Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/5defafc1-b226-4bbc-87e7-556b8bee16db.roa
File:                     5defafc1-b226-4bbc-87e7-556b8bee16db.roa (raw, json)
Hash identifier:          PQjnGj0/0+pf0a6HgWOb8W7kb+x/b2RNkPI2XiJ3vPo=
Subject key identifier:   30:3F:9D:02:FB:B9:DF:4A:77:7D:4A:77:91:C4:98:17:E6:3E:A5:BF
Certificate issuer:       /CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
Certificate serial:       6480A37FAF118338F677C67995F99455E8679407
Authority key identifier: 16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/5defafc1-b226-4bbc-87e7-556b8bee16db.roa
Signing time:             Sat 23 Mar 2024 00:00:00 +0000
ROA not before:           Sat 23 Mar 2024 00:00:00 +0000
ROA not after:            Sat 27 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        43.250.196.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 12:03:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:80:a3:7f:af:11:83:38:f6:77:c6:79:95:f9:94:55:e8:67:94:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
        Validity
            Not Before: Mar 23 00:00:00 2024 GMT
            Not After : Apr 27 23:59:59 2024 GMT
        Subject: serialNumber=76ec10cd3db275ff7612254dc462e1ab85b88a8e5dec2cacfd5ad963447df176, CN=58810403-9ba0-403a-809b-c78252ab7f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5c:ad:60:24:35:8b:55:ce:e5:f2:86:ea:e2:
                    dc:f7:2e:58:26:f6:56:ae:74:e1:4f:28:58:89:c7:
                    01:ef:dd:d0:82:f8:01:a8:3a:10:92:f0:c6:0f:1c:
                    e9:ca:f5:76:85:66:e3:07:88:26:63:ca:7d:05:51:
                    5c:97:01:0e:b0:26:95:82:ef:a0:2b:23:5f:de:4f:
                    2b:a3:7e:c6:2e:fc:cd:92:21:37:c3:78:93:15:41:
                    fe:b2:59:8f:5f:16:73:2a:e6:20:8f:c4:7e:f4:25:
                    9c:52:10:f7:3e:8f:67:d1:0b:51:b2:8d:36:b7:72:
                    e9:0f:08:b4:71:d5:da:46:10:de:ad:7b:0d:f4:a9:
                    77:c6:66:5c:66:b4:a0:f1:d4:d6:bf:7e:5b:e2:dd:
                    ee:b7:78:15:32:c9:9d:81:79:22:91:b7:5f:31:86:
                    54:3d:aa:ff:b7:84:b7:65:b4:21:db:b0:23:64:b0:
                    36:9c:45:d5:2e:9b:4d:2d:fd:9a:cf:72:2c:d4:a0:
                    0c:8e:a2:32:1a:d1:eb:3a:72:96:74:29:eb:cc:68:
                    6b:b3:22:8e:53:ec:86:06:71:f9:20:c8:27:9e:d0:
                    cf:29:b6:ac:aa:98:fa:90:a0:14:69:34:86:48:5e:
                    22:4b:d3:42:37:ac:b8:8c:0e:9d:c8:66:30:a3:7d:
                    19:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:3F:9D:02:FB:B9:DF:4A:77:7D:4A:77:91:C4:98:17:E6:3E:A5:BF
            X509v3 Authority Key Identifier:
                keyid:16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/5defafc1-b226-4bbc-87e7-556b8bee16db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.250.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:f6:49:34:6a:84:ea:28:30:b2:28:12:c5:1c:55:39:ee:00:
         fa:0b:25:26:47:a8:83:cd:9e:98:44:84:78:f4:6e:7d:e6:6c:
         e7:7d:02:5d:72:d6:82:a2:8e:10:ce:fc:1d:20:84:eb:c1:41:
         ad:b1:79:ea:ae:94:cc:30:c1:09:cb:3c:28:f8:bc:b9:bc:e0:
         c8:4a:77:58:36:5e:79:1e:d3:be:2b:61:22:df:10:ba:88:36:
         7b:fc:3f:77:92:3b:6b:91:8c:61:e5:c1:72:78:3e:44:b2:40:
         11:99:b2:d3:25:b7:6d:8d:46:db:41:71:89:a7:5e:1f:6f:3c:
         e6:36:3d:62:19:dd:f2:86:09:aa:78:32:be:2e:a6:06:09:01:
         d9:ec:8d:7b:bf:6c:80:39:11:00:3c:c2:fb:af:d3:18:7b:7b:
         fb:6b:86:a3:c9:66:a1:be:8c:5f:6f:e6:c5:c6:1a:ff:67:fa:
         96:86:79:af:4e:59:c0:e7:03:8b:be:16:f8:9d:13:3e:38:7a:
         16:0e:95:fc:af:4d:d8:90:c8:5e:fe:79:29:7a:69:7a:4a:d5:
         91:68:5b:9c:b9:5c:84:50:1c:86:be:9c:5d:d0:dd:6a:5b:43:
         0e:16:b3:ca:b4:fe:e6:45:c2:22:61:f8:b2:49:bf:5f:04:c4:
         c6:db:7e:28
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUZICjf68Rgzj2d8Z5lfmUVehnlAcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNTA5RUMwMDAwMTEwLwYDVQQFEygxNkY1MjRGOEUw
RUM3Q0FFMDc2OUM0MkU1MEZGQjNBMkI1NjRBNkFDMB4XDTI0MDMyMzAwMDAwMFoX
DTI0MDQyNzIzNTk1OVowejFJMEcGA1UEBRNANzZlYzEwY2QzZGIyNzVmZjc2MTIy
NTRkYzQ2MmUxYWI4NWI4OGE4ZTVkZWMyY2FjZmQ1YWQ5NjM0NDdkZjE3NjEtMCsG
A1UEAxMkNTg4MTA0MDMtOWJhMC00MDNhLTgwOWItYzc4MjUyYWI3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVytYCQ1i1XO5fKG6uLc9y5YJvZW
rnThTyhYiccB793QgvgBqDoQkvDGDxzpyvV2hWbjB4gmY8p9BVFclwEOsCaVgu+g
KyNf3k8ro37GLvzNkiE3w3iTFUH+slmPXxZzKuYgj8R+9CWcUhD3Po9n0QtRso02
t3LpDwi0cdXaRhDerXsN9Kl3xmZcZrSg8dTWv35b4t3ut3gVMsmdgXkikbdfMYZU
Par/t4S3ZbQh27AjZLA2nEXVLptNLf2az3Is1KAMjqIyGtHrOnKWdCnrzGhrsyKO
U+yGBnH5IMgnntDPKbasqpj6kKAUaTSGSF4iS9NCN6y4jA6dyGYwo30ZJQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFDA/nQL7ud9Kd31Kd5HEmBfmPqW/MB8GA1UdIwQY
MBaAFBb1JPjg7HyuB2nELlD/s6K1ZKasMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9GdlVrLU9E
c2ZLNEhhY1F1VVAtem9yVmtwcXcuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvZGI5YTM3MmEtMDliYy00YTMyLWJmZTQtOGM0OGU1ZGJkMjE5
LzVkZWZhZmMxLWIyMjYtNGJiYy04N2U3LTU1NmI4YmVlMTZkYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9kYjlhMzcyYS0wOWJjLTRhMzItYmZlNC04YzQ4
ZTVkYmQyMTkvNmVjYjNjY2EtNDg4ZC00M2I5LWE1MGItZDM3YzBjNTVhOWUxLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCK/rEMA0GCSqGSIb3DQEBCwUAA4IBAQAr9kk0aoTqKDCyKBLFHFU5
7gD6CyUmR6iDzZ6YRIR49G595mznfQJdctaCoo4QzvwdIITrwUGtsXnqrpTMMMEJ
yzwo+Ly5vODISndYNl55HtO+K2Ei3xC6iDZ7/D93kjtrkYxh5cFyeD5EskARmbLT
JbdtjUbbQXGJp14fbzzmNj1iGd3yhgmqeDK+LqYGCQHZ7I17v2yAOREAPML7r9MY
e3v7a4ajyWahvoxfb+bFxhr/Z/qWhnmvTlnA5wOLvhb4nRM+OHoWDpX8r03YkMhe
/nkpeml6StWRaFucuVyEUByGvpxd0N1qW0MOFrPKtP7mRcIiYfiySb9fBMTG234o
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:25 2024 by rpki-client on console-fra.rpki-client.org