Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/cb2e5a8c-21f1-4679-a372-617732fc3ea6.roa
File:                     cb2e5a8c-21f1-4679-a372-617732fc3ea6.roa (raw, json)
Hash identifier:          M/xtJBJaGpDG4i5IWs3Rs/ZJHhsiKpnkmy8olghEk5Y=
Subject key identifier:   E5:39:40:34:57:37:37:30:11:9C:C3:D0:57:51:95:C8:D9:A8:AD:74
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       22DDD3D9CE758B53CE30D14A7E7D68FC98D03F61
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/cb2e5a8c-21f1-4679-a372-617732fc3ea6.roa
Signing time:             Sat 02 Sep 2023 00:00:00 +0000
ROA not before:           Sat 02 Sep 2023 00:00:00 +0000
ROA not after:            Sat 07 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        43.250.192.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 03 Sep 2023 12:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:dd:d3:d9:ce:75:8b:53:ce:30:d1:4a:7e:7d:68:fc:98:d0:3f:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Sep  2 00:00:00 2023 GMT
            Not After : Oct  7 23:59:59 2023 GMT
        Subject: serialNumber=66834d880fbf69746009f9ada060192d1ae9c65abc08d9010c0571c9a04b1264, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:23:56:6b:04:ea:de:fe:17:fc:27:e0:a8:cb:
                    9d:89:b6:a4:f1:a4:63:24:4d:b1:14:cc:89:49:8f:
                    33:c4:c3:43:44:47:45:d9:4f:4c:89:cf:a7:41:11:
                    44:cb:dd:eb:e6:de:d0:05:ee:fe:5a:8b:bd:05:ce:
                    ac:69:38:31:11:38:49:86:76:7f:ed:ab:f6:a6:9c:
                    9f:87:58:77:58:61:e6:d3:6f:b3:45:af:53:3d:95:
                    73:f3:00:68:73:96:23:04:1e:81:8a:90:aa:2c:4f:
                    b5:0a:79:a8:c6:6b:d6:0d:56:a8:46:6c:b0:d6:14:
                    9b:1d:48:d7:f5:0a:0c:a1:ef:e2:f1:d6:bf:fe:0f:
                    cc:fe:7d:cf:48:c2:45:8c:ff:f2:f1:e5:23:c8:74:
                    b5:b4:6c:6a:ea:24:dd:b4:f1:0e:18:0b:5d:c7:3c:
                    5e:ec:c0:c6:ac:5b:bc:4a:26:a1:0c:e4:da:62:c5:
                    76:43:c6:a6:71:9a:c9:40:5e:7f:b0:18:07:c8:28:
                    f8:45:0e:74:50:fc:2d:df:8b:92:fa:f8:7d:fb:fe:
                    82:4b:f9:4e:2c:ea:74:67:06:c4:4f:d5:61:19:a3:
                    1e:1f:73:05:ce:d5:78:be:4b:13:eb:bc:19:04:c2:
                    67:33:87:72:a9:1d:e7:b3:10:92:ba:d8:cd:42:e7:
                    bd:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:39:40:34:57:37:37:30:11:9C:C3:D0:57:51:95:C8:D9:A8:AD:74
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/cb2e5a8c-21f1-4679-a372-617732fc3ea6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.250.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:fc:54:4c:62:26:77:45:7d:bd:cf:f7:c1:20:b2:e4:c5:a9:
         8a:9b:4c:89:78:9a:22:94:86:5c:5e:59:2d:3e:51:10:01:ef:
         3c:16:3a:90:47:6d:f4:fc:f3:df:ff:e8:58:76:ee:6a:02:40:
         44:95:d0:7f:42:43:8e:d2:e8:d1:c8:b7:4a:04:e0:43:9f:1c:
         5a:62:be:f2:f8:ce:af:2d:ba:b5:b5:8c:ba:d6:8f:d8:5c:50:
         5a:65:63:c2:93:9a:d0:c3:22:dd:1c:48:cf:05:81:cc:3e:58:
         69:f5:97:4e:6f:f6:5d:a7:ac:00:8f:47:e8:e2:5c:1c:4b:b5:
         0f:26:51:87:81:95:6f:7a:e2:0b:53:1d:f2:d8:7b:74:1d:30:
         43:0c:53:04:c3:79:97:a6:fe:70:5b:64:8e:0f:e5:79:ac:67:
         00:dc:2a:fb:68:2f:bc:c7:d6:b3:4b:c9:97:a3:62:fc:9f:12:
         ff:16:eb:e6:a6:7f:3b:b3:0e:bd:b8:d2:ac:98:3e:b8:26:91:
         e4:8f:8b:71:f3:ea:74:3f:da:20:eb:45:05:5b:92:b0:94:54:
         a7:68:91:a1:13:d8:0b:77:7a:f8:0e:ab:1c:1f:09:bc:b9:63:
         43:36:57:eb:0e:9b:a0:8a:27:33:6f:4a:99:84:f0:d0:12:f9:
         0c:22:b5:d5
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUIt3T2c51i1POMNFKfn1o/JjQP2EwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTIzMDkwMjAwMDAwMFoX
DTIzMTAwNzIzNTk1OVowejFJMEcGA1UEBRNANjY4MzRkODgwZmJmNjk3NDYwMDlm
OWFkYTA2MDE5MmQxYWU5YzY1YWJjMDhkOTAxMGMwNTcxYzlhMDRiMTI2NDEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSNWawTq3v4X/CfgqMudibak8aRj
JE2xFMyJSY8zxMNDREdF2U9Mic+nQRFEy93r5t7QBe7+Wou9Bc6saTgxEThJhnZ/
7av2ppyfh1h3WGHm02+zRa9TPZVz8wBoc5YjBB6BipCqLE+1CnmoxmvWDVaoRmyw
1hSbHUjX9QoMoe/i8da//g/M/n3PSMJFjP/y8eUjyHS1tGxq6iTdtPEOGAtdxzxe
7MDGrFu8SiahDOTaYsV2Q8amcZrJQF5/sBgHyCj4RQ50UPwt34uS+vh9+/6CS/lO
LOp0ZwbET9VhGaMeH3MFztV4vksT67wZBMJnM4dyqR3nsxCSutjNQue92wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFOU5QDRXNzcwEZzD0FdRlcjZqK10MB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
L2NiMmU1YThjLTIxZjEtNDY3OS1hMzcyLTYxNzczMmZjM2VhNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCK/rAMA0GCSqGSIb3DQEBCwUAA4IBAQAh/FRMYiZ3RX29z/fBILLk
xamKm0yJeJoilIZcXlktPlEQAe88FjqQR230/PPf/+hYdu5qAkBEldB/QkOO0ujR
yLdKBOBDnxxaYr7y+M6vLbq1tYy61o/YXFBaZWPCk5rQwyLdHEjPBYHMPlhp9ZdO
b/Zdp6wAj0fo4lwcS7UPJlGHgZVveuILUx3y2Ht0HTBDDFMEw3mXpv5wW2SOD+V5
rGcA3Cr7aC+8x9azS8mXo2L8nxL/Fuvmpn87sw69uNKsmD64JpHkj4tx8+p0P9og
60UFW5KwlFSnaJGhE9gLd3r4DqscHwm8uWNDNlfrDpugiiczb0qZhPDQEvkMIrXV
-----END CERTIFICATE-----
Generated at Sat Sep 2 00:30:12 2023 by rpki-client on console-fra.rpki-client.org