Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e05f4504-bb83-4b18-bbd9-8d82e42913d5.roa
File:                     e05f4504-bb83-4b18-bbd9-8d82e42913d5.roa (raw, json)
Hash identifier:          ojvHIh738fStYoZtsRYHuCEEsm2MMuqLSofq17z5Qj8=
Subject key identifier:   07:0A:0A:59:B3:AA:BC:0D:B9:DD:A7:E5:35:32:C9:85:08:D9:53:0C
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       4761C418E58A22E3FDE16A695E16B2D8E6B76B22
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e05f4504-bb83-4b18-bbd9-8d82e42913d5.roa
Signing time:             Tue 25 Jun 2024 00:00:00 +0000
ROA not before:           Tue 25 Jun 2024 00:00:00 +0000
ROA not after:            Tue 30 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        159.248.200.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/manifest.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 19 Jul 2024 15:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:61:c4:18:e5:8a:22:e3:fd:e1:6a:69:5e:16:b2:d8:e6:b7:6b:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Jun 25 00:00:00 2024 GMT
            Not After : Jul 30 23:59:59 2024 GMT
        Subject: serialNumber=393a79c6fdc1f71e84a8c286e0df0388a2144d181898d4c71c445c5b171846f2, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:bd:c9:37:a1:f6:10:6a:16:ef:ed:a7:1e:9f:
                    bd:6c:59:f3:86:5a:c8:7c:34:bd:61:82:70:e2:0c:
                    12:41:aa:46:16:89:49:9b:69:98:3b:9a:50:cc:4c:
                    20:df:af:a2:a5:84:f1:bf:31:da:56:57:7e:62:bf:
                    65:5a:92:7a:f2:1f:2b:3d:3d:da:80:30:dc:c9:18:
                    b9:6d:3f:43:30:db:58:17:91:3b:94:a9:2c:fe:d3:
                    0e:8a:3c:4a:54:d8:3f:52:20:47:de:5a:23:1c:df:
                    cb:af:2c:49:cb:61:1c:42:d4:a8:ef:ec:04:ee:da:
                    87:15:9c:f0:ce:9f:cb:31:12:ea:0a:f5:ca:89:81:
                    cc:3e:1d:32:85:b9:81:ef:65:f8:65:87:6c:b9:fc:
                    56:10:bd:a5:57:8c:3f:39:36:83:8a:66:3e:00:8e:
                    c0:75:d1:dd:b8:a0:55:ec:a4:c7:4a:39:65:40:d7:
                    e8:b0:22:91:54:d6:17:41:d1:2d:a7:f8:e2:94:77:
                    c7:92:2c:ab:c2:d2:1b:ff:41:3c:6f:f8:21:5f:16:
                    66:63:11:3c:3d:9e:7b:5f:cf:ac:bc:18:23:41:21:
                    c5:da:bb:da:25:29:f0:17:dd:f0:d6:fa:1b:cf:26:
                    2f:6a:82:28:f8:73:04:a8:26:da:91:bb:43:d3:1e:
                    6a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:0A:0A:59:B3:AA:BC:0D:B9:DD:A7:E5:35:32:C9:85:08:D9:53:0C
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e05f4504-bb83-4b18-bbd9-8d82e42913d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2a:9c:a4:67:1e:d6:9a:2c:d5:b4:97:f5:a2:73:be:c3:aa:08:
         54:5d:7e:d0:08:e9:75:40:45:b9:f7:db:7d:f4:72:0c:95:f2:
         d8:1a:3a:0c:32:54:b1:c4:63:5c:b2:ee:5d:48:1e:7a:1d:98:
         49:9a:9d:da:68:26:ce:2d:c3:5b:3c:84:72:86:0a:49:0d:88:
         13:78:51:af:78:42:57:e2:00:29:85:73:31:a6:91:ef:c7:5e:
         fd:c8:dd:b0:81:21:db:19:98:74:d0:0a:36:7e:dd:75:c9:9f:
         e3:83:97:6f:ff:3f:73:36:df:4f:a7:d8:83:9b:2d:21:92:dc:
         2b:8f:87:2e:19:65:86:12:9e:b0:2e:3e:e4:6f:1f:7b:c9:9a:
         a7:00:13:f3:33:6c:16:a9:3c:59:7a:67:26:b9:44:df:58:a4:
         84:c3:51:c2:be:dc:df:0a:59:a9:43:db:e8:2a:ec:7f:c2:09:
         4a:0d:05:72:81:18:3a:dc:17:30:84:f9:de:a2:92:be:04:f8:
         63:64:78:1d:9c:ad:d8:d2:07:80:ec:55:ae:02:1f:b5:d4:4c:
         7a:18:c5:c3:ab:d4:92:ea:aa:55:4f:d3:33:db:fe:01:20:75:
         29:85:a3:d5:8e:8c:0c:a4:7f:3a:bc:03:19:3d:2a:62:d9:7b:
         ff:04:20:b2
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUR2HEGOWKIuP94WppXhay2Oa3ayIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI0MDYyNTAwMDAwMFoX
DTI0MDczMDIzNTk1OVowejFJMEcGA1UEBRNAMzkzYTc5YzZmZGMxZjcxZTg0YThj
Mjg2ZTBkZjAzODhhMjE0NGQxODE4OThkNGM3MWM0NDVjNWIxNzE4NDZmMjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1L3JN6H2EGoW7+2nHp+9bFnzhlrI
fDS9YYJw4gwSQapGFolJm2mYO5pQzEwg36+ipYTxvzHaVld+Yr9lWpJ68h8rPT3a
gDDcyRi5bT9DMNtYF5E7lKks/tMOijxKVNg/UiBH3lojHN/LryxJy2EcQtSo7+wE
7tqHFZzwzp/LMRLqCvXKiYHMPh0yhbmB72X4ZYdsufxWEL2lV4w/OTaDimY+AI7A
ddHduKBV7KTHSjllQNfosCKRVNYXQdEtp/jilHfHkiyrwtIb/0E8b/ghXxZmYxE8
PZ57X8+svBgjQSHF2rvaJSnwF93w1vobzyYvaoIo+HMEqCbakbtD0x5qswIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFAcKClmzqrwNud2n5TUyyYUI2VMMMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2UwNWY0NTA0LWJiODMtNGIxOC1iYmQ5LThkODJlNDI5MTNkNS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQDn/jIMA0GCSqGSIb3DQEBCwUAA4IBAQAqnKRnHtaaLNW0l/Wic77D
qghUXX7QCOl1QEW599t99HIMlfLYGjoMMlSxxGNcsu5dSB56HZhJmp3aaCbOLcNb
PIRyhgpJDYgTeFGveEJX4gAphXMxppHvx179yN2wgSHbGZh00Ao2ft11yZ/jg5dv
/z9zNt9Pp9iDmy0hktwrj4cuGWWGEp6wLj7kbx97yZqnABPzM2wWqTxZemcmuUTf
WKSEw1HCvtzfClmpQ9voKux/wglKDQVygRg63BcwhPneopK+BPhjZHgdnK3Y0geA
7FWuAh+11Ex6GMXDq9SS6qpVT9Mz2/4BIHUphaPVjowMpH86vAMZPSpi2Xv/BCCy
-----END CERTIFICATE-----
Generated at Tue Jul 16 02:05:58 2024 by rpki-client on console-fra.rpki-client.org