Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/09ec97ca-044e-4785-bdd4-fcf9e8d514ca.roa
File:                     09ec97ca-044e-4785-bdd4-fcf9e8d514ca.roa (raw, json)
Hash identifier:          IdZajyGfYIwxtsyHOdgFYdb/WJipE9r/0l5XNsIXJ3E=
Subject key identifier:   96:2F:78:3D:F2:81:CE:52:1C:C7:D8:1F:4D:C2:C5:6E:C6:BC:6B:DD
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       59584D6A1AEC279E88D94AE0B794DA6775246F4E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/09ec97ca-044e-4785-bdd4-fcf9e8d514ca.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.122.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:58:4d:6a:1a:ec:27:9e:88:d9:4a:e0:b7:94:da:67:75:24:6f:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:19:1d:4e:4e:10:eb:97:74:d3:99:7b:1b:f4:
                    04:86:7d:be:75:cf:95:15:7d:9d:5e:23:2b:d1:e5:
                    77:ba:7a:f1:bf:0e:e9:17:e7:a1:56:4b:0e:31:be:
                    29:ce:a8:ce:d8:72:b9:9f:16:24:b8:c2:1d:57:ef:
                    d2:3c:ce:56:f1:17:87:58:13:50:73:e6:5c:c1:29:
                    f6:1b:f0:71:8d:b4:ea:b9:61:b4:53:cf:aa:cb:97:
                    5c:57:5d:78:66:54:b2:6f:de:e4:4a:52:bd:c4:82:
                    79:d8:d8:ad:8d:29:2f:92:8c:67:08:c5:ee:67:93:
                    46:d2:34:be:e9:d6:4d:34:c6:ed:ac:dd:50:4a:1f:
                    b3:4d:8d:ca:40:84:d8:c6:f1:45:84:33:e6:40:61:
                    42:30:f7:26:40:75:a5:b7:c4:88:6c:02:5a:fe:cf:
                    ce:21:e8:56:21:72:52:00:e5:60:73:6e:f3:bb:11:
                    0a:af:0d:43:a0:00:33:14:99:7f:a1:c0:9f:2a:9f:
                    11:5f:f2:05:44:d9:80:05:00:e4:a8:46:25:4b:a0:
                    d5:15:c0:8b:c5:eb:42:2b:c0:15:bf:5c:c2:cf:e5:
                    ca:fe:78:01:b6:b5:3d:ab:ad:30:de:3b:89:c5:ef:
                    a6:bd:b0:70:00:d7:73:ec:f6:d5:a0:ae:82:b8:c3:
                    cb:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:2F:78:3D:F2:81:CE:52:1C:C7:D8:1F:4D:C2:C5:6E:C6:BC:6B:DD
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/09ec97ca-044e-4785-bdd4-fcf9e8d514ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.122.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         12:1a:c4:67:e6:9b:85:10:8f:14:98:12:c1:6e:c9:25:7c:7a:
         64:5f:27:ed:75:34:4d:79:fa:93:4d:25:77:9b:d1:76:37:5c:
         01:c3:52:19:c5:30:46:9b:f3:29:d0:03:b8:3f:70:5e:58:3c:
         d7:5f:65:45:3d:ed:57:5b:88:e6:25:53:a4:f6:11:3d:7f:66:
         87:29:81:93:5e:35:d1:78:97:07:82:f4:48:84:c4:3d:30:f8:
         c3:c8:2b:b1:75:5c:9c:69:ef:0e:77:7f:16:b4:a4:36:cd:d7:
         d0:b5:a9:5e:03:6e:6e:26:62:82:ca:43:bb:77:7b:1c:2c:a3:
         a5:85:ac:61:bf:80:02:b9:c5:ca:c0:8e:54:8d:69:da:21:f0:
         ef:05:ad:55:ef:9f:d7:94:3b:59:81:68:f5:78:e2:04:ed:de:
         6e:ed:78:ef:77:72:84:ed:3f:e1:01:76:ae:02:a2:5d:9f:ff:
         81:20:d6:eb:27:00:52:e3:7a:bb:09:88:7b:91:9c:5c:44:6c:
         53:f7:94:85:67:a1:59:e9:c0:48:a9:95:da:cb:ce:09:4d:c7:
         d1:5e:d5:44:8b:c2:26:65:14:f3:30:c8:1c:aa:4d:be:e0:c2:
         3d:05:f8:f2:b4:5c:93:b3:be:bc:a7:1f:52:6c:c4:c7:d7:de:
         b0:91:32:e5
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUWVhNahrsJ56I2Urgt5TaZ3Ukb04wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDc3MzUyYjE5NmZjZmFhMjhlZDQyZGQ0ODNjMzY5ZDc1ODYyZmJiMjRjMDhk
ZTA5YjRhMTRjNzg3MTA0NWM0ZTYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANoZHU5OEOuXdNOZexv0BIZ9vnXPlRV9nV4jK9Hld7p68b8O6RfnoVZLDjG+
Kc6ozthyuZ8WJLjCHVfv0jzOVvEXh1gTUHPmXMEp9hvwcY206rlhtFPPqsuXXFdd
eGZUsm/e5EpSvcSCedjYrY0pL5KMZwjF7meTRtI0vunWTTTG7azdUEofs02NykCE
2MbxRYQz5kBhQjD3JkB1pbfEiGwCWv7PziHoViFyUgDlYHNu87sRCq8NQ6AAMxSZ
f6HAnyqfEV/yBUTZgAUA5KhGJUug1RXAi8XrQivAFb9cws/lyv54Aba1PautMN47
icXvpr2wcADXc+z21aCugrjDy6kCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSWL3g9
8oHOUhzH2B9NwsVuxrxr3TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MDllYzk3Y2EtMDQ0ZS00Nzg1LWJkZDQtZmNmOWU4ZDUxNGNhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATN6MA0G
CSqGSIb3DQEBCwUAA4IBAQASGsRn5puFEI8UmBLBbsklfHpkXyftdTRNefqTTSV3
m9F2N1wBw1IZxTBGm/Mp0AO4P3BeWDzXX2VFPe1XW4jmJVOk9hE9f2aHKYGTXjXR
eJcHgvRIhMQ9MPjDyCuxdVycae8Od38WtKQ2zdfQtaleA25uJmKCykO7d3scLKOl
haxhv4ACucXKwI5UjWnaIfDvBa1V75/XlDtZgWj1eOIE7d5u7Xjvd3KE7T/hAXau
AqJdn/+BINbrJwBS43q7CYh7kZxcRGxT95SFZ6FZ6cBIqZXay84JTcfRXtVEi8Im
ZRTzMMgcqk2+4MI9BfjytFyTs768px9SbMTH196wkTLl
-----END CERTIFICATE-----
Generated at Sun Feb 16 15:15:10 2025 by rpki-client