Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c759ed47-7de1-4858-b207-c77b1f7d2c35.roa
File:                     c759ed47-7de1-4858-b207-c77b1f7d2c35.roa (raw, json)
Hash identifier:          NfQ4KYjQYalAZwlXg5oTAXqglm6OtH9Z145LCM2tbLs=
Subject key identifier:   2B:28:A9:F4:DE:F7:93:0F:13:D9:BB:2B:27:22:5C:A1:E2:E4:B8:41
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       328A8D72159ACBD1FFA51AB546A139F5D6966C22
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c759ed47-7de1-4858-b207-c77b1f7d2c35.roa
Signing time:             Mon 25 Mar 2024 00:00:00 +0000
ROA not before:           Mon 25 Mar 2024 00:00:00 +0000
ROA not after:            Mon 29 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        103.21.240.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Mar 2024 03:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:8a:8d:72:15:9a:cb:d1:ff:a5:1a:b5:46:a1:39:f5:d6:96:6c:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Mar 25 00:00:00 2024 GMT
            Not After : Apr 29 23:59:59 2024 GMT
        Subject: serialNumber=755659150f8b8598b9ed115d708890f694f2612a2a2e7beb40c179b97af586cb, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:af:c9:94:cf:22:d6:a7:00:30:bd:31:4e:f5:
                    f2:45:33:a8:27:b7:10:3b:b2:0d:c9:5a:aa:97:8f:
                    5c:63:c7:3f:e0:3b:62:ed:ce:8f:35:c7:5a:34:99:
                    dc:e5:7c:4e:65:fc:69:05:96:f1:60:1a:e5:ab:d3:
                    e5:64:9f:db:df:9c:81:f3:f8:cd:da:cc:65:2b:45:
                    15:45:29:53:eb:6f:a5:08:b8:65:75:a1:d3:37:39:
                    52:11:72:67:84:64:76:c3:aa:a0:30:5f:9e:a7:da:
                    13:75:34:c2:ab:ff:37:8f:85:21:df:bc:72:f2:bc:
                    b7:31:62:3d:c8:f6:f8:12:7c:f6:9b:90:33:2c:b7:
                    3b:13:a3:03:56:0e:b6:b3:19:31:34:9e:ca:d7:86:
                    37:44:cd:5c:20:2c:b0:35:b6:e2:53:0c:9f:2d:86:
                    2b:f8:6f:67:cf:97:e8:b0:a6:13:23:cf:1f:f3:ae:
                    0f:52:37:86:53:37:b0:fa:84:00:2a:cf:4f:da:71:
                    c7:16:56:6c:28:bd:e9:98:d8:80:24:01:44:05:fc:
                    94:05:a7:1e:1e:6c:0a:40:7e:78:30:06:f9:bb:ab:
                    67:a3:8c:e5:25:18:e4:e2:24:a4:9a:70:47:e8:b1:
                    98:26:55:a2:f6:3a:dd:56:25:6f:ef:6c:b4:6a:ec:
                    e4:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:28:A9:F4:DE:F7:93:0F:13:D9:BB:2B:27:22:5C:A1:E2:E4:B8:41
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c759ed47-7de1-4858-b207-c77b1f7d2c35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.21.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:83:6c:88:d2:e7:d5:bb:de:01:13:04:72:06:a7:f4:ab:5f:
         d5:37:57:29:b8:db:45:c9:73:a8:b8:0b:15:b2:a2:63:a0:2f:
         93:f9:87:7c:cd:73:2f:89:37:a8:f0:14:48:7d:6e:c5:16:ad:
         5a:b4:e1:c2:23:77:42:b4:6d:b9:b7:7c:b6:89:99:83:e7:29:
         23:77:fb:8a:de:a4:19:cd:c8:74:1b:89:69:fa:37:8f:35:78:
         d8:9c:a0:36:5a:e8:d3:31:ea:be:f0:14:19:a6:d0:68:2b:45:
         02:e7:1e:ca:bb:33:1b:77:ba:f3:ce:39:bd:3e:08:3a:84:1b:
         c9:3f:99:95:c7:a7:b3:b9:48:23:27:af:2f:98:f0:b3:55:8c:
         a6:58:da:de:6e:53:16:99:e8:10:cb:8a:18:ab:d5:17:b1:44:
         1c:f1:d6:2e:b0:1f:d1:e7:96:3e:8a:ae:9b:02:c9:da:5a:ad:
         f5:c4:f2:db:c6:bc:7f:fa:65:0f:83:03:4e:fa:94:dd:21:7a:
         2c:58:78:2f:ac:c4:7e:67:82:98:9a:39:d9:a4:79:20:88:82:
         0a:77:b2:b7:c2:65:11:29:bc:23:d0:22:1c:a5:04:ed:92:aa:
         4e:9e:62:78:35:3a:4e:f7:d2:cb:49:5c:e3:a5:0e:fa:2f:1c:
         fd:09:7d:81
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUMoqNchWay9H/pRq1RqE59daWbCIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI0MDMyNTAwMDAwMFoX
DTI0MDQyOTIzNTk1OVowejFJMEcGA1UEBRNANzU1NjU5MTUwZjhiODU5OGI5ZWQx
MTVkNzA4ODkwZjY5NGYyNjEyYTJhMmU3YmViNDBjMTc5Yjk3YWY1ODZjYjEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArK/JlM8i1qcAML0xTvXyRTOoJ7cQ
O7INyVqql49cY8c/4Dti7c6PNcdaNJnc5XxOZfxpBZbxYBrlq9PlZJ/b35yB8/jN
2sxlK0UVRSlT62+lCLhldaHTNzlSEXJnhGR2w6qgMF+ep9oTdTTCq/83j4Uh37xy
8ry3MWI9yPb4Enz2m5AzLLc7E6MDVg62sxkxNJ7K14Y3RM1cICywNbbiUwyfLYYr
+G9nz5fosKYTI88f864PUjeGUzew+oQAKs9P2nHHFlZsKL3pmNiAJAFEBfyUBace
HmwKQH54MAb5u6tno4zlJRjk4iSkmnBH6LGYJlWi9jrdViVv72y0auzk0QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFCsoqfTe95MPE9m7KyciXKHi5LhBMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2M3NTllZDQ3LTdkZTEtNDg1OC1iMjA3LWM3N2IxZjdkMmMzNS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCZxXwMA0GCSqGSIb3DQEBCwUAA4IBAQBYg2yI0ufVu94BEwRyBqf0
q1/VN1cpuNtFyXOouAsVsqJjoC+T+Yd8zXMviTeo8BRIfW7FFq1atOHCI3dCtG25
t3y2iZmD5ykjd/uK3qQZzch0G4lp+jePNXjYnKA2WujTMeq+8BQZptBoK0UC5x7K
uzMbd7rzzjm9Pgg6hBvJP5mVx6ezuUgjJ68vmPCzVYymWNreblMWmegQy4oYq9UX
sUQc8dYusB/R55Y+iq6bAsnaWq31xPLbxrx/+mUPgwNO+pTdIXosWHgvrMR+Z4KY
mjnZpHkgiIIKd7K3wmURKbwj0CIcpQTtkqpOnmJ4NTpO99LLSVzjpQ76Lxz9CX2B
-----END CERTIFICATE-----
Generated at Thu Mar 28 16:47:17 2024 by rpki-client on console-fra.rpki-client.org