Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d18856ee-503c-4c21-86dd-30078f2c3aee.roa
File:                     d18856ee-503c-4c21-86dd-30078f2c3aee.roa (raw, json)
Hash identifier:          981mqBRvAech2v5+kidYWld3/u0n8hsGc1nNlIhXhp4=
Subject key identifier:   C9:F4:8E:38:6F:B8:7B:A1:B2:27:20:A3:6D:58:C3:22:97:8B:82:98
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       68A59E93D541AD5417ABDDA325D4BC96E66CFD14
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d18856ee-503c-4c21-86dd-30078f2c3aee.roa
Signing time:             Sat 22 Jun 2024 00:00:00 +0000
ROA not before:           Sat 22 Jun 2024 00:00:00 +0000
ROA not after:            Sat 27 Jul 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        43.208.0.0/13 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 29 Jun 2024 00:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:a5:9e:93:d5:41:ad:54:17:ab:dd:a3:25:d4:bc:96:e6:6c:fd:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 22 00:00:00 2024 GMT
            Not After : Jul 27 23:59:59 2024 GMT
        Subject: serialNumber=e9505ee2e32c5463e846f6107d9eaaf66438bf78cacafc6e2e812163d8cfdf01, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f2:5e:da:9c:b0:7a:ab:f3:e5:59:69:d0:4d:
                    1b:a8:5b:bc:65:02:72:6a:18:17:f9:75:03:63:c6:
                    29:8a:70:fd:5e:0a:4f:8e:ee:20:f7:2b:20:21:52:
                    23:f1:23:12:a2:51:60:0e:ec:c5:c5:74:e1:37:4f:
                    fe:9a:d1:30:88:53:e7:03:36:ba:2a:f9:3f:7d:8f:
                    12:12:2a:f1:1a:cb:66:83:b7:5c:af:0d:6c:52:8a:
                    57:f0:bc:05:7f:d6:5a:65:b0:80:df:5e:6a:f9:95:
                    31:f2:e6:fb:bd:8c:ae:c3:fe:a9:3d:da:aa:5f:6c:
                    37:1e:dc:d2:18:04:fd:7b:4c:c1:3c:7f:5a:ec:d3:
                    78:80:d4:af:f5:f7:42:bd:12:24:c6:0b:b6:63:08:
                    b1:6e:9e:70:d4:11:15:c4:d0:f4:52:d9:3d:e6:8d:
                    44:22:91:14:d3:4b:e5:22:77:26:4a:ec:d6:d9:0c:
                    35:bc:c9:71:69:6b:af:8f:08:b9:13:5c:c2:fe:67:
                    6f:3e:78:24:ed:24:a9:10:65:a4:cf:a0:1e:3d:af:
                    ea:4b:2f:be:de:40:d9:0d:ca:af:97:a8:f4:97:7a:
                    42:ca:9f:ea:6a:41:97:a6:8b:a6:5e:a6:ab:fe:9a:
                    c6:13:00:b6:fc:5c:48:ec:f3:0c:cb:ba:f6:e5:c9:
                    f6:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:F4:8E:38:6F:B8:7B:A1:B2:27:20:A3:6D:58:C3:22:97:8B:82:98
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d18856ee-503c-4c21-86dd-30078f2c3aee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.208.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         78:47:3f:27:9d:61:ab:f4:52:9e:8b:fd:42:e6:36:09:75:6e:
         64:4c:33:65:3e:20:bf:07:9c:2e:49:f8:e7:b8:7e:b8:46:bc:
         40:ba:94:6e:89:5a:70:41:aa:d9:43:67:9c:cf:e4:4d:cc:27:
         43:37:2b:4b:07:20:c1:89:36:96:08:40:03:89:54:05:27:d6:
         91:5c:d9:b9:d9:0c:3a:ab:2b:37:4a:77:3d:47:59:cd:f6:34:
         5a:1a:bb:e0:45:a6:78:a6:fd:16:16:7c:4f:b4:b1:2c:8d:7e:
         21:60:7f:34:da:e7:13:f1:e4:64:25:42:a8:84:e6:9e:b2:8f:
         27:90:fe:9c:da:0d:c3:cd:df:65:9e:fa:56:a9:7c:57:0c:6d:
         a8:74:23:10:c3:1a:da:a6:05:09:06:2f:bb:69:50:6b:17:b3:
         0a:fb:ed:06:be:6b:d3:2f:01:0e:a8:9d:c6:11:ac:49:f8:70:
         35:fd:b6:bc:6f:4a:57:10:3a:e2:a6:73:b7:e0:cb:b6:85:e5:
         27:83:98:e2:cb:f2:1e:5c:bf:33:27:2c:f9:59:b0:26:ce:7d:
         92:33:c7:55:b4:ba:8e:60:8b:bb:00:13:45:79:82:86:e5:05:
         59:70:2c:ab:08:72:b0:f1:7c:79:97:1c:79:30:e9:8b:1a:2f:
         6e:56:45:7d
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUaKWek9VBrVQXq92jJdS8luZs/RQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMjAwMDAwMFoX
DTI0MDcyNzIzNTk1OVowejFJMEcGA1UEBRNAZTk1MDVlZTJlMzJjNTQ2M2U4NDZm
NjEwN2Q5ZWFhZjY2NDM4YmY3OGNhY2FmYzZlMmU4MTIxNjNkOGNmZGYwMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfJe2pyweqvz5Vlp0E0bqFu8ZQJy
ahgX+XUDY8YpinD9XgpPju4g9ysgIVIj8SMSolFgDuzFxXThN0/+mtEwiFPnAza6
Kvk/fY8SEirxGstmg7dcrw1sUopX8LwFf9ZaZbCA315q+ZUx8ub7vYyuw/6pPdqq
X2w3HtzSGAT9e0zBPH9a7NN4gNSv9fdCvRIkxgu2Ywixbp5w1BEVxND0Utk95o1E
IpEU00vlIncmSuzW2Qw1vMlxaWuvjwi5E1zC/mdvPngk7SSpEGWkz6AePa/qSy++
3kDZDcqvl6j0l3pCyp/qakGXpoumXqar/prGEwC2/FxI7PMMy7r25cn2QwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFMn0jjhvuHuhsicgo21YwyKXi4KYMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2QxODg1NmVlLTUwM2MtNGMyMS04NmRkLTMwMDc4ZjJjM2FlZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMDK9AwDQYJKoZIhvcNAQELBQADggEBAHhHPyedYav0Up6L/ULmNgl1
bmRMM2U+IL8HnC5J+Oe4frhGvEC6lG6JWnBBqtlDZ5zP5E3MJ0M3K0sHIMGJNpYI
QAOJVAUn1pFc2bnZDDqrKzdKdz1HWc32NFoau+BFpnim/RYWfE+0sSyNfiFgfzTa
5xPx5GQlQqiE5p6yjyeQ/pzaDcPN32We+lapfFcMbah0IxDDGtqmBQkGL7tpUGsX
swr77Qa+a9MvAQ6oncYRrEn4cDX9trxvSlcQOuKmc7fgy7aF5SeDmOLL8h5cvzMn
LPlZsCbOfZIzx1W0uo5gi7sAE0V5goblBVlwLKsIcrDxfHmXHHkw6YsaL25WRX0=
-----END CERTIFICATE-----
Generated at Tue Jun 25 00:53:11 2024 by rpki-client on console-ams.rpki-client.org