Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0481d995-4a3d-4e25-8d0e-33271809f9a9.roa
File:                     0481d995-4a3d-4e25-8d0e-33271809f9a9.roa (raw, json)
Hash identifier:          eEEoD88txLVTWtp3doY+o87tSydRZ8xfzm0hQgWkjBY=
Subject key identifier:   9A:92:48:01:C4:D2:1A:65:97:D3:5D:FF:23:F7:9E:8B:DB:17:4C:63
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       52F8FDC88D2A6276CFA8E5AFBEC556799CA672A5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0481d995-4a3d-4e25-8d0e-33271809f9a9.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        152.134.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:f8:fd:c8:8d:2a:62:76:cf:a8:e5:af:be:c5:56:79:9c:a6:72:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=50087a0bb25c0f8ed6f35ff02e47d345bef343a1bf66923a059c1596030c74c1, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:35:77:08:de:ac:d2:0f:9f:84:2c:5a:8e:31:
                    6b:e8:f7:e2:ca:c5:84:d7:11:e5:bb:04:00:73:70:
                    f3:bc:d4:b1:41:05:4d:06:4e:95:1d:b9:43:43:12:
                    54:25:be:a7:ee:3d:e8:9c:bb:ae:53:68:a5:90:1e:
                    46:ae:95:c6:b9:8b:86:35:c1:74:a6:30:48:55:57:
                    24:5b:4c:2c:d7:ab:cf:76:d7:a0:e1:cc:8e:67:b9:
                    2b:5c:72:ec:f0:ee:97:74:92:aa:ae:d9:3c:c0:ce:
                    10:b6:b2:42:50:39:f4:4f:16:30:6f:f7:3b:ac:ee:
                    f2:1b:00:22:c6:ec:87:3d:41:e4:4d:64:0b:ba:30:
                    ae:ae:44:85:f8:0e:5c:43:00:0c:33:f0:82:9a:bd:
                    32:12:0c:62:88:b5:cc:e2:77:31:b6:da:8e:3a:a0:
                    bc:dc:9f:db:82:15:c8:dc:58:df:64:ba:c2:d1:b4:
                    8b:ca:58:6d:ce:88:a4:14:32:e1:2d:0c:7e:fa:75:
                    8a:3a:e2:a6:06:0f:13:c5:b4:56:b0:1a:03:3e:7c:
                    cd:a5:30:cb:40:72:81:fa:57:43:e3:db:24:41:a2:
                    7e:7a:ed:8f:0b:77:6a:c8:a5:12:b2:98:8a:0f:f5:
                    37:e8:66:76:cb:5e:b7:68:ac:c6:5b:88:6b:fa:e1:
                    33:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:92:48:01:C4:D2:1A:65:97:D3:5D:FF:23:F7:9E:8B:DB:17:4C:63
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0481d995-4a3d-4e25-8d0e-33271809f9a9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.134.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         37:1c:63:c7:01:22:72:1c:a3:be:99:8c:52:6d:ce:25:45:18:
         c1:b7:6e:ca:cf:e3:c5:6d:7d:fd:2b:e0:83:f7:97:d6:02:a5:
         cd:4d:5e:62:63:31:3b:51:e0:e4:24:aa:38:67:56:67:cb:ae:
         c0:01:50:c6:ac:1d:b1:53:dc:54:2b:80:31:71:44:71:62:45:
         33:51:64:94:65:ed:2f:45:2d:3d:8a:57:8c:63:c3:4f:71:a7:
         82:6d:1a:0a:8f:d6:c7:02:62:d1:c4:e8:ac:2b:63:94:c9:a9:
         59:5b:9f:07:55:04:ab:48:df:e8:30:35:b1:2c:85:67:b4:3a:
         22:d4:2a:12:6f:0b:2b:fa:b2:95:16:3b:6b:c4:fe:d8:5e:e1:
         96:b7:74:43:c7:f6:95:25:7e:b4:8e:69:3e:21:d1:03:06:6f:
         49:d0:96:f0:ce:30:d4:bd:48:16:91:e2:98:cb:cf:c4:eb:35:
         6e:ca:db:96:27:7c:53:1f:07:7b:7e:c7:57:50:fd:75:bb:1c:
         b9:a5:41:97:dc:02:0b:a0:f3:55:ab:66:8d:d7:9a:d1:2a:1e:
         b6:49:71:ab:11:ed:55:81:11:6c:0c:f3:b9:11:25:80:92:ca:
         24:00:86:9b:20:6e:c8:c5:99:cd:6f:5e:05:d5:b1:43:77:c2:
         a1:33:4d:ba
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUUvj9yI0qYnbPqOWvvsVWeZymcqUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDUwMDg3YTBiYjI1YzBmOGVkNmYzNWZmMDJlNDdkMzQ1YmVmMzQzYTFiZjY2
OTIzYTA1OWMxNTk2MDMwYzc0YzExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPI1dwjerNIPn4QsWo4xa+j34srFhNcR5bsEAHNw87zUsUEFTQZOlR25Q0MS
VCW+p+496Jy7rlNopZAeRq6VxrmLhjXBdKYwSFVXJFtMLNerz3bXoOHMjme5K1xy
7PDul3SSqq7ZPMDOELayQlA59E8WMG/3O6zu8hsAIsbshz1B5E1kC7owrq5EhfgO
XEMADDPwgpq9MhIMYoi1zOJ3MbbajjqgvNyf24IVyNxY32S6wtG0i8pYbc6IpBQy
4S0Mfvp1ijripgYPE8W0VrAaAz58zaUwy0BygfpXQ+PbJEGifnrtjwt3asilErKY
ig/1N+hmdstet2isxluIa/rhM58CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSakkgB
xNIaZZfTXf8j956L2xdMYzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MDQ4MWQ5OTUtNGEzZC00ZTI1LThkMGUtMzMyNzE4MDlmOWE5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJiGMA0G
CSqGSIb3DQEBCwUAA4IBAQA3HGPHASJyHKO+mYxSbc4lRRjBt27Kz+PFbX39K+CD
95fWAqXNTV5iYzE7UeDkJKo4Z1Zny67AAVDGrB2xU9xUK4AxcURxYkUzUWSUZe0v
RS09ileMY8NPcaeCbRoKj9bHAmLRxOisK2OUyalZW58HVQSrSN/oMDWxLIVntDoi
1CoSbwsr+rKVFjtrxP7YXuGWt3RDx/aVJX60jmk+IdEDBm9J0JbwzjDUvUgWkeKY
y8/E6zVuytuWJ3xTHwd7fsdXUP11uxy5pUGX3AILoPNVq2aN15rRKh62SXGrEe1V
gRFsDPO5ESWAksokAIabIG7IxZnNb14F1bFDd8KhM026
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:39 2024 by rpki-client on console-ams.rpki-client.org