Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d1333e17-04fe-4e6d-bd71-2a9ac1fe867f.roa
File:                     d1333e17-04fe-4e6d-bd71-2a9ac1fe867f.roa (raw, json)
Hash identifier:          ZKgEnNm25n+9wlyve5FeQLjK2re863GntLvunoHlH8Q=
Subject key identifier:   9E:EB:79:10:0C:22:A5:BC:AE:31:14:AC:08:8B:1A:CC:43:CF:CA:57
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       03963DCE0C7F63D897958B616C15D97DA1DEC60A
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d1333e17-04fe-4e6d-bd71-2a9ac1fe867f.roa
Signing time:             Wed 19 Jun 2024 00:00:00 +0000
ROA not before:           Wed 19 Jun 2024 00:00:00 +0000
ROA not after:            Wed 24 Jul 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        159.248.128.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/manifest.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 24 Jun 2024 00:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:96:3d:ce:0c:7f:63:d8:97:95:8b:61:6c:15:d9:7d:a1:de:c6:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Jun 19 00:00:00 2024 GMT
            Not After : Jul 24 23:59:59 2024 GMT
        Subject: serialNumber=3ee2ce2156ba8c287fc8a2f892fdd218726ef96ef222c40a35425b64c1b9d89f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0b:ae:b1:3a:22:53:e0:a0:d7:de:03:ee:8b:
                    8b:60:58:9b:64:3a:5d:24:85:ee:42:45:1b:8e:ab:
                    ef:ed:78:6b:0e:8e:f6:43:27:37:2b:7d:e8:81:13:
                    4e:65:94:d9:02:e4:c1:60:03:dc:f7:71:de:98:77:
                    6e:92:88:9b:c8:e8:13:ef:5a:07:53:08:b2:a4:87:
                    f4:c2:a1:fb:d6:8c:e7:21:7f:c4:de:e9:b0:78:ff:
                    b3:8d:1f:1b:bb:72:ae:b6:0b:1c:ec:54:3b:ca:78:
                    e6:c9:34:2a:07:35:f6:34:0f:08:21:6c:4c:a9:4c:
                    6c:33:a4:0e:df:bd:32:8e:16:00:cf:43:a0:34:a4:
                    28:ac:e1:a2:51:8d:84:ea:c4:da:e1:82:f5:33:15:
                    86:fa:c6:a1:1a:5b:84:56:1e:44:f7:40:7c:a7:5b:
                    e2:6e:fe:ad:bb:0a:30:6e:2e:9d:3a:4d:9f:69:f7:
                    28:5f:59:77:0b:58:b3:28:f8:26:d3:50:d3:2b:ce:
                    a6:6a:3a:99:6f:2f:72:33:c9:0a:2b:52:d7:fb:4c:
                    b1:6e:55:ba:16:ab:4d:f1:32:be:19:ac:74:40:1f:
                    f6:db:db:89:9f:e6:e1:8d:23:14:c2:51:51:50:fb:
                    b3:58:ea:43:70:2d:0c:52:49:9d:ff:73:4f:22:3b:
                    2f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:EB:79:10:0C:22:A5:BC:AE:31:14:AC:08:8B:1A:CC:43:CF:CA:57
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d1333e17-04fe-4e6d-bd71-2a9ac1fe867f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:17:7e:fa:4a:d3:03:9b:2d:97:08:07:a4:2d:ef:71:bc:06:
         11:20:d3:8b:7c:3c:a5:0c:90:ef:e0:d5:2e:3d:81:68:7f:d7:
         d3:62:36:df:8d:b1:44:7c:8d:99:d2:42:cd:c9:e5:70:1a:ea:
         02:f8:a2:bd:f6:5d:3f:35:d8:60:5d:78:d2:13:d6:14:d1:a9:
         4a:cc:27:86:c3:89:6a:53:97:06:96:29:00:77:f8:79:1c:e9:
         f1:05:8a:80:64:8e:81:73:6b:d2:1b:1e:46:3a:75:05:6c:b4:
         de:ea:9c:ad:5c:42:71:9a:7d:78:e3:39:df:32:84:17:53:8b:
         d0:46:6d:01:36:1c:74:4f:e0:2f:36:fb:52:43:9a:df:63:8d:
         7c:d7:d6:4d:3d:be:7f:61:6b:ca:58:62:90:b3:d8:09:4e:a4:
         d2:4f:88:b5:ca:0f:1b:ed:71:90:68:3d:66:42:2e:19:d2:88:
         8b:89:1c:f2:c4:f0:b2:16:06:d8:27:16:17:2b:3d:ad:56:a6:
         48:e4:e7:9f:d1:3d:75:28:88:ad:f5:3b:a4:1d:66:a6:90:e1:
         22:cb:92:f8:d0:43:a1:a2:98:88:d9:e5:12:f8:a2:a8:8b:8c:
         dc:df:d1:1b:49:d4:70:70:1f:6d:74:0e:ef:38:e2:51:99:e7:
         69:fd:cd:00
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUA5Y9zgx/Y9iXlYthbBXZfaHexgowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI0MDYxOTAwMDAwMFoX
DTI0MDcyNDIzNTk1OVowejFJMEcGA1UEBRNAM2VlMmNlMjE1NmJhOGMyODdmYzhh
MmY4OTJmZGQyMTg3MjZlZjk2ZWYyMjJjNDBhMzU0MjViNjRjMWI5ZDg5ZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQuusToiU+Cg194D7ouLYFibZDpd
JIXuQkUbjqvv7XhrDo72Qyc3K33ogRNOZZTZAuTBYAPc93HemHdukoibyOgT71oH
UwiypIf0wqH71oznIX/E3umweP+zjR8bu3Kutgsc7FQ7ynjmyTQqBzX2NA8IIWxM
qUxsM6QO370yjhYAz0OgNKQorOGiUY2E6sTa4YL1MxWG+sahGluEVh5E90B8p1vi
bv6tuwowbi6dOk2fafcoX1l3C1izKPgm01DTK86majqZby9yM8kKK1LX+0yxblW6
FqtN8TK+Gax0QB/229uJn+bhjSMUwlFRUPuzWOpDcC0MUkmd/3NPIjsvawIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFJ7reRAMIqW8rjEUrAiLGsxDz8pXMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2QxMzMzZTE3LTA0ZmUtNGU2ZC1iZDcxLTJhOWFjMWZlODY3Zi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCn/iAMA0GCSqGSIb3DQEBCwUAA4IBAQBYF376StMDmy2XCAekLe9x
vAYRINOLfDylDJDv4NUuPYFof9fTYjbfjbFEfI2Z0kLNyeVwGuoC+KK99l0/Ndhg
XXjSE9YU0alKzCeGw4lqU5cGlikAd/h5HOnxBYqAZI6Bc2vSGx5GOnUFbLTe6pyt
XEJxmn144znfMoQXU4vQRm0BNhx0T+AvNvtSQ5rfY41819ZNPb5/YWvKWGKQs9gJ
TqTST4i1yg8b7XGQaD1mQi4Z0oiLiRzyxPCyFgbYJxYXKz2tVqZI5Oef0T11KIit
9TukHWamkOEiy5L40EOhopiI2eUS+KKoi4zc39EbSdRwcB9tdA7vOOJRmedp/c0A
-----END CERTIFICATE-----
Generated at Thu Jun 20 01:11:16 2024 by rpki-client on console-fra.rpki-client.org