Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ead4ddb0-c257-495f-afa7-48a907cd2857.roa
File:                     ead4ddb0-c257-495f-afa7-48a907cd2857.roa (raw, json)
Hash identifier:          T5Q5fvwkJ0iZCkXfLNfSUwElXkX3ttTmcTnOXY1uShI=
Subject key identifier:   0B:B3:B7:3D:CE:C2:BA:A3:DF:11:10:61:9C:31:54:E6:92:2F:16:46
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3CF78B100F7CFEE5AE7358301DC66425010088EC
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ead4ddb0-c257-495f-afa7-48a907cd2857.roa
Signing time:             Tue 16 Jul 2024 00:00:00 +0000
ROA not before:           Tue 16 Jul 2024 00:00:00 +0000
ROA not after:            Tue 20 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        43.249.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 19 Jul 2024 23:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:f7:8b:10:0f:7c:fe:e5:ae:73:58:30:1d:c6:64:25:01:00:88:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 16 00:00:00 2024 GMT
            Not After : Aug 20 23:59:59 2024 GMT
        Subject: serialNumber=82785083568618b50a83cffbbe3b98b7dee7553f1e688257edb989804196efd4, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:0b:bf:25:20:ed:bd:e4:10:4b:f1:84:41:a3:
                    3b:93:21:f3:fe:5f:01:07:20:e5:f7:45:2a:b9:f1:
                    4b:49:ec:af:97:6f:17:f4:a5:bb:78:1b:a9:f7:3f:
                    b0:0f:94:0e:c3:8f:4e:7f:fb:e7:ad:20:10:72:b4:
                    8d:0d:53:47:44:52:1f:31:b7:7c:50:d5:12:ac:cd:
                    c2:84:05:34:73:33:56:16:41:5a:48:9a:9d:d4:d7:
                    ba:57:5b:eb:6a:8e:90:99:f6:8f:ee:a1:d2:fc:e3:
                    61:f7:78:15:11:0b:6e:c0:49:48:29:7b:54:f6:85:
                    3d:cd:dc:d5:4c:f2:28:36:e1:23:87:3f:39:b6:4b:
                    c3:d1:dc:45:4c:a0:11:f5:80:93:12:06:3f:91:6f:
                    86:8e:8c:bb:77:b1:20:f3:b5:35:57:76:22:cf:5f:
                    f8:1a:f4:39:ba:19:31:bd:24:15:29:0b:de:19:80:
                    18:a6:79:b3:41:a9:41:5a:b8:4c:4f:a9:3a:9e:d9:
                    7a:aa:a2:bb:5d:50:33:ed:85:ba:b4:ec:2a:4a:52:
                    87:d0:79:f3:68:0f:4c:3f:94:01:96:e8:e5:89:65:
                    44:bd:38:d4:cd:00:34:d6:84:04:5f:78:a1:10:d2:
                    8c:31:df:84:65:2b:5c:99:a0:8f:1b:b5:ea:35:cf:
                    a0:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:B3:B7:3D:CE:C2:BA:A3:DF:11:10:61:9C:31:54:E6:92:2F:16:46
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ead4ddb0-c257-495f-afa7-48a907cd2857.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.249.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:5e:1b:21:be:49:91:4f:49:bc:4d:8c:28:07:e9:c5:1c:68:
         80:76:13:9c:64:0f:e0:fb:c2:60:12:14:c8:7d:d0:5d:86:ee:
         dd:19:e7:87:e9:f4:ee:a3:cf:9a:02:e1:0c:2c:36:4b:8c:d5:
         c7:3d:0d:84:b5:ed:6b:39:dc:0a:76:8a:8d:d1:bd:e7:dd:0c:
         95:f1:61:ce:33:0f:0e:b4:1f:6d:8d:ee:16:e4:46:b3:15:3e:
         81:4d:3c:11:d4:ac:18:82:25:05:a4:13:c5:f0:3c:13:35:5a:
         79:1e:4f:04:5e:a3:11:fb:bb:c2:ff:16:a0:55:03:8f:38:5a:
         2d:27:94:76:35:65:6e:a2:0b:61:23:ff:4a:70:5e:fb:c7:67:
         94:01:2b:ae:e5:bb:ee:8b:d2:3c:5f:fd:a0:bc:bd:3a:ed:8e:
         50:c8:8e:30:f3:26:f8:80:99:38:f1:41:46:f1:01:4d:18:79:
         f7:2d:64:3e:c7:63:5f:fe:a9:f3:15:d4:de:7a:63:1a:1b:60:
         06:0f:f8:ea:03:bb:67:2b:ce:01:fa:3f:f0:57:de:cd:9b:33:
         c7:ed:50:39:09:7b:c5:71:ab:0b:f7:39:fb:2b:5d:d9:5f:86:
         77:18:93:14:2a:08:b0:41:a4:fc:fa:ab:76:18:fa:70:e2:f5:
         1f:b8:dd:34
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUPPeLEA98/uWuc1gwHcZkJQEAiOwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MDcxNjAwMDAwMFoX
DTI0MDgyMDIzNTk1OVowejFJMEcGA1UEBRNAODI3ODUwODM1Njg2MThiNTBhODNj
ZmZiYmUzYjk4YjdkZWU3NTUzZjFlNjg4MjU3ZWRiOTg5ODA0MTk2ZWZkNDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQu/JSDtveQQS/GEQaM7kyHz/l8B
ByDl90UqufFLSeyvl28X9KW7eBup9z+wD5QOw49Of/vnrSAQcrSNDVNHRFIfMbd8
UNUSrM3ChAU0czNWFkFaSJqd1Ne6V1vrao6QmfaP7qHS/ONh93gVEQtuwElIKXtU
9oU9zdzVTPIoNuEjhz85tkvD0dxFTKAR9YCTEgY/kW+Gjoy7d7Eg87U1V3Yiz1/4
GvQ5uhkxvSQVKQveGYAYpnmzQalBWrhMT6k6ntl6qqK7XVAz7YW6tOwqSlKH0Hnz
aA9MP5QBlujliWVEvTjUzQA01oQEX3ihENKMMd+EZStcmaCPG7XqNc+g9wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFAuztz3Owrqj3xEQYZwxVOaSLxZGMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2VhZDRkZGIwLWMyNTctNDk1Zi1hZmE3LTQ4YTkwN2NkMjg1Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAK/kuMA0GCSqGSIb3DQEBCwUAA4IBAQBSXhshvkmRT0m8TYwoB+nF
HGiAdhOcZA/g+8JgEhTIfdBdhu7dGeeH6fTuo8+aAuEMLDZLjNXHPQ2Ete1rOdwK
doqN0b3n3QyV8WHOMw8OtB9tje4W5EazFT6BTTwR1KwYgiUFpBPF8DwTNVp5Hk8E
XqMR+7vC/xagVQOPOFotJ5R2NWVuogthI/9KcF77x2eUASuu5bvui9I8X/2gvL06
7Y5QyI4w8yb4gJk48UFG8QFNGHn3LWQ+x2Nf/qnzFdTeemMaG2AGD/jqA7tnK84B
+j/wV97NmzPH7VA5CXvFcasL9zn7K13ZX4Z3GJMUKgiwQaT8+qt2GPpw4vUfuN00
-----END CERTIFICATE-----
Generated at Tue Jul 16 02:05:58 2024 by rpki-client on console-fra.rpki-client.org