Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/df93f29a-3b81-476a-8435-a32bae736189.roa
File:                     df93f29a-3b81-476a-8435-a32bae736189.roa (raw, json)
Hash identifier:          bxgodf3w1h7RS+wC93bZHRBC4rTN0FpPIejQvPRQtqM=
Subject key identifier:   66:97:4A:5A:B4:C9:FC:63:B6:EB:60:F6:0C:97:71:A8:20:8D:70:03
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       43A8ECEB71E18B22417FCC69F1A82D4B7F4E95D4
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/df93f29a-3b81-476a-8435-a32bae736189.roa
Signing time:             Sat 22 Jun 2024 00:00:00 +0000
ROA not before:           Sat 22 Jun 2024 00:00:00 +0000
ROA not after:            Sat 27 Jul 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        43.249.44.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 29 Jun 2024 00:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:a8:ec:eb:71:e1:8b:22:41:7f:cc:69:f1:a8:2d:4b:7f:4e:95:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jun 22 00:00:00 2024 GMT
            Not After : Jul 27 23:59:59 2024 GMT
        Subject: serialNumber=be6005669755a12e0bcebd777496a9e39bdbd52206332f86b2874b915851893f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:6e:c6:55:69:b4:7b:43:87:05:f4:18:40:d3:
                    23:a0:2c:c6:d7:9a:96:ae:6c:c5:9e:70:36:ba:22:
                    24:1c:bb:0f:46:12:4e:76:25:c4:22:b4:51:7e:59:
                    b4:2a:df:0c:92:06:6b:8e:76:60:de:e4:38:21:82:
                    d7:eb:21:32:8b:31:91:77:20:fb:a0:b9:e6:a9:44:
                    e4:31:af:07:0e:ac:5f:c7:11:c9:44:d3:f4:48:85:
                    f2:1f:69:00:ba:2d:ba:31:01:8d:c2:9b:5a:74:70:
                    8e:b6:11:32:34:d4:91:84:7c:da:a0:54:54:e3:05:
                    f9:40:2a:ce:bd:2a:86:cf:25:9d:a5:a7:1d:62:c1:
                    7c:ef:d5:54:df:e7:62:45:9d:9d:ce:61:9c:ed:86:
                    10:04:c8:99:00:b2:b8:2f:6c:cc:08:50:e3:dc:76:
                    99:c4:db:98:69:f7:89:34:f1:21:95:00:09:01:9c:
                    0b:07:70:61:78:16:6e:55:b8:06:f1:3a:c9:d6:2f:
                    8b:e1:5d:7e:fd:57:48:cb:51:e0:fc:84:b9:64:70:
                    41:e0:72:ff:ca:77:26:84:1a:ec:9f:6d:47:1d:16:
                    e0:30:3f:ea:7b:8b:fe:df:d6:74:1e:be:ef:2f:f0:
                    15:2b:3c:e6:c1:5a:a9:e6:58:d3:b2:84:ab:94:05:
                    38:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:97:4A:5A:B4:C9:FC:63:B6:EB:60:F6:0C:97:71:A8:20:8D:70:03
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/df93f29a-3b81-476a-8435-a32bae736189.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.249.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:ad:f7:fe:31:5a:e2:08:81:0e:98:4f:44:71:42:06:8f:ac:
         bb:71:0a:99:65:7f:6c:04:60:c8:dc:c6:ae:6e:e3:ae:75:3e:
         d3:a1:78:27:2e:6c:ad:d2:ca:31:86:13:8c:f6:e3:57:31:e6:
         75:2c:de:51:39:9c:61:60:8a:b9:98:3a:73:61:c5:72:0b:a4:
         9a:a6:ff:6c:7d:86:b0:2b:c8:f6:86:ca:30:c9:1e:01:e2:3e:
         55:2f:99:07:b8:b8:40:f6:36:83:e6:b4:98:33:25:ba:18:22:
         5a:99:ac:1e:67:d3:89:3e:b4:b7:1d:5e:dc:c8:ce:fd:12:49:
         c1:c1:a9:92:76:5d:82:f0:4c:d8:8a:cf:e4:06:f9:a7:6e:32:
         e8:18:25:d9:b7:1d:15:2e:14:a3:e1:81:db:43:ac:f9:9a:e6:
         88:f2:79:51:3a:76:29:ab:73:07:e9:0e:36:53:a6:a1:9f:87:
         b6:c1:60:57:6d:f0:42:76:da:ad:2f:86:bd:a1:0c:48:1c:d4:
         1c:c4:6a:fa:f7:17:9c:18:56:95:21:67:3e:f9:2f:7d:08:2d:
         4b:f3:43:5d:9d:fd:7b:0a:33:47:b2:5c:62:ae:a7:66:4a:09:
         9c:24:a7:9a:73:26:ce:d9:79:7a:ff:0f:60:68:a1:38:db:65:
         d9:ea:a9:5c
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUQ6js63HhiyJBf8xp8agtS39OldQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDYyMjAwMDAwMFoX
DTI0MDcyNzIzNTk1OVowejFJMEcGA1UEBRNAYmU2MDA1NjY5NzU1YTEyZTBiY2Vi
ZDc3NzQ5NmE5ZTM5YmRiZDUyMjA2MzMyZjg2YjI4NzRiOTE1ODUxODkzZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2W7GVWm0e0OHBfQYQNMjoCzG15qW
rmzFnnA2uiIkHLsPRhJOdiXEIrRRflm0Kt8MkgZrjnZg3uQ4IYLX6yEyizGRdyD7
oLnmqUTkMa8HDqxfxxHJRNP0SIXyH2kAui26MQGNwptadHCOthEyNNSRhHzaoFRU
4wX5QCrOvSqGzyWdpacdYsF879VU3+diRZ2dzmGc7YYQBMiZALK4L2zMCFDj3HaZ
xNuYafeJNPEhlQAJAZwLB3BheBZuVbgG8TrJ1i+L4V1+/VdIy1Hg/IS5ZHBB4HL/
yncmhBrsn21HHRbgMD/qe4v+39Z0Hr7vL/AVKzzmwVqp5ljTsoSrlAU4vQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFGaXSlq0yfxjtutg9gyXcaggjXADMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2RmOTNmMjlhLTNiODEtNDc2YS04NDM1LWEzMmJhZTczNjE4OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCK/ksMA0GCSqGSIb3DQEBCwUAA4IBAQAzrff+MVriCIEOmE9EcUIG
j6y7cQqZZX9sBGDI3MaubuOudT7ToXgnLmyt0soxhhOM9uNXMeZ1LN5ROZxhYIq5
mDpzYcVyC6Sapv9sfYawK8j2hsowyR4B4j5VL5kHuLhA9jaD5rSYMyW6GCJamawe
Z9OJPrS3HV7cyM79EknBwamSdl2C8EzYis/kBvmnbjLoGCXZtx0VLhSj4YHbQ6z5
muaI8nlROnYpq3MH6Q42U6ahn4e2wWBXbfBCdtqtL4a9oQxIHNQcxGr69xecGFaV
IWc++S99CC1L80Ndnf17CjNHslxirqdmSgmcJKeacybO2Xl6/w9gaKE422XZ6qlc
-----END CERTIFICATE-----
Generated at Tue Jun 25 02:50:51 2024 by rpki-client on console-fra.rpki-client.org