Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/53444f16-12b0-454c-a0a2-d187f20f7db6.roa
File:                     53444f16-12b0-454c-a0a2-d187f20f7db6.roa (raw, json)
Hash identifier:          RFqKG1tHc3QK2d5UEa0AY7/i48mpPyM7X94SBNVKPEg=
Subject key identifier:   4B:14:AC:5F:1D:7A:B5:82:41:86:01:FC:86:E5:2A:EF:3F:46:33:16
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       0EC33858D136DA555758126BC9340D35B57F360E
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/53444f16-12b0-454c-a0a2-d187f20f7db6.roa
Signing time:             Mon 11 Mar 2024 00:00:00 +0000
ROA not before:           Mon 11 Mar 2024 00:00:00 +0000
ROA not after:            Mon 15 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        43.250.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 12:04:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:c3:38:58:d1:36:da:55:57:58:12:6b:c9:34:0d:35:b5:7f:36:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Mar 11 00:00:00 2024 GMT
            Not After : Apr 15 23:59:59 2024 GMT
        Subject: serialNumber=42cdf322c20f463cf9ee7dd687bf237623b805d1d490601142284292a8c3f06d, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:31:a0:74:cf:eb:aa:5c:9f:9a:df:62:81:e1:
                    0a:ef:2e:a6:44:75:75:8b:7c:54:f4:9d:20:a2:55:
                    24:f3:f4:85:e1:9c:4f:61:86:0c:c4:86:29:5a:62:
                    ca:cc:91:30:f3:f8:dd:de:23:06:72:5b:f4:f6:98:
                    df:4e:4d:da:72:58:0a:1e:c7:1c:d9:78:74:59:f5:
                    3b:e7:83:54:7f:80:ee:8a:44:66:11:15:b5:ab:d6:
                    65:f7:fb:ae:06:0a:4b:6e:2f:38:35:57:f5:da:78:
                    15:bd:f3:8c:c6:04:fc:42:9a:f4:46:de:0a:6d:09:
                    52:f4:59:58:5d:36:cd:8d:69:68:07:71:9c:c7:d5:
                    bb:21:90:cc:37:58:65:22:13:d8:8e:bc:96:44:c0:
                    95:c5:45:8d:73:94:bd:b8:35:30:df:4f:9b:e0:e5:
                    e7:d3:6b:4d:e2:38:f9:50:61:79:c9:70:0b:9a:a2:
                    fe:4f:e0:5c:ef:bf:54:3b:6c:02:7d:c6:c9:af:65:
                    fb:91:2f:73:6e:be:42:50:dd:25:3b:d1:17:cc:2c:
                    48:5b:6d:10:e5:f7:40:9e:09:ee:39:42:01:0c:2a:
                    e7:f0:0c:90:35:c3:d8:f5:cb:88:0e:e7:5c:51:ad:
                    08:ac:0e:20:20:95:31:de:09:9e:92:84:ed:f8:1d:
                    2c:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:14:AC:5F:1D:7A:B5:82:41:86:01:FC:86:E5:2A:EF:3F:46:33:16
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/53444f16-12b0-454c-a0a2-d187f20f7db6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.250.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:db:48:65:5d:f2:ef:d0:db:dc:80:8d:c6:7d:fc:99:ec:1e:
         a9:fd:db:e6:6e:a2:47:bf:27:de:72:13:a7:e3:f8:3f:ff:e9:
         e5:a4:96:7c:75:d8:1c:26:66:35:67:ab:71:14:6b:ab:c5:20:
         25:cf:d9:51:42:70:f8:0c:da:fa:40:5e:52:1d:23:1a:38:1b:
         e8:c5:34:6c:6a:6b:8d:8f:3a:04:ce:3b:0f:cc:dc:3d:bf:93:
         48:ad:64:e0:29:7d:8e:c1:c8:6e:e7:37:f2:73:0c:da:ca:ae:
         19:33:88:7b:80:ba:a7:d5:0c:6d:50:61:96:d4:3f:dc:62:57:
         d2:9a:fe:a6:8b:73:f8:52:4e:fa:f1:3c:1d:01:87:6a:56:0f:
         5c:f6:06:8d:82:d5:e5:a0:cd:56:84:d2:c3:d2:6d:97:92:bf:
         2b:2f:0f:d5:02:e9:08:3f:f2:4c:23:38:28:0c:22:84:93:1f:
         e7:80:8a:59:e9:45:5f:eb:65:b1:f0:21:68:db:09:5f:9e:01:
         bb:35:bf:cf:d2:5c:fa:39:a0:73:31:3e:79:1f:95:ae:fe:63:
         fa:61:8d:72:43:6b:85:de:17:b5:bc:69:05:dd:36:5b:fc:1b:
         b9:dc:e0:9a:e5:9a:b0:a8:64:2e:24:33:86:92:6a:72:2d:8b:
         ca:13:ec:f9
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUDsM4WNE22lVXWBJryTQNNbV/Ng4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI0MDMxMTAwMDAwMFoX
DTI0MDQxNTIzNTk1OVowejFJMEcGA1UEBRNANDJjZGYzMjJjMjBmNDYzY2Y5ZWU3
ZGQ2ODdiZjIzNzYyM2I4MDVkMWQ0OTA2MDExNDIyODQyOTJhOGMzZjA2ZDEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6jGgdM/rqlyfmt9igeEK7y6mRHV1
i3xU9J0golUk8/SF4ZxPYYYMxIYpWmLKzJEw8/jd3iMGclv09pjfTk3aclgKHscc
2Xh0WfU754NUf4DuikRmERW1q9Zl9/uuBgpLbi84NVf12ngVvfOMxgT8Qpr0Rt4K
bQlS9FlYXTbNjWloB3Gcx9W7IZDMN1hlIhPYjryWRMCVxUWNc5S9uDUw30+b4OXn
02tN4jj5UGF5yXALmqL+T+Bc779UO2wCfcbJr2X7kS9zbr5CUN0lO9EXzCxIW20Q
5fdAngnuOUIBDCrn8AyQNcPY9cuIDudcUa0IrA4gIJUx3gmekoTt+B0sjQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFEsUrF8derWCQYYB/IblKu8/RjMWMB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
LzUzNDQ0ZjE2LTEyYjAtNDU0Yy1hMGEyLWQxODdmMjBmN2RiNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAK/rAMA0GCSqGSIb3DQEBCwUAA4IBAQBC20hlXfLv0NvcgI3GffyZ
7B6p/dvmbqJHvyfechOn4/g//+nlpJZ8ddgcJmY1Z6txFGurxSAlz9lRQnD4DNr6
QF5SHSMaOBvoxTRsamuNjzoEzjsPzNw9v5NIrWTgKX2Owchu5zfycwzayq4ZM4h7
gLqn1QxtUGGW1D/cYlfSmv6mi3P4Uk768TwdAYdqVg9c9gaNgtXloM1WhNLD0m2X
kr8rLw/VAukIP/JMIzgoDCKEkx/ngIpZ6UVf62Wx8CFo2wlfngG7Nb/P0lz6OaBz
MT55H5Wu/mP6YY1yQ2uF3he1vGkF3TZb/Bu53OCa5ZqwqGQuJDOGkmpyLYvKE+z5
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:29 2024 by rpki-client on console-ams.rpki-client.org