Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/179c664b-afae-4c21-9c97-2a2a3985d5b0.roa
File:                     179c664b-afae-4c21-9c97-2a2a3985d5b0.roa (raw, json)
Hash identifier:          XsN1c53JeqN9Yt7tzq2PJ41iDXTMznlGa79xiQwQ4Hc=
Subject key identifier:   05:60:95:BB:8B:F2:E3:00:6E:C6:EA:1F:76:4C:7E:0D:CB:FF:54:39
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       3478DF81C63711C657EEA82E5A233FB39EC14796
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/179c664b-afae-4c21-9c97-2a2a3985d5b0.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.117.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:78:df:81:c6:37:11:c6:57:ee:a8:2e:5a:23:3f:b3:9e:c1:47:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=b4f815214fbfe76e69970b42e38a5ebfcf6ec1cb504e331a01e74907c53e02d1, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:da:82:0f:b0:92:f0:77:f2:f3:1e:d8:e9:e7:
                    90:09:59:88:33:28:e7:e9:28:c9:33:52:d2:b5:08:
                    a1:25:66:ff:83:7e:a8:de:a2:fc:11:0f:90:e2:aa:
                    51:8c:e5:07:8b:57:86:14:c0:2c:87:e5:46:fb:fd:
                    03:91:5c:61:99:ee:8d:74:5d:09:54:ed:6f:f2:08:
                    8e:71:50:a6:10:49:7f:31:af:d3:0e:d2:e8:e3:5b:
                    24:8f:31:a7:66:8e:8f:27:6b:76:a2:b9:b4:b0:ee:
                    75:44:5e:d0:35:d2:61:d0:f6:2e:e9:77:4c:bb:77:
                    24:ea:4e:3c:5c:e8:74:f2:d4:36:f9:de:39:a6:a8:
                    75:30:16:e0:aa:41:66:15:46:b3:96:00:e2:e8:6c:
                    18:cd:8b:c3:e9:30:25:ef:f0:fa:4b:2d:d8:66:70:
                    cd:90:ad:d8:bf:42:d3:47:eb:62:d3:5a:6d:37:34:
                    00:d8:c9:49:7d:8e:f6:e9:17:54:5a:92:75:e6:c4:
                    13:94:a3:48:16:2e:f8:6d:1c:bf:8a:07:5d:fb:a5:
                    e0:24:7d:73:d3:0f:3e:02:0a:ca:98:cc:68:f0:8b:
                    87:eb:53:29:9f:bb:87:27:02:b4:98:c5:5f:48:ed:
                    80:58:c7:45:48:c9:27:b5:48:91:7c:d3:e8:32:ae:
                    ad:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:60:95:BB:8B:F2:E3:00:6E:C6:EA:1F:76:4C:7E:0D:CB:FF:54:39
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/179c664b-afae-4c21-9c97-2a2a3985d5b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.117.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         44:8c:a5:68:b4:19:d9:f9:2a:69:86:f9:1f:92:54:c3:6a:51:
         49:93:92:06:a8:7f:21:7e:84:bc:d5:b7:55:66:ed:44:3f:bd:
         69:15:4e:00:96:2b:29:65:b3:0f:52:74:07:88:d3:52:ea:e9:
         9d:ff:eb:29:0e:80:6e:61:32:94:01:a1:15:53:27:c8:d4:f5:
         d9:06:86:9e:54:88:47:01:c9:33:6a:38:47:74:be:f9:00:56:
         79:9a:0e:a5:27:3d:ae:ed:df:e9:a5:41:cd:ec:81:23:1a:1d:
         25:40:00:45:ce:b6:dc:b3:65:ee:99:ed:a7:a2:7c:32:70:92:
         07:f0:11:d0:a5:56:6d:7b:02:62:2e:8c:31:a9:fa:0f:15:a9:
         79:07:06:b9:a5:10:a8:bd:c8:b7:3c:78:5e:ac:36:3d:70:2f:
         1f:0b:9c:1e:cb:a4:79:48:fe:02:84:a6:ad:4d:22:90:ad:09:
         92:ef:b6:28:07:48:9a:b7:28:39:b3:12:c9:ba:41:b7:57:04:
         02:68:67:8a:91:23:c6:c6:e5:64:89:00:55:be:72:a9:f0:64:
         29:21:6e:4f:2e:d5:50:63:db:fc:2d:c6:f4:76:83:6a:c0:b2:
         f9:cf:ad:78:24:b3:d8:a1:ae:90:28:37:bd:bd:0e:1c:e1:d6:
         24:44:12:bf
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUNHjfgcY3EcZX7qguWiM/s57BR5YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGI0ZjgxNTIxNGZiZmU3NmU2OTk3MGI0MmUzOGE1ZWJmY2Y2ZWMxY2I1MDRl
MzMxYTAxZTc0OTA3YzUzZTAyZDExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK/agg+wkvB38vMe2OnnkAlZiDMo5+koyTNS0rUIoSVm/4N+qN6i/BEPkOKq
UYzlB4tXhhTALIflRvv9A5FcYZnujXRdCVTtb/IIjnFQphBJfzGv0w7S6ONbJI8x
p2aOjydrdqK5tLDudURe0DXSYdD2Lul3TLt3JOpOPFzodPLUNvneOaaodTAW4KpB
ZhVGs5YA4uhsGM2Lw+kwJe/w+kst2GZwzZCt2L9C00frYtNabTc0ANjJSX2O9ukX
VFqSdebEE5SjSBYu+G0cv4oHXful4CR9c9MPPgIKypjMaPCLh+tTKZ+7hycCtJjF
X0jtgFjHRUjJJ7VIkXzT6DKurV0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQFYJW7
i/LjAG7G6h92TH4Ny/9UOTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MTc5YzY2NGItYWZhZS00YzIxLTljOTctMmEyYTM5ODVkNWIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADN1MA0G
CSqGSIb3DQEBCwUAA4IBAQBEjKVotBnZ+SpphvkfklTDalFJk5IGqH8hfoS81bdV
Zu1EP71pFU4AlispZbMPUnQHiNNS6umd/+spDoBuYTKUAaEVUyfI1PXZBoaeVIhH
AckzajhHdL75AFZ5mg6lJz2u7d/ppUHN7IEjGh0lQABFzrbcs2Xume2nonwycJIH
8BHQpVZtewJiLowxqfoPFal5Bwa5pRCovci3PHherDY9cC8fC5wey6R5SP4ChKat
TSKQrQmS77YoB0iatyg5sxLJukG3VwQCaGeKkSPGxuVkiQBVvnKp8GQpIW5PLtVQ
Y9v8Lcb0doNqwLL5z614JLPYoa6QKDe9vQ4c4dYkRBK/
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:27 2024 by rpki-client on console-ams.rpki-client.org