Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/f95587cf-7170-48b0-b508-4aa1770ec2e7.roa
File:                     f95587cf-7170-48b0-b508-4aa1770ec2e7.roa (raw, json)
Hash identifier:          PGoCek0UyHMyNGVlDba+3FDNuj+n+n/JvxtZZUouCHY=
Subject key identifier:   8C:39:0B:B7:38:BE:F5:7B:6F:F3:5F:B8:FC:99:58:69:B1:3E:47:8F
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       1F822DEEE88B41EF2DE4C624F12AA1FBD8D3D767
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/f95587cf-7170-48b0-b508-4aa1770ec2e7.roa
Signing time:             Fri 22 Mar 2024 00:00:00 +0000
ROA not before:           Fri 22 Mar 2024 00:00:00 +0000
ROA not after:            Fri 26 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        122.248.192.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 12:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:82:2d:ee:e8:8b:41:ef:2d:e4:c6:24:f1:2a:a1:fb:d8:d3:d7:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Mar 22 00:00:00 2024 GMT
            Not After : Apr 26 23:59:59 2024 GMT
        Subject: serialNumber=819e9765dec45cc09cb76bd2d7815c0c80aa7f9d8f87589bedaa5d1d6f5073bb, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:22:c2:3a:e7:ed:31:58:32:fd:b3:85:88:7c:
                    cf:49:4e:be:83:35:42:ce:58:52:68:27:5a:50:97:
                    31:a7:ed:7f:d8:89:a4:fe:1e:b5:de:bc:8b:35:6a:
                    b9:4b:82:bc:04:9c:d5:d1:e6:6d:01:58:a7:bf:9c:
                    cc:d3:40:ef:81:90:c1:8a:fb:b8:07:8b:b1:bc:df:
                    7d:23:74:d4:89:b6:3e:b2:15:5d:82:78:a9:c0:c5:
                    0e:ff:dc:84:db:e4:12:a3:89:b9:43:ca:06:5c:c7:
                    39:5a:aa:b5:08:04:85:79:c3:1f:d2:64:fb:bd:54:
                    d4:e2:0f:67:e4:0e:e7:17:51:30:0c:d4:76:09:0d:
                    7c:0b:a7:76:43:11:33:b0:96:bb:9f:e6:5e:e9:e8:
                    85:1e:4f:a8:88:6c:f7:4f:00:a9:ab:2f:7c:37:8a:
                    03:41:60:25:ca:7a:be:a6:75:8b:a6:6f:9a:5f:80:
                    68:56:fd:57:36:16:3e:78:3d:4a:70:87:3e:a4:55:
                    be:e9:db:48:91:d4:6c:a1:de:af:81:8c:b1:8d:df:
                    46:f5:6a:e9:19:50:86:f3:ff:8a:d2:48:3a:36:d7:
                    5f:42:a9:f0:01:f0:89:3c:13:b6:35:18:7e:4f:94:
                    a0:97:d4:7d:a0:48:aa:25:42:3a:24:92:49:32:45:
                    e1:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:39:0B:B7:38:BE:F5:7B:6F:F3:5F:B8:FC:99:58:69:B1:3E:47:8F
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/f95587cf-7170-48b0-b508-4aa1770ec2e7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  122.248.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         66:67:cb:ae:24:db:2c:8b:c1:ea:7d:99:25:c0:85:13:12:39:
         1d:00:a2:7a:2f:96:ff:eb:c7:de:5d:cd:df:2c:51:d9:97:6c:
         49:06:82:37:3f:00:06:12:45:29:d5:6f:44:59:35:52:84:b0:
         18:8c:90:13:b2:0e:3e:ed:41:25:32:fa:0c:2e:bd:1f:56:ac:
         7c:12:69:80:d1:11:2e:cf:84:31:93:9a:d7:65:e3:a8:89:f9:
         b4:20:d5:02:b6:18:0a:04:15:17:d1:86:8c:30:ee:e9:54:0c:
         e8:3d:f6:7a:f0:bb:ac:03:25:db:20:d0:3d:8e:39:c0:1f:1b:
         a0:ea:21:a4:cf:38:03:7c:b5:aa:ac:20:62:eb:da:40:4e:55:
         c8:76:43:31:32:83:e1:e7:78:80:f4:26:af:b0:a1:50:67:0d:
         b3:d8:84:95:db:6d:1f:7e:dc:08:c9:fe:8d:ea:69:86:e6:0b:
         e1:e3:d3:06:b0:b1:cb:a2:27:5e:15:94:18:41:df:21:21:1f:
         1b:8a:91:4c:3f:8f:c2:c3:b8:51:fa:03:93:78:98:1d:a6:17:
         54:e1:f2:d7:44:f9:87:dc:05:95:ef:41:ec:6e:bf:d4:a0:c0:
         65:16:51:e5:fd:47:c2:55:1c:61:8d:bd:32:93:d8:72:8f:82:
         20:36:4c:a8
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUH4It7uiLQe8t5MYk8Sqh+9jT12cwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI0MDMyMjAwMDAwMFoX
DTI0MDQyNjIzNTk1OVowejFJMEcGA1UEBRNAODE5ZTk3NjVkZWM0NWNjMDljYjc2
YmQyZDc4MTVjMGM4MGFhN2Y5ZDhmODc1ODliZWRhYTVkMWQ2ZjUwNzNiYjEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSLCOuftMVgy/bOFiHzPSU6+gzVC
zlhSaCdaUJcxp+1/2Imk/h613ryLNWq5S4K8BJzV0eZtAVinv5zM00DvgZDBivu4
B4uxvN99I3TUibY+shVdgnipwMUO/9yE2+QSo4m5Q8oGXMc5Wqq1CASFecMf0mT7
vVTU4g9n5A7nF1EwDNR2CQ18C6d2QxEzsJa7n+Ze6eiFHk+oiGz3TwCpqy98N4oD
QWAlynq+pnWLpm+aX4BoVv1XNhY+eD1KcIc+pFW+6dtIkdRsod6vgYyxjd9G9Wrp
GVCG8/+K0kg6NtdfQqnwAfCJPBO2NRh+T5Sgl9R9oEiqJUI6JJJJMkXh3QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFIw5C7c4vvV7b/NfuPyZWGmxPkePMB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
L2Y5NTU4N2NmLTcxNzAtNDhiMC1iNTA4LTRhYTE3NzBlYzJlNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQGevjAMA0GCSqGSIb3DQEBCwUAA4IBAQBmZ8uuJNssi8HqfZklwIUT
EjkdAKJ6L5b/68feXc3fLFHZl2xJBoI3PwAGEkUp1W9EWTVShLAYjJATsg4+7UEl
MvoMLr0fVqx8EmmA0REuz4Qxk5rXZeOoifm0INUCthgKBBUX0YaMMO7pVAzoPfZ6
8LusAyXbINA9jjnAHxug6iGkzzgDfLWqrCBi69pATlXIdkMxMoPh53iA9CavsKFQ
Zw2z2ISV220fftwIyf6N6mmG5gvh49MGsLHLoideFZQYQd8hIR8bipFMP4/Cw7hR
+gOTeJgdphdU4fLXRPmH3AWV70Hsbr/UoMBlFlHl/UfCVRxhjb0yk9hyj4IgNkyo
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:42 2024 by rpki-client on console-ams.rpki-client.org