Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f60efe51-797b-4b40-95ef-52a2e036f36a.roa
File:                     f60efe51-797b-4b40-95ef-52a2e036f36a.roa (raw, json)
Hash identifier:          Ovbbm+iXAkSBC3FR6OBWIHmHEISje+uBF3Y6/6KRkBk=
Subject key identifier:   11:D7:32:7A:1C:82:23:61:10:CA:76:D9:29:48:C6:8F:07:13:81:8A
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       5618000F7E7BAF1E1F5C6B1837A064DE1BD30EF5
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f60efe51-797b-4b40-95ef-52a2e036f36a.roa
Signing time:             Sat 16 Mar 2024 00:00:00 +0000
ROA not before:           Sat 16 Mar 2024 00:00:00 +0000
ROA not after:            Sat 20 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        159.248.240.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/manifest.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 12:04:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:18:00:0f:7e:7b:af:1e:1f:5c:6b:18:37:a0:64:de:1b:d3:0e:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Mar 16 00:00:00 2024 GMT
            Not After : Apr 20 23:59:59 2024 GMT
        Subject: serialNumber=661d205d5302b1a6b754c9ad3737a1ea8eca6eb6ee36a5518f3e621573ce06bf, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:08:72:b9:d4:e8:99:2c:60:07:50:e4:7e:e8:
                    d7:62:87:6b:e6:1f:83:b8:fb:87:09:f5:c9:d5:c8:
                    35:5e:62:f2:3d:90:1e:26:ae:f8:a7:d7:ac:8b:1b:
                    c7:8c:8d:e3:b2:f8:9b:94:bf:92:04:20:8b:86:4c:
                    0d:ea:fd:a0:93:a8:c9:3b:73:d9:86:1c:f3:7a:b1:
                    f0:2c:5e:db:dd:db:1d:13:d8:1f:1d:0e:6c:71:28:
                    9d:d7:16:d4:5c:67:18:3e:5a:91:5e:6f:09:c5:d7:
                    08:ac:aa:dc:9e:d3:c3:9e:be:19:73:76:34:54:74:
                    9c:0d:47:83:47:40:fa:25:10:79:3e:c1:ea:2b:cc:
                    fd:00:ca:c2:69:9a:c8:57:ba:17:8d:ea:ba:0b:0b:
                    53:5d:4c:14:3c:3d:d0:79:67:75:be:21:2a:4f:70:
                    e1:46:fc:f5:a4:8f:ad:c9:e3:60:39:b3:7d:8e:0c:
                    ea:72:8a:d0:92:6a:c5:6a:22:3d:df:4e:0f:91:aa:
                    73:5c:d7:a7:80:82:1e:44:2c:2c:c0:72:80:96:4a:
                    2a:67:15:31:39:80:7a:82:78:2a:6e:ff:e6:54:6b:
                    8c:cd:f5:ee:d2:9d:43:91:20:4c:ff:6a:6f:2a:02:
                    c3:56:cb:59:50:ca:dd:b9:9d:b5:a5:62:da:4b:96:
                    79:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:D7:32:7A:1C:82:23:61:10:CA:76:D9:29:48:C6:8F:07:13:81:8A
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f60efe51-797b-4b40-95ef-52a2e036f36a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         11:18:a2:83:b9:13:c0:b7:fd:7d:08:98:2c:a6:58:8d:47:56:
         63:4b:53:7f:64:7f:f2:96:16:6e:ae:d9:ba:65:8b:f8:f1:5d:
         8f:aa:c1:d0:f3:bf:ae:55:5f:a6:3a:fd:a0:36:6f:5e:a4:6b:
         4c:78:af:08:c1:05:3b:77:5d:6b:12:49:d8:e7:b6:f2:10:1b:
         2b:c1:cf:e6:99:9b:81:ce:3a:19:b2:6a:65:56:3e:df:d3:10:
         48:e7:d6:a6:56:1c:b3:f1:af:d7:4b:23:6f:19:5f:ed:52:d8:
         00:ca:9d:f6:68:0c:7e:f7:c2:6e:9f:03:9b:ba:61:df:07:1b:
         46:00:3f:04:cc:9a:fa:54:ab:b9:0e:f1:2f:ba:0c:e1:68:73:
         a6:3d:ce:c2:d9:ad:4d:ef:0f:5e:cc:78:9d:81:14:83:95:6c:
         8f:53:88:30:ed:49:c5:8a:f4:e9:75:19:c0:84:90:6f:d0:f7:
         b4:32:a6:98:ff:88:00:a0:a4:08:e4:3f:66:88:02:b1:65:01:
         ca:cb:de:5f:72:b0:c0:c4:fc:bc:08:b3:9e:a6:4c:c7:91:b0:
         5c:d9:8f:e7:36:81:9e:fa:64:cc:c2:53:9f:67:a2:fe:12:ea:
         77:61:e0:c8:c2:be:84:14:e1:9b:31:39:9f:c9:83:87:41:73:
         c0:2b:87:9f
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUVhgAD357rx4fXGsYN6Bk3hvTDvUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI0MDMxNjAwMDAwMFoX
DTI0MDQyMDIzNTk1OVowejFJMEcGA1UEBRNANjYxZDIwNWQ1MzAyYjFhNmI3NTRj
OWFkMzczN2ExZWE4ZWNhNmViNmVlMzZhNTUxOGYzZTYyMTU3M2NlMDZiZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtghyudTomSxgB1DkfujXYodr5h+D
uPuHCfXJ1cg1XmLyPZAeJq74p9esixvHjI3jsviblL+SBCCLhkwN6v2gk6jJO3PZ
hhzzerHwLF7b3dsdE9gfHQ5scSid1xbUXGcYPlqRXm8JxdcIrKrcntPDnr4Zc3Y0
VHScDUeDR0D6JRB5PsHqK8z9AMrCaZrIV7oXjeq6CwtTXUwUPD3QeWd1viEqT3Dh
Rvz1pI+tyeNgObN9jgzqcorQkmrFaiI9304PkapzXNengIIeRCwswHKAlkoqZxUx
OYB6gngqbv/mVGuMzfXu0p1DkSBM/2pvKgLDVstZUMrduZ21pWLaS5Z5cwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFBHXMnocgiNhEMp22SlIxo8HE4GKMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Y2MGVmZTUxLTc5N2ItNGI0MC05NWVmLTUyYTJlMDM2ZjM2YS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQDn/jwMA0GCSqGSIb3DQEBCwUAA4IBAQARGKKDuRPAt/19CJgspliN
R1ZjS1N/ZH/ylhZurtm6ZYv48V2PqsHQ87+uVV+mOv2gNm9epGtMeK8IwQU7d11r
EknY57byEBsrwc/mmZuBzjoZsmplVj7f0xBI59amVhyz8a/XSyNvGV/tUtgAyp32
aAx+98JunwObumHfBxtGAD8EzJr6VKu5DvEvugzhaHOmPc7C2a1N7w9ezHidgRSD
lWyPU4gw7UnFivTpdRnAhJBv0Pe0MqaY/4gAoKQI5D9miAKxZQHKy95fcrDAxPy8
CLOepkzHkbBc2Y/nNoGe+mTMwlOfZ6L+Eup3YeDIwr6EFOGbMTmfyYOHQXPAK4ef
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:36:31 2024 by rpki-client on console-fra.rpki-client.org