Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c759ed47-7de1-4858-b207-c77b1f7d2c35.roa
File:                     c759ed47-7de1-4858-b207-c77b1f7d2c35.roa (raw, json)
Hash identifier:          v0Q/+FzBB25Y43PuFp1YiU8fPyimezlYhT4BRh5AHeo=
Subject key identifier:   60:88:04:66:D8:62:ED:E2:56:FA:42:28:42:13:F3:DC:A4:DF:C5:4A
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       7ADD26A38E810A6A9E1B137E335EC9BF03FABED6
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c759ed47-7de1-4858-b207-c77b1f7d2c35.roa
Signing time:             Sat 30 Sep 2023 00:00:00 +0000
ROA not before:           Sat 30 Sep 2023 00:00:00 +0000
ROA not after:            Sat 04 Nov 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        103.21.240.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 01 Oct 2023 12:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:dd:26:a3:8e:81:0a:6a:9e:1b:13:7e:33:5e:c9:bf:03:fa:be:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Sep 30 00:00:00 2023 GMT
            Not After : Nov  4 23:59:59 2023 GMT
        Subject: serialNumber=1aa23372392cf5da1c864e76177d4119260c81bc38f98bccae2bdf8697107124, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:f4:af:7b:99:77:75:29:2f:f8:8b:51:cb:6d:
                    41:28:25:a5:5c:0b:74:ee:7b:42:12:5b:7e:91:dc:
                    9f:1a:a8:79:be:0b:17:ea:e1:04:46:e0:c3:9a:c2:
                    ba:d0:c8:26:34:32:85:9c:20:c2:0f:01:67:8a:45:
                    b6:6f:1d:a1:28:de:29:4c:dd:c8:6d:2d:9a:17:57:
                    27:8c:a1:dc:ed:63:bc:3d:25:49:84:46:aa:66:9a:
                    63:cc:22:8d:9a:d3:b1:d0:7b:57:54:8d:fc:0e:18:
                    65:30:e8:af:3d:5e:29:70:ec:ee:a9:62:7a:54:e0:
                    ba:d1:b4:fb:95:ce:33:38:f4:d5:91:b3:1b:d7:8a:
                    34:44:c4:be:57:c9:5e:2f:74:9a:d2:9f:9a:86:67:
                    17:0c:a1:30:82:9e:11:03:a3:31:5a:e8:77:26:16:
                    a4:8b:ee:45:4c:8d:5f:d4:bd:ea:53:1e:35:74:29:
                    e7:63:4d:21:ee:66:ad:83:2e:33:2e:6f:b3:e8:06:
                    20:71:2a:0c:83:d4:58:f1:fc:70:db:79:53:31:c7:
                    89:8c:24:df:0e:7b:77:4e:93:9e:71:64:0f:ce:39:
                    7b:d6:8f:20:d8:ad:bf:ea:a6:85:67:ca:eb:50:10:
                    3f:34:9b:3a:17:06:46:b3:26:01:cf:63:2c:36:57:
                    9e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:88:04:66:D8:62:ED:E2:56:FA:42:28:42:13:F3:DC:A4:DF:C5:4A
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c759ed47-7de1-4858-b207-c77b1f7d2c35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.21.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:40:92:6e:94:68:49:59:90:72:3a:45:5a:ba:bc:36:2a:9a:
         21:a8:aa:cc:73:03:4a:df:63:43:e8:00:2b:f6:31:9d:49:78:
         29:cd:3f:c2:41:f2:16:40:e3:7a:3c:e7:31:28:79:85:af:d4:
         a0:b8:48:84:27:41:cd:93:8c:b9:a5:b3:ab:03:88:7a:46:b2:
         69:ce:c6:2d:97:2c:9e:cc:e3:12:ef:4c:68:04:43:43:06:a2:
         ce:51:86:60:81:57:ca:55:92:9f:3b:1d:4b:bf:50:30:7d:fe:
         b3:5d:89:fe:91:f1:2f:38:4e:21:9b:8f:45:47:49:e2:73:e5:
         4a:fd:e9:ee:ce:64:be:ec:e5:49:dd:f1:67:fa:ed:1c:ad:d3:
         f6:5a:3d:d6:99:3b:79:32:e6:e9:0d:02:73:b7:e9:d0:26:b8:
         ab:c1:e1:3d:33:9a:ce:59:e9:b5:88:17:1c:a0:8d:2f:4f:a2:
         95:2a:17:ad:68:64:f4:28:91:3d:e2:01:4a:27:bc:bc:b2:9a:
         e6:28:32:f7:d5:2b:0d:7b:cc:e0:aa:4d:3b:48:90:89:5d:77:
         d1:34:66:43:f4:e1:57:ee:93:a2:fc:8d:34:cd:e5:b4:85:48:
         a5:6b:fa:4d:5f:62:e0:20:ca:00:d8:76:2d:a0:e5:71:a1:b7:
         0e:a4:84:b9
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUet0mo46BCmqeGxN+M17JvwP6vtYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTIzMDkzMDAwMDAwMFoX
DTIzMTEwNDIzNTk1OVowejFJMEcGA1UEBRNAMWFhMjMzNzIzOTJjZjVkYTFjODY0
ZTc2MTc3ZDQxMTkyNjBjODFiYzM4Zjk4YmNjYWUyYmRmODY5NzEwNzEyNDEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vSve5l3dSkv+ItRy21BKCWlXAt0
7ntCElt+kdyfGqh5vgsX6uEERuDDmsK60MgmNDKFnCDCDwFnikW2bx2hKN4pTN3I
bS2aF1cnjKHc7WO8PSVJhEaqZppjzCKNmtOx0HtXVI38DhhlMOivPV4pcOzuqWJ6
VOC60bT7lc4zOPTVkbMb14o0RMS+V8leL3Sa0p+ahmcXDKEwgp4RA6MxWuh3Jhak
i+5FTI1f1L3qUx41dCnnY00h7matgy4zLm+z6AYgcSoMg9RY8fxw23lTMceJjCTf
Dnt3TpOecWQPzjl71o8g2K2/6qaFZ8rrUBA/NJs6FwZGsyYBz2MsNleeqQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFGCIBGbYYu3iVvpCKEIT89yk38VKMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2M3NTllZDQ3LTdkZTEtNDg1OC1iMjA3LWM3N2IxZjdkMmMzNS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCZxXwMA0GCSqGSIb3DQEBCwUAA4IBAQB0QJJulGhJWZByOkVaurw2
KpohqKrMcwNK32ND6AAr9jGdSXgpzT/CQfIWQON6POcxKHmFr9SguEiEJ0HNk4y5
pbOrA4h6RrJpzsYtlyyezOMS70xoBENDBqLOUYZggVfKVZKfOx1Lv1Awff6zXYn+
kfEvOE4hm49FR0nic+VK/enuzmS+7OVJ3fFn+u0crdP2Wj3WmTt5MubpDQJzt+nQ
JrirweE9M5rOWem1iBccoI0vT6KVKhetaGT0KJE94gFKJ7y8sprmKDL31SsNe8zg
qk07SJCJXXfRNGZD9OFX7pOi/I00zeW0hUila/pNX2LgIMoA2HYtoOVxobcOpIS5
-----END CERTIFICATE-----
Generated at Sat Sep 30 00:19:18 2023 by rpki-client on console-fra.rpki-client.org