Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa
File:                     123b20eb-4142-4c18-96e0-d1871de66fd3.roa (raw, json)
Hash identifier:          9n9tg9flrGUtOOXx+7YUbhSVfs7EQn1dWcjK+X8+o4I=
Subject key identifier:   50:60:72:67:F7:0A:ED:F5:2A:EF:A0:AD:97:66:A8:79:B8:2F:12:0B
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       21996F30BDF1FEB8E658E5D59D23D6E235074DF2
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.214.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:99:6f:30:bd:f1:fe:b8:e6:58:e5:d5:9d:23:d6:e2:35:07:4d:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=cc5b3c35e8592e7f7947ada637d7fa35dda4ca237205684af0da7316d7d16de7, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c7:a9:f9:93:cb:8d:d4:aa:6c:c3:3d:f7:02:
                    78:75:62:a6:d6:8b:f7:b5:8a:32:85:c1:e4:26:ab:
                    60:c1:bd:f9:b6:ed:b0:15:af:43:24:ca:cf:f6:86:
                    c0:0f:9d:9d:12:ba:dd:4d:95:6a:82:35:ae:06:55:
                    1e:a2:4c:d9:10:05:5c:a4:ac:df:fb:9a:ad:47:65:
                    15:20:61:c6:9e:7a:be:c1:fc:2d:3b:5f:e8:0a:bb:
                    fa:5f:7a:b1:d8:a1:17:94:46:c4:51:d3:4b:ee:3f:
                    0f:52:6a:16:d1:4b:4f:77:49:33:c0:32:b4:bd:0b:
                    f0:12:c7:63:8e:73:4f:4d:b4:4f:1b:38:2a:a7:5c:
                    65:41:0c:be:a1:dc:00:60:7f:e9:06:22:91:3e:15:
                    bd:b6:d4:93:a5:f0:e6:b9:87:3d:3d:b2:7d:a1:a9:
                    8a:10:9f:ab:b1:1b:c6:6e:23:9e:c7:16:60:9c:fd:
                    f4:c8:40:1d:88:c9:a1:e2:a7:79:69:a4:a3:c3:c3:
                    f5:fb:a8:c1:34:fa:38:dc:89:ea:26:b8:2e:c6:6c:
                    bd:2f:0c:cb:4a:46:7b:0a:2c:49:07:24:c9:d4:1b:
                    7a:6a:da:ff:38:79:6b:5d:97:88:55:5a:9f:c7:8a:
                    c9:cd:f3:c1:44:a6:5e:28:27:fc:ba:6c:7b:5a:d3:
                    70:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:60:72:67:F7:0A:ED:F5:2A:EF:A0:AD:97:66:A8:79:B8:2F:12:0B
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.214.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         1f:7e:7e:2a:26:4c:32:68:98:c5:b7:d5:c4:92:0b:b5:75:fe:
         4e:35:2a:77:d7:ed:1a:d1:8f:d7:d6:21:7a:8b:9d:40:1a:c5:
         25:66:33:0b:6e:f8:eb:96:d9:ab:dc:f4:ea:13:cf:aa:9a:5b:
         ed:14:a3:c6:2f:e5:44:54:e4:d9:83:53:a0:99:dc:fc:03:4d:
         63:c8:6e:77:de:53:5e:fa:92:9b:66:e7:6f:9f:bb:df:f1:16:
         7b:f5:42:c8:95:3e:88:63:9c:81:ce:c6:a4:6b:50:ff:73:32:
         93:26:17:e1:9f:53:7b:6c:79:fb:b0:78:29:1c:99:6d:24:57:
         ae:86:b7:b4:6b:b8:95:69:0e:33:05:09:99:93:85:d2:cd:9b:
         e0:d0:37:41:ea:00:e3:bb:6e:5b:5d:bd:6d:63:42:12:b5:52:
         91:89:ac:f4:70:05:93:cf:b3:f0:5c:0c:d7:18:17:c0:b2:55:
         43:17:3c:50:30:cc:87:3f:9d:fb:1e:b7:25:be:16:fe:41:4e:
         b8:91:4e:cc:48:c9:4f:12:e8:99:88:8a:9d:80:5d:78:96:b3:
         02:bd:b4:4a:6c:af:92:a6:04:f6:82:7a:45:a9:e0:be:a6:26:
         ed:df:c9:7a:5e:5e:7d:52:84:b0:a6:e7:cd:ca:63:bc:76:02:
         e9:5e:3f:d8
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUIZlvML3x/rjmWOXVnSPW4jUHTfIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGNjNWIzYzM1ZTg1OTJlN2Y3OTQ3YWRhNjM3ZDdmYTM1ZGRhNGNhMjM3MjA1
Njg0YWYwZGE3MzE2ZDdkMTZkZTcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKrHqfmTy43UqmzDPfcCeHViptaL97WKMoXB5CarYMG9+bbtsBWvQyTKz/aG
wA+dnRK63U2VaoI1rgZVHqJM2RAFXKSs3/uarUdlFSBhxp56vsH8LTtf6Aq7+l96
sdihF5RGxFHTS+4/D1JqFtFLT3dJM8AytL0L8BLHY45zT020Txs4KqdcZUEMvqHc
AGB/6QYikT4VvbbUk6Xw5rmHPT2yfaGpihCfq7Ebxm4jnscWYJz99MhAHYjJoeKn
eWmko8PD9fuowTT6ONyJ6ia4LsZsvS8My0pGewosSQckydQbemra/zh5a12XiFVa
n8eKyc3zwUSmXign/Lpse1rTcGMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRQYHJn
9wrt9SrvoK2XZqh5uC8SCzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MTIzYjIwZWItNDE0Mi00YzE4LTk2ZTAtZDE4NzFkZTY2ZmQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPWMA0G
CSqGSIb3DQEBCwUAA4IBAQAffn4qJkwyaJjFt9XEkgu1df5ONSp31+0a0Y/X1iF6
i51AGsUlZjMLbvjrltmr3PTqE8+qmlvtFKPGL+VEVOTZg1Ogmdz8A01jyG533lNe
+pKbZudvn7vf8RZ79ULIlT6IY5yBzsaka1D/czKTJhfhn1N7bHn7sHgpHJltJFeu
hre0a7iVaQ4zBQmZk4XSzZvg0DdB6gDju25bXb1tY0IStVKRiaz0cAWTz7PwXAzX
GBfAslVDFzxQMMyHP537Hrclvhb+QU64kU7MSMlPEuiZiIqdgF14lrMCvbRKbK+S
pgT2gnpFqeC+pibt38l6Xl59UoSwpufNymO8dgLpXj/Y
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:20 2024 by rpki-client on console-fra.rpki-client.org