Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/01c4adee-b8dc-44e3-959a-e4ab13e63ba7.roa
File:                     01c4adee-b8dc-44e3-959a-e4ab13e63ba7.roa (raw, json)
Hash identifier:          zLeCggQ8779JXBRTF0ZO0qq9rPu4BE8aZRhnHbKaHvE=
Subject key identifier:   8C:A3:5B:C8:BF:6A:28:7C:AC:60:B5:AE:AA:04:4F:5C:9A:82:DD:DC
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       381270739D690870D25604A94CC6E480BC30CCD9
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/01c4adee-b8dc-44e3-959a-e4ab13e63ba7.roa
Signing time:             Sat 25 Jan 2025 00:00:00 +0000
ROA not before:           Sat 25 Jan 2025 00:00:00 +0000
ROA not after:            Sat 01 Mar 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        83.118.234.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Feb 2025 08:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:12:70:73:9d:69:08:70:d2:56:04:a9:4c:c6:e4:80:bc:30:cc:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jan 25 00:00:00 2025 GMT
            Not After : Mar  1 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:57:6f:5a:b0:5e:af:f8:64:89:d5:1d:f2:69:
                    0d:8f:32:d8:db:9d:bd:9e:a7:f5:85:a7:68:58:4e:
                    fd:f3:aa:2f:05:41:7e:0c:9f:61:d4:f0:a4:9b:1e:
                    e1:c2:38:6d:71:f1:e1:7e:dd:f2:50:2d:49:16:c9:
                    56:2a:7f:0b:86:ff:ab:2b:c6:11:0a:d4:84:79:aa:
                    2c:af:dd:38:df:73:d0:02:b6:ed:2d:0c:05:8a:da:
                    1d:8b:25:a8:d6:36:10:f2:a9:fd:ce:d4:cc:54:61:
                    90:8a:44:71:41:32:53:b5:7d:93:fc:88:19:27:db:
                    ae:37:60:ed:79:6c:86:fb:57:16:ed:40:e0:2d:7a:
                    38:2b:d4:1b:8b:8b:8a:25:ce:a0:8b:68:ea:32:74:
                    8e:51:35:11:a7:0f:99:f2:23:a3:52:0c:fb:81:52:
                    52:87:05:12:e7:79:7e:f5:3c:a6:74:e6:bf:bc:7b:
                    06:8c:25:da:ce:42:d0:ea:84:2a:69:3f:d4:96:65:
                    b2:12:47:cd:4a:55:49:eb:64:83:a9:fa:56:01:02:
                    c9:25:51:fe:30:6d:4b:85:47:01:27:eb:20:dc:13:
                    ea:53:67:44:72:90:23:cd:84:d0:1c:22:2e:51:9e:
                    40:8f:e5:74:fd:c3:70:ee:94:93:f3:b1:c5:fc:17:
                    aa:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:A3:5B:C8:BF:6A:28:7C:AC:60:B5:AE:AA:04:4F:5C:9A:82:DD:DC
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/01c4adee-b8dc-44e3-959a-e4ab13e63ba7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.118.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:a4:6b:36:8c:ca:4c:53:24:82:98:c7:d4:ef:dc:a7:17:2e:
         7c:d3:b7:33:31:39:c1:11:b1:97:69:f4:33:2d:2b:a6:e3:77:
         d2:d6:92:22:b6:aa:2d:64:1b:9a:82:67:da:62:7a:0c:51:b0:
         6f:d4:d5:31:e8:d9:2d:25:77:9c:37:23:bc:33:91:3b:c9:53:
         0c:7f:18:c5:a9:d9:07:b7:42:4d:cc:d9:47:60:65:93:01:56:
         85:1f:3f:76:e4:f9:96:97:9d:8b:ab:d8:9f:ec:8e:91:76:51:
         b6:60:30:21:40:f9:82:6b:da:2d:86:77:b4:3b:5f:3c:fa:87:
         d3:51:cf:12:14:1a:ea:24:73:07:87:e7:4f:71:3a:82:ac:96:
         24:f6:d5:c9:5e:72:25:15:44:44:d5:38:8e:22:0a:0a:df:23:
         89:ca:c1:7b:d8:27:b1:35:27:bf:c0:b2:2a:55:15:9e:ba:f2:
         da:74:58:25:0a:71:f8:f6:0b:ca:ac:3b:20:78:03:8d:14:2b:
         ac:d4:5c:86:c5:a3:83:fc:71:14:9f:b4:d8:ee:7d:c1:f1:05:
         be:6f:60:ed:13:a0:0b:b3:cb:1d:d0:1a:b9:7f:ae:99:75:a6:
         30:13:81:0d:7e:26:c5:4d:f2:83:18:da:98:43:f5:18:02:df:
         e0:98:6e:9b
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUOBJwc51pCHDSVgSpTMbkgLwwzNkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAxMjUwMDAwMDBaFw0yNTAzMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQGFlOWQxMzJhZjU1MGQ3Y2FlMTU5NWVjNzM4MTU2ZjM2OWI1ZjgzYTQzZTBm
NjAxNWU1NTVjOGNhMTVjMTcwMWExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOxXb1qwXq/4ZInVHfJpDY8y2NudvZ6n9YWnaFhO/fOqLwVBfgyfYdTwpJse
4cI4bXHx4X7d8lAtSRbJVip/C4b/qyvGEQrUhHmqLK/dON9z0AK27S0MBYraHYsl
qNY2EPKp/c7UzFRhkIpEcUEyU7V9k/yIGSfbrjdg7XlshvtXFu1A4C16OCvUG4uL
iiXOoIto6jJ0jlE1EacPmfIjo1IM+4FSUocFEud5fvU8pnTmv7x7Bowl2s5C0OqE
Kmk/1JZlshJHzUpVSetkg6n6VgECySVR/jBtS4VHASfrINwT6lNnRHKQI82E0Bwi
LlGeQI/ldP3DcO6Uk/OxxfwXqp0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSMo1vI
v2oofKxgta6qBE9cmoLd3DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MDFjNGFkZWUtYjhkYy00NGUzLTk1OWEtZTRhYjEzZTYzYmE3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVN26jAN
BgkqhkiG9w0BAQsFAAOCAQEAFqRrNozKTFMkgpjH1O/cpxcufNO3MzE5wRGxl2n0
My0rpuN30taSIraqLWQbmoJn2mJ6DFGwb9TVMejZLSV3nDcjvDORO8lTDH8YxanZ
B7dCTczZR2BlkwFWhR8/duT5lpedi6vYn+yOkXZRtmAwIUD5gmvaLYZ3tDtfPPqH
01HPEhQa6iRzB4fnT3E6gqyWJPbVyV5yJRVERNU4jiIKCt8jicrBe9gnsTUnv8Cy
KlUVnrry2nRYJQpx+PYLyqw7IHgDjRQrrNRchsWjg/xxFJ+02O59wfEFvm9g7ROg
C7PLHdAauX+umXWmMBOBDX4mxU3ygxjamEP1GALf4Jhumw==
-----END CERTIFICATE-----
Generated at Tue Feb 11 16:13:07 2025 by rpki-client