Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/9fbd7a58-e139-4ada-86fc-00bddf61bca6.roa
File:                     9fbd7a58-e139-4ada-86fc-00bddf61bca6.roa (raw, json)
Hash identifier:          qnRs8Stk/NVHOOWtnsq5rZwOuG66XaRF2l/b1pLnccI=
Subject key identifier:   80:C4:F9:56:C7:12:CB:36:8B:DB:C4:3D:53:4F:30:86:90:0E:31:81
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       78C7DDBCA5873302D4663FD444B828C44203F3D1
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/9fbd7a58-e139-4ada-86fc-00bddf61bca6.roa
Signing time:             Thu 02 Mar 2023 00:00:00 +0000
ROA not before:           Thu 02 Mar 2023 00:00:00 +0000
ROA not after:            Thu 06 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        103.21.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 16 Mar 2023 12:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:c7:dd:bc:a5:87:33:02:d4:66:3f:d4:44:b8:28:c4:42:03:f3:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Mar  2 00:00:00 2023 GMT
            Not After : Apr  6 23:59:59 2023 GMT
        Subject: serialNumber=044072671b54840d5276b39305f6869518429358044a5fc3f34a8979befb756d, CN=4257e925-715f-47a2-893e-0e3f97ec7e22, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:06:84:99:99:32:66:d2:c3:80:c1:6b:5a:3f:
                    f7:78:45:23:72:8d:71:98:99:9b:82:0e:85:d7:d3:
                    19:c1:0b:ed:eb:46:e8:8b:70:ae:20:03:7b:2f:a3:
                    7b:60:16:93:c0:3c:0a:f3:bd:36:ff:cb:4e:f6:b2:
                    f2:d8:09:95:b5:78:65:b9:a1:cd:93:8a:ca:26:dd:
                    f7:f7:19:34:3b:64:79:77:e0:a1:5c:e4:10:b0:0a:
                    c6:c9:c7:b3:ca:98:82:74:76:8a:59:2d:81:0f:0a:
                    64:6c:5f:31:e9:45:03:e2:f8:01:36:a2:53:a3:54:
                    51:47:1b:44:02:bf:0f:7d:5e:ca:1e:4e:e6:6b:58:
                    30:4b:2a:01:fc:76:59:7c:43:97:bf:b0:ab:ad:97:
                    27:f7:fc:03:bf:de:d9:ed:49:be:aa:2f:e3:4c:24:
                    f1:fa:7d:c1:eb:f8:ba:a4:80:45:49:fc:cf:4f:85:
                    3b:9d:b9:04:24:cf:52:38:95:39:64:58:74:f2:df:
                    76:51:56:7e:95:37:e4:9c:15:60:a5:fd:b6:f8:59:
                    c2:e3:2e:77:9c:bd:da:72:b4:ea:b4:31:de:1e:21:
                    d8:4e:e0:71:3c:c9:1b:5b:39:70:7a:bd:8e:6f:9a:
                    cd:e0:6e:4c:49:4c:67:d2:df:37:db:bc:b2:2d:ec:
                    a3:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                80:C4:F9:56:C7:12:CB:36:8B:DB:C4:3D:53:4F:30:86:90:0E:31:81
            X509v3 Authority Key Identifier: 
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/9fbd7a58-e139-4ada-86fc-00bddf61bca6.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.21.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:c5:34:bd:61:56:fb:39:6a:ce:f8:c4:86:7a:7e:a9:d6:32:
         99:b8:0b:fa:b0:bb:91:25:bd:63:e4:2c:c8:2e:aa:e7:fb:4a:
         c8:2c:a6:aa:c8:b7:69:05:d2:81:f8:c6:48:4b:a3:41:d9:65:
         da:5a:55:3f:b1:0e:e7:56:ab:ad:0b:06:0c:71:c5:15:09:6a:
         6b:5b:93:a0:14:ce:83:ff:58:33:ca:e3:ef:c4:27:67:15:76:
         7a:ac:2a:ca:e8:de:8e:49:9d:c7:73:a2:57:d6:64:7a:36:db:
         e7:ba:d4:4d:58:71:e3:57:15:68:70:3e:9a:a7:14:8b:5c:24:
         8b:5e:63:2e:43:f0:cd:49:a0:f4:43:52:74:42:05:23:d3:3e:
         66:4e:b5:04:c2:d0:a7:69:c2:2f:8c:25:e2:93:17:cc:e1:3f:
         52:53:68:3c:51:33:f8:66:28:05:1c:93:1f:ee:9e:bb:86:9f:
         89:94:a3:1e:72:18:58:eb:4c:dd:ff:97:2e:4b:fd:b2:1f:39:
         f3:c8:f4:d4:df:fd:c8:47:66:02:69:6e:1e:c7:32:db:12:86:
         db:8c:ff:a2:76:61:54:68:ca:8b:0c:71:48:4a:c6:90:c7:b9:
         78:1f:e9:b9:32:f0:63:7c:f5:3c:5e:4e:7a:9d:7b:8e:ab:f7:
         24:a6:42:6e
-----BEGIN CERTIFICATE-----
MIIFyDCCBLCgAwIBAgIUeMfdvKWHMwLUZj/URLgoxEID89EwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTIzMDMwMjAwMDAwMFoX
DTIzMDQwNjIzNTk1OVowgaUxSTBHBgNVBAUTQDA0NDA3MjY3MWI1NDg0MGQ1Mjc2
YjM5MzA1ZjY4Njk1MTg0MjkzNTgwNDRhNWZjM2YzNGE4OTc5YmVmYjc1NmQxLTAr
BgNVBAMTJDQyNTdlOTI1LTcxNWYtNDdhMi04OTNlLTBlM2Y5N2VjN2UyMjEUMBIG
A1UECxMLQW1hem9uIFJQS0kxEzARBgNVBAoTCkFtYXpvbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDABoSZmTJm0sOAwWtaP/d4RSNyjXGYmZuC
DoXX0xnBC+3rRuiLcK4gA3svo3tgFpPAPArzvTb/y072svLYCZW1eGW5oc2Tisom
3ff3GTQ7ZHl34KFc5BCwCsbJx7PKmIJ0dopZLYEPCmRsXzHpRQPi+AE2olOjVFFH
G0QCvw99XsoeTuZrWDBLKgH8dll8Q5e/sKutlyf3/AO/3tntSb6qL+NMJPH6fcHr
+LqkgEVJ/M9PhTuduQQkz1I4lTlkWHTy33ZRVn6VN+ScFWCl/bb4WcLjLnecvdpy
tOq0Md4eIdhO4HE8yRtbOXB6vY5vms3gbkxJTGfS3zfbvLIt7KO9AgMBAAGjggJI
MIICRDAdBgNVHQ4EFgQUgMT5VscSyzaL28Q9U08whpAOMYEwHwYDVR0jBBgwFoAU
l+vzSPN2uGf8drKyuRB4w91JSIMwDgYDVR0PAQH/BAQDAgeAMH4GCCsGAQUFBwEB
BHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0
b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYyL2wtdnpTUE4ydUdm
OGRyS3l1UkI0dzkxSlNJTS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggrBgEF
BQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3MuY29t
L3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJiY2JiODVhZTYvOWZi
ZDdhNTgtZTEzOS00YWRhLTg2ZmMtMDBiZGRmNjFiY2E2LnJvYTCBlQYDVR0fBIGN
MIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpv
bmF3cy5jb20vdm9sdW1lL2MzY2Q3YzI0LTEyY2ItNGFiYy04ZmQyLTVlMmJjYmI4
NWFlNi85MGNhOTBhOS1hMTBhLTQ0ZTctODJiOS0xMzY1NzQ2YmE1NWUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABnFfAwDQYJKoZIhvcNAQELBQADggEBAKfFNL1hVvs5as74xIZ6fqnWMpm4
C/qwu5ElvWPkLMguquf7SsgspqrIt2kF0oH4xkhLo0HZZdpaVT+xDudWq60LBgxx
xRUJamtbk6AUzoP/WDPK4+/EJ2cVdnqsKsro3o5JncdzolfWZHo22+e61E1YceNX
FWhwPpqnFItcJIteYy5D8M1JoPRDUnRCBSPTPmZOtQTC0Kdpwi+MJeKTF8zhP1JT
aDxRM/hmKAUckx/unruGn4mUox5yGFjrTN3/ly5L/bIfOfPI9NTf/chHZgJpbh7H
MtsShtuM/6J2YVRoyosMcUhKxpDHuXgf6bky8GN89TxeTnqde46r9ySmQm4=
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:52:45 2023 by rpki-client on console-fra.rpki-client.org