Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/01305f95-02db-46f4-a135-5ff585346b72.roa
File:                     01305f95-02db-46f4-a135-5ff585346b72.roa (raw, json)
Hash identifier:          x7zwpWOd5bJQUl+QTwF4klBuwrLHWDFNOQzEUYawXgY=
Subject key identifier:   F4:F2:AB:91:EC:49:AA:A3:6D:5A:52:20:C4:A8:FF:F4:92:75:43:5F
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       1F44F6873F066CECEE1B24DF7FD342DE5CC064A2
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/01305f95-02db-46f4-a135-5ff585346b72.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.204.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:44:f6:87:3f:06:6c:ec:ee:1b:24:df:7f:d3:42:de:5c:c0:64:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=f7a6bf5c9574168ff1f1277060e0834027caaa950325d13da2fa061e056f5555, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:3b:fa:27:ab:3e:0d:2e:9b:c0:d0:b5:6e:0e:
                    32:b7:6a:4e:76:a7:07:b3:89:d2:ca:6e:18:6a:0f:
                    f8:b9:24:5d:da:ac:ef:88:ad:c9:37:48:37:93:fd:
                    40:9f:9c:ea:41:4b:a1:29:be:26:01:71:f3:ee:49:
                    2a:a9:c9:bc:cd:83:bc:24:fe:bc:23:c4:99:d0:fe:
                    ca:08:d2:68:eb:67:70:15:38:68:40:e8:a8:dc:4b:
                    de:8c:1f:55:6d:46:4f:e7:db:43:35:cc:0d:11:cd:
                    a9:47:80:d3:ec:c1:73:26:33:31:22:a5:47:e9:c4:
                    51:7a:84:55:c9:72:63:87:3a:49:7b:13:69:4b:1e:
                    2e:5a:57:0c:80:f5:18:51:18:4d:e1:e1:6a:ae:22:
                    d8:c0:df:c6:8f:ce:ce:84:da:2c:91:0a:f1:2b:0c:
                    9c:ce:55:6c:ab:69:0b:a1:bf:89:6a:b0:80:b5:4f:
                    c2:e6:04:be:69:75:7f:e6:86:8e:6a:8f:c4:98:a5:
                    9d:af:8c:4f:45:6c:14:b2:f5:1e:5b:bb:ee:4a:82:
                    5d:e5:d6:73:a0:02:88:c7:9b:4f:bd:31:bd:e1:c2:
                    4b:eb:b2:14:23:4b:1e:7a:3c:13:5c:28:24:4f:25:
                    aa:ca:9b:a3:5d:a5:a1:f1:e2:80:36:e8:db:5b:22:
                    25:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:F2:AB:91:EC:49:AA:A3:6D:5A:52:20:C4:A8:FF:F4:92:75:43:5F
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/01305f95-02db-46f4-a135-5ff585346b72.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.204.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         42:bb:2a:ce:2f:ca:5b:22:2a:12:29:c4:98:11:bf:ba:79:5e:
         d7:15:c9:bd:e1:29:1d:15:9e:b8:51:7e:07:ec:44:e0:3f:b2:
         1f:f0:e7:25:04:66:ee:4a:4b:63:27:14:12:11:94:d5:78:bb:
         81:e1:c6:40:09:30:e0:76:75:30:46:9e:60:28:6c:95:72:91:
         fb:2f:fe:f7:da:1c:59:df:03:52:1e:54:da:b1:28:36:88:12:
         4a:7c:22:33:8d:de:65:8e:89:7d:b5:0f:c7:d6:2e:88:e7:8e:
         9f:22:17:ee:2e:9e:bc:9c:55:db:67:33:3c:3e:ff:89:ff:5a:
         66:eb:48:1c:c3:7f:fb:99:6c:cb:e0:b4:75:4d:ee:73:75:d3:
         ea:c1:6d:4b:ef:f4:5f:50:41:60:a9:55:5c:ea:4d:e9:3c:1a:
         a9:32:a8:39:c2:77:ea:a4:1a:08:08:67:eb:94:c4:80:fb:7a:
         7d:c8:db:7f:ef:14:85:e7:55:c8:12:96:07:4c:00:5a:52:c7:
         2c:96:fd:60:28:6e:f2:a4:09:38:7c:7e:3d:5d:bd:a1:95:48:
         54:af:8e:fe:18:e3:f3:c3:ae:bf:a9:f7:62:da:71:6d:8c:2b:
         56:fd:49:37:1e:27:1e:14:92:cd:5a:ad:25:3f:4f:5e:5c:f6:
         b3:c5:71:d8
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUH0T2hz8GbOzuGyTff9NC3lzAZKIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGY3YTZiZjVjOTU3NDE2OGZmMWYxMjc3MDYwZTA4MzQwMjdjYWFhOTUwMzI1
ZDEzZGEyZmEwNjFlMDU2ZjU1NTUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANQ7+ierPg0um8DQtW4OMrdqTnanB7OJ0spuGGoP+LkkXdqs74ityTdIN5P9
QJ+c6kFLoSm+JgFx8+5JKqnJvM2DvCT+vCPEmdD+ygjSaOtncBU4aEDoqNxL3owf
VW1GT+fbQzXMDRHNqUeA0+zBcyYzMSKlR+nEUXqEVclyY4c6SXsTaUseLlpXDID1
GFEYTeHhaq4i2MDfxo/OzoTaLJEK8SsMnM5VbKtpC6G/iWqwgLVPwuYEvml1f+aG
jmqPxJilna+MT0VsFLL1Hlu77kqCXeXWc6ACiMebT70xveHCS+uyFCNLHno8E1wo
JE8lqsqbo12lofHigDbo21siJSkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBT08quR
7Emqo21aUiDEqP/0knVDXzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MDEzMDVmOTUtMDJkYi00NmY0LWExMzUtNWZmNTg1MzQ2YjcyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPMMA0G
CSqGSIb3DQEBCwUAA4IBAQBCuyrOL8pbIioSKcSYEb+6eV7XFcm94SkdFZ64UX4H
7ETgP7If8OclBGbuSktjJxQSEZTVeLuB4cZACTDgdnUwRp5gKGyVcpH7L/732hxZ
3wNSHlTasSg2iBJKfCIzjd5ljol9tQ/H1i6I546fIhfuLp68nFXbZzM8Pv+J/1pm
60gcw3/7mWzL4LR1Te5zddPqwW1L7/RfUEFgqVVc6k3pPBqpMqg5wnfqpBoICGfr
lMSA+3p9yNt/7xSF51XIEpYHTABaUscslv1gKG7ypAk4fH49Xb2hlUhUr47+GOPz
w66/qfdi2nFtjCtW/Uk3HiceFJLNWq0lP09eXPazxXHY
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:23 2024 by rpki-client on console-fra.rpki-client.org