Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/7a18d866-9fb0-44dc-8cfd-5461500736e2.roa
File:                     7a18d866-9fb0-44dc-8cfd-5461500736e2.roa (raw, json)
Hash identifier:          w9dwQkpnZx74PezofhWBh+sZLRMU4YSRkF0BzLgoNsU=
Subject key identifier:   C4:29:52:97:BD:32:20:D0:A0:77:6F:3A:74:3D:4F:2A:5F:30:76:6A
Certificate issuer:       /CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
Certificate serial:       5A4D1643AA7C2C84C1AC2E28BF0D9CF6D4611DF7
Authority key identifier: 16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/7a18d866-9fb0-44dc-8cfd-5461500736e2.roa
Signing time:             Sat 23 Mar 2024 00:00:00 +0000
ROA not before:           Sat 23 Mar 2024 00:00:00 +0000
ROA not after:            Sat 27 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        175.41.192.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/manifest.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Mar 2024 12:03:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:4d:16:43:aa:7c:2c:84:c1:ac:2e:28:bf:0d:9c:f6:d4:61:1d:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91509EC0000/serialNumber=16F524F8E0EC7CAE0769C42E50FFB3A2B564A6AC
        Validity
            Not Before: Mar 23 00:00:00 2024 GMT
            Not After : Apr 27 23:59:59 2024 GMT
        Subject: serialNumber=5252d1e154b0b4793200f3a1614c11f3387bb19b649ee0a918e5e68e5be9e67c, CN=58810403-9ba0-403a-809b-c78252ab7f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ba:d2:cc:a0:95:8a:52:7f:3c:5c:72:3d:87:
                    37:9e:89:87:51:b7:84:26:a7:09:54:a0:46:1f:05:
                    79:6a:8e:ec:09:0c:88:60:a1:2e:19:c8:0b:e6:3a:
                    7c:1a:cf:3d:0a:2b:fe:80:18:61:df:37:2f:a4:5a:
                    a9:d9:a0:33:01:15:b4:37:a8:2d:2c:90:c3:96:a2:
                    88:26:f8:cd:df:3e:64:16:d2:4c:67:4c:a3:ef:a3:
                    d9:49:54:f0:57:6f:15:f3:2e:02:d6:6e:a1:9a:34:
                    84:ba:bb:06:c0:0f:6a:de:61:bf:f9:3e:0c:d2:73:
                    fe:fd:7b:ee:6d:67:34:96:a4:cc:ab:cb:f9:15:51:
                    47:3e:3b:d6:0c:da:eb:17:b7:60:78:99:3e:a4:fc:
                    8b:c4:6f:a0:0a:5e:90:60:a1:a7:81:78:f3:5c:a3:
                    c2:78:29:db:45:a0:ff:c3:cc:31:0a:46:f7:c8:cf:
                    00:95:d7:21:a9:c7:2d:24:2e:76:89:35:bc:34:95:
                    bc:1f:fa:b0:dd:06:2a:1a:76:01:c1:f1:48:91:45:
                    87:48:07:68:64:79:99:a0:b8:9e:fc:c8:75:12:e0:
                    3d:ff:79:6d:14:57:99:55:e5:6a:9d:29:c1:2b:da:
                    3c:8f:41:bb:30:c6:2c:a9:ab:f8:a3:d8:e6:5b:ed:
                    7a:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:29:52:97:BD:32:20:D0:A0:77:6F:3A:74:3D:4F:2A:5F:30:76:6A
            X509v3 Authority Key Identifier:
                keyid:16:F5:24:F8:E0:EC:7C:AE:07:69:C4:2E:50:FF:B3:A2:B5:64:A6:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FvUk-ODsfK4HacQuUP-zorVkpqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/7a18d866-9fb0-44dc-8cfd-5461500736e2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/db9a372a-09bc-4a32-bfe4-8c48e5dbd219/6ecb3cca-488d-43b9-a50b-d37c0c55a9e1.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.41.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         7c:87:b9:32:57:5e:e6:1e:4c:5e:4a:7d:93:ef:80:47:85:64:
         f0:a8:8a:95:8c:ec:14:c9:f2:fa:94:b4:40:ca:7c:2c:c0:5c:
         a1:c0:97:7a:c2:9f:a9:f7:77:c1:93:d1:d1:8e:ff:91:e2:ef:
         d3:7f:74:e9:c7:eb:50:bb:1f:d0:ef:64:68:22:1c:e6:6a:7e:
         47:c3:c0:5a:a3:48:d7:9a:f3:2d:ec:70:38:10:f0:94:dc:66:
         a2:62:85:59:89:91:ae:94:6d:32:8c:09:5e:62:ca:2d:4e:28:
         2b:c0:a9:72:5f:be:f0:08:70:6b:d3:2c:4f:07:4b:75:89:4d:
         fe:6b:a8:ec:94:3f:91:b7:13:72:90:a2:80:71:34:37:d2:87:
         2e:77:4c:b9:81:fe:c2:ac:4e:74:75:e0:46:2a:ea:d9:ed:27:
         45:cb:28:b5:da:60:8c:1a:35:4e:d1:ed:28:0c:88:8c:ee:9d:
         25:aa:f4:a0:c2:50:70:a1:25:d5:34:95:d4:07:57:9f:0c:69:
         5d:a0:25:f0:43:3c:ec:01:2e:64:5d:aa:1b:f3:0f:87:b2:8c:
         97:34:7c:ac:da:a9:76:6d:5a:3f:31:39:4a:a7:b8:27:81:92:
         55:f6:cf:a4:35:37:17:7e:78:cb:fe:36:cc:12:27:6b:56:5a:
         17:29:80:ce
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUWk0WQ6p8LITBrC4ovw2c9tRhHfcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNTA5RUMwMDAwMTEwLwYDVQQFEygxNkY1MjRGOEUw
RUM3Q0FFMDc2OUM0MkU1MEZGQjNBMkI1NjRBNkFDMB4XDTI0MDMyMzAwMDAwMFoX
DTI0MDQyNzIzNTk1OVowejFJMEcGA1UEBRNANTI1MmQxZTE1NGIwYjQ3OTMyMDBm
M2ExNjE0YzExZjMzODdiYjE5YjY0OWVlMGE5MThlNWU2OGU1YmU5ZTY3YzEtMCsG
A1UEAxMkNTg4MTA0MDMtOWJhMC00MDNhLTgwOWItYzc4MjUyYWI3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLrSzKCVilJ/PFxyPYc3nomHUbeE
JqcJVKBGHwV5ao7sCQyIYKEuGcgL5jp8Gs89Civ+gBhh3zcvpFqp2aAzARW0N6gt
LJDDlqKIJvjN3z5kFtJMZ0yj76PZSVTwV28V8y4C1m6hmjSEursGwA9q3mG/+T4M
0nP+/XvubWc0lqTMq8v5FVFHPjvWDNrrF7dgeJk+pPyLxG+gCl6QYKGngXjzXKPC
eCnbRaD/w8wxCkb3yM8AldchqcctJC52iTW8NJW8H/qw3QYqGnYBwfFIkUWHSAdo
ZHmZoLie/Mh1EuA9/3ltFFeZVeVqnSnBK9o8j0G7MMYsqav4o9jmW+16OwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFMQpUpe9MiDQoHdvOnQ9TypfMHZqMB8GA1UdIwQY
MBaAFBb1JPjg7HyuB2nELlD/s6K1ZKasMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9GdlVrLU9E
c2ZLNEhhY1F1VVAtem9yVmtwcXcuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvZGI5YTM3MmEtMDliYy00YTMyLWJmZTQtOGM0OGU1ZGJkMjE5
LzdhMThkODY2LTlmYjAtNDRkYy04Y2ZkLTU0NjE1MDA3MzZlMi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9kYjlhMzcyYS0wOWJjLTRhMzItYmZlNC04YzQ4
ZTVkYmQyMTkvNmVjYjNjY2EtNDg4ZC00M2I5LWE1MGItZDM3YzBjNTVhOWUxLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQGrynAMA0GCSqGSIb3DQEBCwUAA4IBAQB8h7kyV17mHkxeSn2T74BH
hWTwqIqVjOwUyfL6lLRAynwswFyhwJd6wp+p93fBk9HRjv+R4u/Tf3Tpx+tQux/Q
72RoIhzman5Hw8Bao0jXmvMt7HA4EPCU3GaiYoVZiZGulG0yjAleYsotTigrwKly
X77wCHBr0yxPB0t1iU3+a6jslD+RtxNykKKAcTQ30ocud0y5gf7CrE50deBGKurZ
7SdFyyi12mCMGjVO0e0oDIiM7p0lqvSgwlBwoSXVNJXUB1efDGldoCXwQzzsAS5k
Xaob8w+HsoyXNHys2ql2bVo/MTlKp7gngZJV9s+kNTcXfnjL/jbMEidrVloXKYDO
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:42 2024 by rpki-client on console-ams.rpki-client.org