Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/c2cd3f2e-ce8c-4d1f-96ab-a25caed1b42f.roa
File:                     c2cd3f2e-ce8c-4d1f-96ab-a25caed1b42f.roa (raw, json)
Hash identifier:          ADGcvSONlGPXGtcpRCgEkJRO10ff4OewN7ZHlOJcta8=
Subject key identifier:   30:53:A2:71:CC:4F:D7:4C:B1:22:B5:16:8C:EF:A7:24:5B:2F:DF:89
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       562279F1E2710D30E645202E22D3FF71CBE61205
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/c2cd3f2e-ce8c-4d1f-96ab-a25caed1b42f.roa
Signing time:             Fri 22 Mar 2024 00:00:00 +0000
ROA not before:           Fri 22 Mar 2024 00:00:00 +0000
ROA not after:            Fri 26 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        43.250.192.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 12:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:22:79:f1:e2:71:0d:30:e6:45:20:2e:22:d3:ff:71:cb:e6:12:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Mar 22 00:00:00 2024 GMT
            Not After : Apr 26 23:59:59 2024 GMT
        Subject: serialNumber=b8f26c8fdabf1934276fd26d36fb78f67ddf774ce25f656167695b4095fec59a, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:4f:77:8a:f2:f5:99:21:73:11:5e:2f:2c:66:
                    05:fc:aa:87:09:45:3e:1c:28:84:d0:24:b2:f3:f1:
                    b9:7e:0b:79:94:43:9c:2d:40:2d:92:ce:05:5c:ee:
                    3c:b2:62:19:2b:bf:1b:55:9d:29:1a:b8:59:ec:74:
                    6e:b6:a9:25:11:ca:a3:5e:ed:62:16:1e:a6:29:98:
                    ec:c1:94:97:51:2d:47:19:95:7c:56:4b:1f:dd:f9:
                    1e:1b:91:e7:f0:62:9a:20:eb:7d:6d:df:03:c7:f7:
                    31:c3:64:a0:e9:df:35:ec:04:45:45:10:81:00:cd:
                    99:fe:a7:d0:c2:27:84:eb:e0:1b:6f:ea:d8:1e:cf:
                    ec:07:84:76:77:0f:dd:98:36:5a:e0:15:2a:2c:de:
                    97:79:b3:27:0d:00:fc:18:5b:31:c9:8d:28:b9:29:
                    ac:59:33:4e:89:22:79:06:44:13:85:aa:5c:d0:c5:
                    65:d6:98:12:d0:00:a1:ca:e2:1c:0b:57:f5:a0:7b:
                    e5:4c:16:4e:cc:94:68:2b:34:46:07:4d:94:b6:1d:
                    8c:ee:42:c1:00:1c:84:fe:23:0b:5b:9e:42:7e:1b:
                    af:94:42:32:5c:3c:c7:5f:96:3d:d3:62:f6:4f:78:
                    43:4e:0f:74:e0:81:d3:c9:f3:5f:7a:c1:ea:66:8e:
                    b9:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:53:A2:71:CC:4F:D7:4C:B1:22:B5:16:8C:EF:A7:24:5B:2F:DF:89
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/c2cd3f2e-ce8c-4d1f-96ab-a25caed1b42f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.250.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:b2:2c:e9:3a:30:41:c2:26:73:1b:bf:8d:60:8d:b1:e1:8c:
         81:68:82:a2:37:a4:b4:ee:aa:2f:94:85:63:b6:72:db:8e:f5:
         bf:3d:c1:30:7a:af:8a:5a:e9:d0:8f:4f:da:ec:99:ef:99:6b:
         20:64:98:8b:f2:d5:d2:33:88:5e:ae:45:5e:2f:91:46:07:fd:
         0a:e8:10:3b:16:7a:59:91:80:6e:18:ce:2e:35:22:4e:35:e1:
         63:22:3d:dc:0a:8f:57:f3:77:0b:a3:44:fb:a6:cf:35:c9:d9:
         7d:cb:f8:d9:17:92:9b:de:4e:48:4f:79:96:2d:77:15:29:0b:
         d2:c6:b6:68:6d:dc:2c:99:35:52:31:6b:c3:c9:9f:c4:53:73:
         d4:d0:85:d6:f1:80:7f:4c:39:be:24:06:67:92:80:51:50:a7:
         90:55:1a:95:bc:7c:6c:dd:12:21:61:36:c1:9d:94:7a:ba:d5:
         b3:e2:88:7f:b1:98:c9:36:2a:17:be:a1:b7:0e:ad:3b:37:fc:
         32:3e:4a:03:39:f5:0b:c0:f9:3b:52:da:ab:ae:f8:80:38:07:
         9b:de:90:f5:66:02:b6:2d:b4:01:62:a0:2d:6d:e7:af:e7:4a:
         26:96:8b:3d:4a:eb:21:82:a5:ec:80:e1:82:1b:cf:46:21:65:
         73:d6:ea:0f
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUViJ58eJxDTDmRSAuItP/ccvmEgUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI0MDMyMjAwMDAwMFoX
DTI0MDQyNjIzNTk1OVowejFJMEcGA1UEBRNAYjhmMjZjOGZkYWJmMTkzNDI3NmZk
MjZkMzZmYjc4ZjY3ZGRmNzc0Y2UyNWY2NTYxNjc2OTViNDA5NWZlYzU5YTEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwE93ivL1mSFzEV4vLGYF/KqHCUU+
HCiE0CSy8/G5fgt5lEOcLUAtks4FXO48smIZK78bVZ0pGrhZ7HRutqklEcqjXu1i
Fh6mKZjswZSXUS1HGZV8Vksf3fkeG5Hn8GKaIOt9bd8Dx/cxw2Sg6d817ARFRRCB
AM2Z/qfQwieE6+Abb+rYHs/sB4R2dw/dmDZa4BUqLN6XebMnDQD8GFsxyY0ouSms
WTNOiSJ5BkQThapc0MVl1pgS0AChyuIcC1f1oHvlTBZOzJRoKzRGB02Uth2M7kLB
AByE/iMLW55CfhuvlEIyXDzHX5Y902L2T3hDTg904IHTyfNfesHqZo65AwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFDBTonHMT9dMsSK1FozvpyRbL9+JMB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
L2MyY2QzZjJlLWNlOGMtNGQxZi05NmFiLWEyNWNhZWQxYjQyZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCK/rAMA0GCSqGSIb3DQEBCwUAA4IBAQAbsizpOjBBwiZzG7+NYI2x
4YyBaIKiN6S07qovlIVjtnLbjvW/PcEweq+KWunQj0/a7JnvmWsgZJiL8tXSM4he
rkVeL5FGB/0K6BA7FnpZkYBuGM4uNSJONeFjIj3cCo9X83cLo0T7ps81ydl9y/jZ
F5Kb3k5IT3mWLXcVKQvSxrZobdwsmTVSMWvDyZ/EU3PU0IXW8YB/TDm+JAZnkoBR
UKeQVRqVvHxs3RIhYTbBnZR6utWz4oh/sZjJNioXvqG3Dq07N/wyPkoDOfULwPk7
UtqrrviAOAeb3pD1ZgK2LbQBYqAtbeev50omlos9SushgqXsgOGCG89GIWVz1uoP
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:42 2024 by rpki-client on console-ams.rpki-client.org