Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/05d2e6e0-648a-472a-b287-1b954eae646d.roa
File:                     05d2e6e0-648a-472a-b287-1b954eae646d.roa (raw, json)
Hash identifier:          GyByaOlBQda2m5z5P3XUP9HGJBC/u+m1mPSlXVO6ef4=
Subject key identifier:   D3:68:7F:5E:48:CC:FA:B9:5C:19:02:06:5B:F7:08:1B:4E:B4:42:8D
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       7B7F9D2D58AA98C8BED538DAED88369A00B3C50B
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/05d2e6e0-648a-472a-b287-1b954eae646d.roa
Signing time:             Wed 27 Mar 2024 00:00:00 +0000
ROA not before:           Wed 27 Mar 2024 00:00:00 +0000
ROA not after:            Wed 01 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        83.118.234.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:7f:9d:2d:58:aa:98:c8:be:d5:38:da:ed:88:36:9a:00:b3:c5:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 27 00:00:00 2024 GMT
            Not After : May  1 23:59:59 2024 GMT
        Subject: serialNumber=2c0efc9f72f11e69e8bc020b158adb15dec77cfbda594626b092b91f4a5230d3, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:9e:ee:4e:67:84:db:27:b6:81:51:8e:5b:36:
                    31:96:a5:44:e6:30:9e:5e:ed:99:e1:88:65:3b:b9:
                    37:89:62:ae:09:f7:79:cb:a9:51:d1:1b:5c:86:36:
                    ef:97:d2:00:25:b4:86:7c:7b:01:d1:21:95:23:76:
                    f5:69:5c:6f:9c:28:08:a6:90:f6:b2:c3:0a:f7:1a:
                    0c:4a:c4:fd:ab:60:a2:25:4f:6f:27:5b:5a:30:02:
                    4d:fb:22:80:f7:5f:8f:7c:b7:bc:ea:61:8d:3e:f3:
                    67:89:dc:90:23:5f:48:48:3d:d7:1a:61:d9:b8:c2:
                    5d:93:c3:31:f4:de:61:cc:e3:52:9f:51:02:69:38:
                    55:7a:e0:82:d7:72:e1:5c:03:95:bb:72:e5:d5:9c:
                    d7:fb:ab:b6:ee:d2:14:9a:52:67:34:92:ae:a2:0c:
                    57:ac:15:92:73:5d:d6:1f:5e:31:20:bd:87:6b:aa:
                    74:51:87:fa:b3:33:7d:9a:aa:aa:aa:94:86:79:22:
                    b1:db:cd:14:b8:92:e0:e4:21:83:d7:8a:13:ef:09:
                    46:d5:d2:7b:08:cc:ee:51:f6:94:49:a3:98:33:ec:
                    94:5e:2f:6a:17:e5:ae:29:a1:11:9b:2d:32:d5:ff:
                    5f:10:a3:0b:b6:22:47:f6:65:73:4f:0b:a1:5c:d1:
                    e8:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:68:7F:5E:48:CC:FA:B9:5C:19:02:06:5B:F7:08:1B:4E:B4:42:8D
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/05d2e6e0-648a-472a-b287-1b954eae646d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.118.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:24:f3:18:95:0c:09:7a:ed:99:8d:9e:33:8a:81:6b:1e:c8:
         b6:ab:d6:d7:3b:b2:bf:51:91:a5:58:1a:7d:4d:3e:c3:15:e0:
         8f:5c:f8:0c:4c:44:39:35:d8:d1:6c:07:31:73:cd:a1:90:df:
         ac:54:b2:e3:4f:ec:f2:d3:0e:73:13:43:27:68:5f:28:ae:db:
         17:90:47:3a:2a:88:4b:e9:1c:e7:86:75:55:86:76:a7:fb:7d:
         ca:09:cb:73:9e:a2:73:a6:a4:df:b8:88:f3:05:52:84:b7:22:
         c1:1e:92:e2:5b:12:0a:e1:35:33:f2:fc:95:64:57:17:4e:d8:
         54:91:7b:3f:c0:11:21:f1:69:53:a3:06:7f:ac:a3:e0:3c:da:
         7e:2a:51:e7:18:04:8b:1c:12:76:46:cf:46:9d:ad:b5:2e:0c:
         c7:a7:45:5c:ad:79:4d:a8:15:8f:26:db:39:5b:43:f0:6a:67:
         f0:fe:b7:39:bf:4c:16:e5:74:b3:06:dd:84:27:fd:2f:63:76:
         c6:c2:8a:8f:71:b2:94:8a:2d:a8:3e:a8:de:c1:c2:2c:e8:f7:
         6b:34:06:e8:68:e2:41:58:63:90:bc:10:d5:0f:bd:5f:14:8b:
         9d:78:cf:81:8a:fa:7d:1e:dd:3a:6e:b7:2c:47:1b:93:87:74:
         51:8e:d5:bc
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUe3+dLViqmMi+1Tja7Yg2mgCzxQswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMjcwMDAwMDBaFw0yNDA1MDEyMzU5NTlaMHoxSTBHBgNV
BAUTQDJjMGVmYzlmNzJmMTFlNjllOGJjMDIwYjE1OGFkYjE1ZGVjNzdjZmJkYTU5
NDYyNmIwOTJiOTFmNGE1MjMwZDMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANSe7k5nhNsntoFRjls2MZalROYwnl7tmeGIZTu5N4lirgn3ecupUdEbXIY2
75fSACW0hnx7AdEhlSN29Wlcb5woCKaQ9rLDCvcaDErE/atgoiVPbydbWjACTfsi
gPdfj3y3vOphjT7zZ4nckCNfSEg91xph2bjCXZPDMfTeYczjUp9RAmk4VXrggtdy
4VwDlbty5dWc1/urtu7SFJpSZzSSrqIMV6wVknNd1h9eMSC9h2uqdFGH+rMzfZqq
qqqUhnkisdvNFLiS4OQhg9eKE+8JRtXSewjM7lH2lEmjmDPslF4vahflrimhEZst
MtX/XxCjC7YiR/Zlc08LoVzR6B0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTTaH9e
SMz6uVwZAgZb9wgbTrRCjTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MDVkMmU2ZTAtNjQ4YS00NzJhLWIyODctMWI5NTRlYWU2NDZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVN26jAN
BgkqhkiG9w0BAQsFAAOCAQEANyTzGJUMCXrtmY2eM4qBax7ItqvW1zuyv1GRpVga
fU0+wxXgj1z4DExEOTXY0WwHMXPNoZDfrFSy40/s8tMOcxNDJ2hfKK7bF5BHOiqI
S+kc54Z1VYZ2p/t9ygnLc56ic6ak37iI8wVShLciwR6S4lsSCuE1M/L8lWRXF07Y
VJF7P8ARIfFpU6MGf6yj4DzafipR5xgEixwSdkbPRp2ttS4Mx6dFXK15TagVjybb
OVtD8Gpn8P63Ob9MFuV0swbdhCf9L2N2xsKKj3GylIotqD6o3sHCLOj3azQG6Gji
QVhjkLwQ1Q+9XxSLnXjPgYr6fR7dOm63LEcbk4d0UY7VvA==
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:27 2024 by rpki-client on console-ams.rpki-client.org