Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e15fdd3a-f841-48ca-bcbb-730223dd6595.roa
File:                     e15fdd3a-f841-48ca-bcbb-730223dd6595.roa (raw, json)
Hash identifier:          QDB1aTVPVIYk1b7Q/r7RQFd+XFVyGyv+/nnUenaverw=
Subject key identifier:   47:BB:95:4C:04:65:94:65:FB:CA:F9:4B:0E:D8:66:26:A3:58:1A:6A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       088FBC7D8F80CB5E9482930F6D25E0D9E6E8DAAF
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e15fdd3a-f841-48ca-bcbb-730223dd6595.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        103.246.150.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 03:07:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:8f:bc:7d:8f:80:cb:5e:94:82:93:0f:6d:25:e0:d9:e6:e8:da:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=0e6979e1c1a8c519ec7bbf486adfab4351db3663bc858597e77ee5c0d8853beb, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:10:2a:ac:88:36:06:86:8b:86:48:7c:a9:55:
                    ff:49:51:4f:6b:b7:58:96:59:3a:2e:21:c5:7f:02:
                    5f:6c:73:57:3d:38:09:a0:f6:f7:90:a4:76:8f:84:
                    52:39:e4:7f:4f:96:60:59:29:75:9b:86:92:ab:81:
                    da:69:14:5a:18:cf:12:53:59:09:eb:47:c5:8c:42:
                    aa:dd:f9:53:de:76:f3:23:79:33:78:96:5b:f2:58:
                    0d:47:0e:d5:3d:05:25:bf:ee:9c:92:b4:ed:3b:e6:
                    76:5b:9a:08:b3:fb:38:eb:2e:95:a9:fd:bf:88:a7:
                    46:7f:b1:84:54:09:a4:86:d5:6a:ad:28:07:66:00:
                    02:3a:93:e9:06:d4:6f:91:6f:0a:36:ca:2a:7a:d1:
                    27:9f:e0:97:b6:b2:c6:57:cc:17:f1:03:a7:ad:19:
                    9a:19:bc:bb:21:8f:02:84:2c:a3:a2:54:9f:9c:66:
                    96:e7:f4:46:2e:88:d1:fd:96:b0:cd:19:b5:c9:50:
                    ae:d8:a5:f3:66:d5:1d:32:db:11:81:5b:20:56:94:
                    6a:77:69:e6:4a:1c:06:3c:14:d3:05:34:f7:9a:59:
                    45:62:04:5e:e5:5c:cb:39:84:25:24:5e:7c:98:52:
                    1b:81:5a:f1:24:84:8e:02:b8:a9:f7:44:87:8f:fc:
                    5b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:BB:95:4C:04:65:94:65:FB:CA:F9:4B:0E:D8:66:26:A3:58:1A:6A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e15fdd3a-f841-48ca-bcbb-730223dd6595.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.246.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b3:4b:95:a1:e5:14:47:7e:a4:81:21:e4:d2:7e:57:5d:82:90:
         0f:48:2b:d0:2f:8f:39:d1:f4:18:18:e5:c3:6e:df:e6:1c:7a:
         8d:74:88:19:d6:79:2d:59:a5:bd:77:db:a2:11:f6:35:02:21:
         9a:30:e9:6d:32:6a:52:1b:fd:5c:1d:a9:93:60:be:df:05:9e:
         a5:c8:d4:46:a8:ef:80:8d:b4:ae:9a:a3:5d:7f:9a:ed:64:5e:
         8c:b9:17:12:93:93:06:cb:b4:c6:6b:85:87:b8:f4:dd:02:52:
         2a:53:31:e8:5d:db:16:e9:e3:c9:29:a8:be:f9:ba:6f:9f:96:
         26:b3:26:cd:ff:3d:43:08:31:2b:d3:66:df:0f:d0:37:d4:af:
         42:66:1e:5e:be:5c:7a:f1:d3:c5:aa:45:f9:e6:c1:c8:c2:f3:
         98:1d:9c:83:ef:65:b7:48:44:e2:6a:db:a5:21:65:b9:1a:05:
         04:ec:7d:60:59:b0:14:bd:5b:65:f6:b0:a4:93:56:a2:4a:9f:
         78:8e:84:bc:28:16:8f:e7:07:02:66:25:68:39:61:a6:fa:d6:
         ce:d5:0a:c9:ef:08:c1:da:25:08:7a:6f:73:1f:87:10:ce:e8:
         ce:83:0b:a6:16:b5:cb:01:03:53:e1:9f:f3:1c:b6:ce:8c:03:
         fa:5b:f6:b8
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUCI+8fY+Ay16UgpMPbSXg2ebo2q8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTIzMDkxODAwMDAwMFoX
DTIzMTAyMzIzNTk1OVowejFJMEcGA1UEBRNAMGU2OTc5ZTFjMWE4YzUxOWVjN2Ji
ZjQ4NmFkZmFiNDM1MWRiMzY2M2JjODU4NTk3ZTc3ZWU1YzBkODg1M2JlYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBAqrIg2BoaLhkh8qVX/SVFPa7dY
llk6LiHFfwJfbHNXPTgJoPb3kKR2j4RSOeR/T5ZgWSl1m4aSq4HaaRRaGM8SU1kJ
60fFjEKq3flT3nbzI3kzeJZb8lgNRw7VPQUlv+6ckrTtO+Z2W5oIs/s46y6Vqf2/
iKdGf7GEVAmkhtVqrSgHZgACOpPpBtRvkW8KNsoqetEnn+CXtrLGV8wX8QOnrRma
Gby7IY8ChCyjolSfnGaW5/RGLojR/ZawzRm1yVCu2KXzZtUdMtsRgVsgVpRqd2nm
ShwGPBTTBTT3mllFYgRe5VzLOYQlJF58mFIbgVrxJISOArip90SHj/xb1QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFEe7lUwEZZRl+8r5Sw7YZiajWBpqMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2UxNWZkZDNhLWY4NDEtNDhjYS1iY2JiLTczMDIyM2RkNjU5NS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQBZ/aWMA0GCSqGSIb3DQEBCwUAA4IBAQCzS5Wh5RRHfqSBIeTSfldd
gpAPSCvQL4850fQYGOXDbt/mHHqNdIgZ1nktWaW9d9uiEfY1AiGaMOltMmpSG/1c
HamTYL7fBZ6lyNRGqO+AjbSumqNdf5rtZF6MuRcSk5MGy7TGa4WHuPTdAlIqUzHo
XdsW6ePJKai++bpvn5YmsybN/z1DCDEr02bfD9A31K9CZh5evlx68dPFqkX55sHI
wvOYHZyD72W3SETiatulIWW5GgUE7H1gWbAUvVtl9rCkk1aiSp94joS8KBaP5wcC
ZiVoOWGm+tbO1QrJ7wjB2iUIem9zH4cQzujOgwumFrXLAQNT4Z/zHLbOjAP6W/a4
-----END CERTIFICATE-----
Generated at Mon Sep 18 15:24:46 2023 by rpki-client on console-fra.rpki-client.org