Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e05f4504-bb83-4b18-bbd9-8d82e42913d5.roa
File:                     e05f4504-bb83-4b18-bbd9-8d82e42913d5.roa (raw, json)
Hash identifier:          O9SfvYO4vB+lxBfPxL020mxkk6tyIGdNYFHnfegfrjc=
Subject key identifier:   5E:9C:C1:BA:D8:4A:BF:73:0D:C0:5A:9B:74:1B:A4:15:5D:54:0E:F7
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       5B31EF95013CF796671931D8CCDB8E6E3DB8F085
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e05f4504-bb83-4b18-bbd9-8d82e42913d5.roa
Signing time:             Fri 22 Sep 2023 00:00:00 +0000
ROA not before:           Fri 22 Sep 2023 00:00:00 +0000
ROA not after:            Fri 27 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        159.248.200.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/manifest.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 23 Sep 2023 12:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:31:ef:95:01:3c:f7:96:67:19:31:d8:cc:db:8e:6e:3d:b8:f0:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Sep 22 00:00:00 2023 GMT
            Not After : Oct 27 23:59:59 2023 GMT
        Subject: serialNumber=3453d4c024fe834017f8dea82429e73848fecdc54373a39273c2edd659d88c8e, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7e:1e:cd:e0:e0:44:94:b0:de:10:37:d6:b5:
                    e9:22:08:4d:d1:1c:33:30:78:50:38:31:3b:9a:d5:
                    f3:f5:72:b7:0c:2a:91:e9:63:2a:ac:8a:7f:03:de:
                    55:6c:7a:33:f4:c4:da:fc:c8:8b:1b:46:32:69:70:
                    ad:83:33:0c:50:40:e9:7f:0e:a5:00:cd:de:c4:b7:
                    12:1c:f0:92:bb:93:fd:d8:92:cc:41:aa:4d:b6:25:
                    e3:ab:21:ac:7a:99:93:a7:a6:c6:94:ff:57:e7:fb:
                    d4:86:b5:1e:a5:22:b4:55:c4:06:e6:77:9d:6f:7e:
                    24:8d:bc:83:26:1e:cf:93:02:da:4d:7d:29:22:06:
                    91:13:df:37:83:7b:b0:7a:e4:62:d2:d4:5e:b5:8f:
                    2f:fb:c3:9e:ab:b9:a8:5d:47:8d:bf:65:3c:46:23:
                    67:29:00:83:b1:7b:73:50:e7:5f:f3:e5:7b:68:a9:
                    59:04:1a:e0:4c:18:28:20:86:7a:6d:17:e6:06:92:
                    0b:dd:0c:35:be:93:3f:a9:8f:66:40:de:61:5d:1a:
                    d0:7c:a8:75:ce:fb:d9:c8:b1:4d:c2:50:bb:37:d8:
                    98:b0:07:fa:86:87:ba:f1:77:21:ac:99:9e:c3:43:
                    f8:61:90:bf:5b:5c:8f:6b:90:db:eb:51:14:03:4f:
                    a7:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:9C:C1:BA:D8:4A:BF:73:0D:C0:5A:9B:74:1B:A4:15:5D:54:0E:F7
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e05f4504-bb83-4b18-bbd9-8d82e42913d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         90:e2:61:10:f4:70:f9:7b:d0:d4:db:bd:1d:a5:6b:f1:18:6a:
         cf:16:ea:a2:f6:2f:0a:34:fa:e7:2f:97:18:49:94:a6:4b:f4:
         a6:63:c5:a9:8d:21:df:c7:44:65:12:e2:c7:86:18:9f:12:72:
         67:64:43:71:27:80:c5:55:44:f6:6c:c4:fa:93:f5:c7:37:77:
         a8:52:51:ba:6c:3c:08:96:83:7a:e1:fd:7e:18:76:57:55:26:
         60:3f:d6:0a:a3:e5:cd:b2:2b:1b:e1:7a:d7:43:5e:b9:65:e4:
         e8:9e:b7:b4:aa:ce:9d:5c:b8:d3:03:c3:60:a8:99:f7:66:eb:
         2e:13:1c:2b:74:d1:1a:c0:23:e4:fd:ed:dc:e9:92:30:77:06:
         fc:e8:76:e8:f5:f7:c0:f2:2c:98:0d:0f:c8:5a:ea:d4:54:b5:
         dd:8e:9a:a4:3b:5f:74:4f:af:4a:89:6a:43:f9:07:1b:52:72:
         39:e2:73:d5:78:4c:ce:11:f4:e9:28:f5:ea:8c:35:d4:8d:6c:
         fd:33:6f:20:09:1a:8b:f7:84:65:ee:29:43:11:ee:e4:0a:aa:
         44:bc:d1:65:a9:09:50:f7:fd:6d:74:bf:7f:df:fa:30:0f:20:
         af:f4:20:39:a3:fa:50:e8:fb:71:a6:08:ca:25:97:70:26:40:
         bc:7e:17:f7
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUWzHvlQE895ZnGTHYzNuObj248IUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTIzMDkyMjAwMDAwMFoX
DTIzMTAyNzIzNTk1OVowejFJMEcGA1UEBRNAMzQ1M2Q0YzAyNGZlODM0MDE3Zjhk
ZWE4MjQyOWU3Mzg0OGZlY2RjNTQzNzNhMzkyNzNjMmVkZDY1OWQ4OGM4ZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvn4ezeDgRJSw3hA31rXpIghN0Rwz
MHhQODE7mtXz9XK3DCqR6WMqrIp/A95VbHoz9MTa/MiLG0YyaXCtgzMMUEDpfw6l
AM3exLcSHPCSu5P92JLMQapNtiXjqyGsepmTp6bGlP9X5/vUhrUepSK0VcQG5ned
b34kjbyDJh7PkwLaTX0pIgaRE983g3uweuRi0tRetY8v+8Oeq7moXUeNv2U8RiNn
KQCDsXtzUOdf8+V7aKlZBBrgTBgoIIZ6bRfmBpIL3Qw1vpM/qY9mQN5hXRrQfKh1
zvvZyLFNwlC7N9iYsAf6hoe68XchrJmew0P4YZC/W1yPa5Db61EUA0+n2wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFF6cwbrYSr9zDcBam3QbpBVdVA73MB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2UwNWY0NTA0LWJiODMtNGIxOC1iYmQ5LThkODJlNDI5MTNkNS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQDn/jIMA0GCSqGSIb3DQEBCwUAA4IBAQCQ4mEQ9HD5e9DU270dpWvx
GGrPFuqi9i8KNPrnL5cYSZSmS/SmY8WpjSHfx0RlEuLHhhifEnJnZENxJ4DFVUT2
bMT6k/XHN3eoUlG6bDwIloN64f1+GHZXVSZgP9YKo+XNsisb4XrXQ165ZeTonre0
qs6dXLjTA8NgqJn3ZusuExwrdNEawCPk/e3c6ZIwdwb86Hbo9ffA8iyYDQ/IWurU
VLXdjpqkO190T69KiWpD+QcbUnI54nPVeEzOEfTpKPXqjDXUjWz9M28gCRqL94Rl
7ilDEe7kCqpEvNFlqQlQ9/1tdL9/3/owDyCv9CA5o/pQ6PtxpgjKJZdwJkC8fhf3
-----END CERTIFICATE-----
Generated at Fri Sep 22 00:27:51 2023 by rpki-client on console-ams.rpki-client.org