.rpki-client.org