Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f60efe51-797b-4b40-95ef-52a2e036f36a.roa
File:                     f60efe51-797b-4b40-95ef-52a2e036f36a.roa (raw, json)
Hash identifier:          VDlc1x2/hToF+SN5AgyYo8LaOCZcdKnezQBr5xyO1uQ=
Subject key identifier:   33:38:FC:05:27:48:A2:CD:14:87:6E:26:D2:48:5C:D0:71:EA:EE:0B
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       6F911EB8575F6498EB931EA110E2FD5D496517AA
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f60efe51-797b-4b40-95ef-52a2e036f36a.roa
Signing time:             Tue 25 Jun 2024 00:00:00 +0000
ROA not before:           Tue 25 Jun 2024 00:00:00 +0000
ROA not after:            Tue 30 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        159.248.240.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/manifest.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 21 Jul 2024 00:10:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:91:1e:b8:57:5f:64:98:eb:93:1e:a1:10:e2:fd:5d:49:65:17:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Jun 25 00:00:00 2024 GMT
            Not After : Jul 30 23:59:59 2024 GMT
        Subject: serialNumber=d3471d9c565914293a8dc4ccd3118bfb742de6222fe7477a959a5f4aa4baf654, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f6:4d:40:99:4f:44:45:e1:11:c0:10:11:3f:
                    b7:11:2b:0b:ee:30:73:fb:92:0a:36:79:b5:6c:2d:
                    0b:6b:ce:57:7f:e5:76:51:d6:d5:cf:a8:a4:8f:5b:
                    74:fa:f9:27:24:2b:b7:b7:40:da:50:4e:7e:f7:27:
                    5c:59:ee:ed:67:e8:a1:21:65:28:4e:19:a7:97:cb:
                    ae:02:9e:92:74:e7:b0:f7:bb:bc:32:1d:4c:a2:cb:
                    f2:5e:fd:92:8b:83:36:04:12:71:ac:58:9c:76:0c:
                    74:e0:d7:4e:6f:d7:c9:cb:8c:41:48:2f:f7:58:c9:
                    40:66:0a:72:9a:7c:a0:5e:df:92:03:4c:8d:71:36:
                    62:5b:31:80:96:a9:79:e3:d1:82:0c:52:71:7d:99:
                    cd:bd:cb:9e:a8:26:0b:3c:b6:ae:5e:ce:8b:e2:14:
                    78:7e:be:ec:71:8b:5a:91:0f:41:4e:ba:40:c5:50:
                    19:0f:b5:b6:cd:56:7a:1c:22:3f:d5:6a:bd:4b:94:
                    44:e6:4f:09:8b:3e:94:e4:62:0c:bc:f2:bf:84:cd:
                    e0:f0:0d:95:cb:81:0f:7c:d0:c2:8f:56:a4:74:69:
                    d6:85:3f:a0:79:2b:13:a2:34:d2:be:fd:5a:f1:e9:
                    c4:e4:48:b3:70:45:fa:35:f6:18:3f:c9:e8:47:bd:
                    b8:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:38:FC:05:27:48:A2:CD:14:87:6E:26:D2:48:5C:D0:71:EA:EE:0B
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f60efe51-797b-4b40-95ef-52a2e036f36a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         77:43:72:75:cf:1c:7c:2f:6b:80:17:af:c1:b7:f7:98:6c:e6:
         f5:63:80:7d:9a:72:32:bc:b2:0a:14:22:85:bb:d6:13:8b:b2:
         bf:9b:10:25:c7:d7:65:da:cc:f1:d0:e6:89:88:1a:7d:06:fb:
         e6:e7:96:c8:96:f2:1b:11:2c:a7:ba:f5:2e:ea:d6:6d:60:83:
         45:e4:23:ff:07:a5:3b:38:56:b2:8f:5c:e2:de:72:80:5b:ae:
         82:55:92:65:2f:24:88:05:72:0f:13:ed:96:58:e4:be:d6:f2:
         c2:50:44:74:4a:6b:29:01:d8:83:fe:f1:be:bd:aa:88:5c:ba:
         39:89:c8:0b:ac:b5:bd:86:e3:b9:ab:cb:d6:53:35:b4:e3:c2:
         a0:77:34:16:1d:fe:6b:ec:b7:59:d7:e2:50:14:ae:7f:2b:f6:
         2e:86:7c:2e:82:67:7f:a0:c6:0e:cb:33:1d:ab:70:78:d6:6d:
         98:a3:d3:7f:4b:db:21:4c:85:e4:6b:73:8d:95:6d:a1:d9:da:
         60:ae:5c:ce:40:30:fb:7d:7a:cb:b3:44:cb:c4:10:c8:76:6c:
         73:a3:f2:6f:1a:f9:89:94:77:a9:2c:5b:4f:71:71:94:e4:c2:
         21:4c:f7:0d:32:af:3c:51:8a:a9:e4:da:af:fa:a8:31:98:ec:
         7c:15:14:1c
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUb5EeuFdfZJjrkx6hEOL9XUllF6owDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI0MDYyNTAwMDAwMFoX
DTI0MDczMDIzNTk1OVowejFJMEcGA1UEBRNAZDM0NzFkOWM1NjU5MTQyOTNhOGRj
NGNjZDMxMThiZmI3NDJkZTYyMjJmZTc0NzdhOTU5YTVmNGFhNGJhZjY1NDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPZNQJlPREXhEcAQET+3ESsL7jBz
+5IKNnm1bC0La85Xf+V2UdbVz6ikj1t0+vknJCu3t0DaUE5+9ydcWe7tZ+ihIWUo
Thmnl8uuAp6SdOew97u8Mh1MosvyXv2Si4M2BBJxrFicdgx04NdOb9fJy4xBSC/3
WMlAZgpymnygXt+SA0yNcTZiWzGAlql549GCDFJxfZnNvcueqCYLPLauXs6L4hR4
fr7scYtakQ9BTrpAxVAZD7W2zVZ6HCI/1Wq9S5RE5k8Jiz6U5GIMvPK/hM3g8A2V
y4EPfNDCj1akdGnWhT+geSsTojTSvv1a8enE5EizcEX6NfYYP8noR724SwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFDM4/AUnSKLNFIduJtJIXNBx6u4LMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Y2MGVmZTUxLTc5N2ItNGI0MC05NWVmLTUyYTJlMDM2ZjM2YS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQDn/jwMA0GCSqGSIb3DQEBCwUAA4IBAQB3Q3J1zxx8L2uAF6/Bt/eY
bOb1Y4B9mnIyvLIKFCKFu9YTi7K/mxAlx9dl2szx0OaJiBp9Bvvm55bIlvIbESyn
uvUu6tZtYINF5CP/B6U7OFayj1zi3nKAW66CVZJlLySIBXIPE+2WWOS+1vLCUER0
SmspAdiD/vG+vaqIXLo5icgLrLW9huO5q8vWUzW048KgdzQWHf5r7LdZ1+JQFK5/
K/Yuhnwugmd/oMYOyzMdq3B41m2Yo9N/S9shTIXka3ONlW2h2dpgrlzOQDD7fXrL
s0TLxBDIdmxzo/JvGvmJlHepLFtPcXGU5MIhTPcNMq88UYqp5Nqv+qgxmOx8FRQc
-----END CERTIFICATE-----
Generated at Wed Jul 17 01:22:47 2024 by rpki-client on console-fra.rpki-client.org