Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/9fbd7a58-e139-4ada-86fc-00bddf61bca6.roa
File:                     9fbd7a58-e139-4ada-86fc-00bddf61bca6.roa (raw, json)
Hash identifier:          5K10sUV6wiE/6mmHJlG+8MFatDyjKxXuWmbZAWNLuew=
Subject key identifier:   68:78:41:E0:BB:94:A8:34:55:71:BD:D0:48:B2:E7:7C:66:53:0E:9C
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       2137AC60D9459776A79AED7104ABE32228084029
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/9fbd7a58-e139-4ada-86fc-00bddf61bca6.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        103.21.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 20 Sep 2023 03:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:37:ac:60:d9:45:97:76:a7:9a:ed:71:04:ab:e3:22:28:08:40:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=03859d7ddd8456bb4c7f32a20999c0a38889de530a3b6baf878f70574fd918b4, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:30:0c:22:c3:82:25:93:ba:35:dd:3e:1c:3b:
                    46:60:f3:c3:9e:5d:00:08:4c:6a:d5:c3:ac:27:4e:
                    ae:4f:95:58:ab:bc:d2:d8:15:69:32:c6:99:fb:51:
                    85:31:7f:d0:d0:0d:08:05:d2:45:c5:9e:bf:6f:54:
                    87:3d:33:24:ae:01:68:05:0f:db:da:a6:1b:7b:b1:
                    73:47:2b:fc:a6:18:3a:cc:cd:b0:92:2d:2d:0d:d8:
                    67:e8:2e:c9:33:78:a9:db:c8:de:ca:7e:38:14:df:
                    fd:a9:8a:f7:7c:25:9b:e5:47:3c:f1:00:4c:b6:a1:
                    f5:89:ab:55:9a:89:89:3a:bc:1e:ff:99:c3:ae:de:
                    fd:2e:ce:e5:ac:44:4b:d2:3f:3b:23:cc:4d:16:ea:
                    c6:74:3b:91:ab:3d:19:4c:19:f6:1e:5a:e0:73:72:
                    01:d6:3d:1e:fc:b8:79:ad:7b:e1:ac:05:26:af:eb:
                    ca:d6:fe:de:92:3a:f5:8c:b0:86:54:79:2f:89:28:
                    83:1e:f1:73:33:be:fd:3b:1e:4c:fc:84:40:cf:f4:
                    74:95:7f:d8:71:9f:65:c4:25:cf:bc:96:88:2b:be:
                    bf:2c:a5:a7:66:85:77:be:e5:81:36:b8:2f:4c:ee:
                    06:45:47:68:ad:8e:e1:c1:9f:b8:51:d0:44:51:7f:
                    a8:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:78:41:E0:BB:94:A8:34:55:71:BD:D0:48:B2:E7:7C:66:53:0E:9C
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/9fbd7a58-e139-4ada-86fc-00bddf61bca6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.21.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:c7:84:6b:6d:3f:d4:71:ce:a1:c1:39:8c:dc:a1:0c:d0:df:
         28:6f:11:a1:85:84:4e:7f:12:d4:ad:58:af:f2:30:84:8b:f4:
         90:ee:d1:3d:22:26:de:5e:24:38:44:b1:ff:c0:43:3c:38:9e:
         41:48:08:b2:2c:41:e4:c2:2b:c4:36:a9:74:68:5d:bd:64:46:
         2c:23:a4:b3:d8:1d:65:33:75:c7:9d:66:c3:a9:52:1b:66:98:
         ee:b7:8d:71:25:f1:c5:70:62:2d:2a:d3:ae:88:84:e9:1a:f1:
         f4:bc:1e:95:6a:5e:25:df:01:c0:7b:df:5c:fa:96:dc:18:46:
         6b:47:e5:08:12:6e:d5:4a:c4:5e:95:0c:d9:d1:c6:e1:63:36:
         04:96:b9:c4:74:17:d4:db:03:14:3d:86:bf:fb:22:f0:39:42:
         75:db:35:6f:47:60:2d:93:02:de:f5:e6:43:93:18:1e:7a:5e:
         68:e5:f7:f1:29:1c:6d:ec:02:d4:f8:9c:45:38:18:04:d2:9c:
         8c:0f:7b:94:25:bc:bb:e7:52:bb:b5:79:a7:ad:d2:12:af:dc:
         38:4b:86:39:0c:af:62:5f:c5:a9:a9:3e:67:af:f0:df:5b:46:
         6e:fd:43:8b:cb:44:bc:de:80:39:28:e8:12:44:b3:c5:1c:ee:
         9e:ed:ee:3c
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUITesYNlFl3anmu1xBKvjIigIQCkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTIzMDkxODAwMDAwMFoX
DTIzMTAyMzIzNTk1OVowejFJMEcGA1UEBRNAMDM4NTlkN2RkZDg0NTZiYjRjN2Yz
MmEyMDk5OWMwYTM4ODg5ZGU1MzBhM2I2YmFmODc4ZjcwNTc0ZmQ5MThiNDEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTAMIsOCJZO6Nd0+HDtGYPPDnl0A
CExq1cOsJ06uT5VYq7zS2BVpMsaZ+1GFMX/Q0A0IBdJFxZ6/b1SHPTMkrgFoBQ/b
2qYbe7FzRyv8phg6zM2wki0tDdhn6C7JM3ip28jeyn44FN/9qYr3fCWb5Uc88QBM
tqH1iatVmomJOrwe/5nDrt79Ls7lrERL0j87I8xNFurGdDuRqz0ZTBn2Hlrgc3IB
1j0e/Lh5rXvhrAUmr+vK1v7ekjr1jLCGVHkviSiDHvFzM779Ox5M/IRAz/R0lX/Y
cZ9lxCXPvJaIK76/LKWnZoV3vuWBNrgvTO4GRUdorY7hwZ+4UdBEUX+otwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFGh4QeC7lKg0VXG90Eiy53xmUw6cMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzlmYmQ3YTU4LWUxMzktNGFkYS04NmZjLTAwYmRkZjYxYmNhNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAZxXwMA0GCSqGSIb3DQEBCwUAA4IBAQCGx4RrbT/Ucc6hwTmM3KEM
0N8obxGhhYROfxLUrViv8jCEi/SQ7tE9IibeXiQ4RLH/wEM8OJ5BSAiyLEHkwivE
Nql0aF29ZEYsI6Sz2B1lM3XHnWbDqVIbZpjut41xJfHFcGItKtOuiITpGvH0vB6V
al4l3wHAe99c+pbcGEZrR+UIEm7VSsRelQzZ0cbhYzYElrnEdBfU2wMUPYa/+yLw
OUJ12zVvR2AtkwLe9eZDkxgeel5o5ffxKRxt7ALU+JxFOBgE0pyMD3uUJby751K7
tXmnrdISr9w4S4Y5DK9iX8WpqT5nr/DfW0Zu/UOLy0S83oA5KOgSRLPFHO6e7e48
-----END CERTIFICATE-----
Generated at Mon Sep 18 15:24:46 2023 by rpki-client on console-fra.rpki-client.org