Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/19c9eed5-cdd2-4e3a-8785-800ec4f9e023.roa
File:                     19c9eed5-cdd2-4e3a-8785-800ec4f9e023.roa (raw, json)
Hash identifier:          Bh/r8ltqhAA5MIbkXH9jn4oQsvlF1QzODlwzitsilWI=
Subject key identifier:   2E:10:A5:6E:E5:66:98:CC:C7:36:5B:AF:7B:E0:AE:67:3F:FD:B9:55
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       45D53FB92A1E1C72BB0C17EC7FA91168FDE6A7CB
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/19c9eed5-cdd2-4e3a-8785-800ec4f9e023.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        2a01:578:1200::/39 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:d5:3f:b9:2a:1e:1c:72:bb:0c:17:ec:7f:a9:11:68:fd:e6:a7:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=34fb6d762a6183937f02a83f2dd0b0771cfc037822eecc7ddd3082d05c82a9e5, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b8:8d:69:0d:7e:ac:67:bf:27:5b:8c:84:c3:
                    51:fd:f1:69:2b:bf:35:9f:c8:e0:c4:b0:97:bf:ad:
                    6b:42:2a:17:18:7b:5e:d2:9d:57:01:45:1e:c5:b2:
                    89:d8:ab:0a:c4:f9:55:bf:78:8b:89:7a:f4:34:5b:
                    7f:05:14:33:be:9c:58:c1:db:9e:2a:2c:26:3f:f1:
                    fc:bc:09:44:69:80:6a:f4:34:d0:3b:d9:cf:6d:68:
                    2b:b7:4a:96:7a:d5:2b:13:57:ab:83:f3:45:0b:7e:
                    ab:e5:65:f6:a2:46:63:85:3e:fe:6c:38:d0:ed:14:
                    d6:d5:2d:6a:e6:72:ec:2d:ad:a8:65:c8:89:84:15:
                    09:8d:ce:37:d5:c5:e5:6b:43:3e:ea:31:7c:44:82:
                    8a:4f:37:3d:46:08:6d:61:2c:8f:13:b5:92:cd:16:
                    e0:44:aa:da:db:5a:64:ac:af:7d:ed:fb:20:10:aa:
                    f6:7a:7d:f4:17:33:c5:d6:2d:94:9e:25:f4:ec:dd:
                    5d:7f:49:45:31:d7:e1:7e:96:7e:e1:a3:de:a0:5c:
                    7d:e5:1f:1d:55:37:5a:20:c0:b9:24:8d:2d:69:a0:
                    bf:37:8d:e6:6c:07:6a:c4:b8:38:af:60:01:25:af:
                    44:9f:9c:68:3a:12:94:3f:59:5e:d5:89:b8:20:6c:
                    8b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:10:A5:6E:E5:66:98:CC:C7:36:5B:AF:7B:E0:AE:67:3F:FD:B9:55
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/19c9eed5-cdd2-4e3a-8785-800ec4f9e023.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578:1200::/39

    Signature Algorithm: sha256WithRSAEncryption
         b0:8b:9d:96:ff:67:a2:d4:ea:de:a0:07:12:70:03:7d:3a:16:
         ec:c8:ff:57:57:30:ab:50:62:2e:65:9a:e7:97:8d:a0:11:0c:
         b0:19:45:c0:4a:2d:b5:c1:bd:ca:f5:df:2e:25:10:9e:b3:52:
         2c:fc:84:09:dc:77:28:3d:31:5b:f1:33:0d:11:f5:d9:a4:2e:
         ab:84:e1:53:c9:68:46:94:3d:cf:a0:98:3a:e1:e3:06:d5:de:
         d2:c2:58:06:f3:aa:07:5c:44:70:99:f5:83:3b:c6:ab:2e:b3:
         50:a4:00:72:a3:b4:7d:af:16:bc:a3:b2:8d:75:e2:5a:aa:8f:
         47:a5:ab:e8:07:db:8a:b7:1e:84:bb:0f:d4:f1:8b:49:26:2e:
         40:e8:8a:96:b4:d4:08:35:6d:9b:08:51:6c:e4:93:fd:a7:bf:
         ed:ef:d9:27:e1:b7:59:25:84:ed:9c:93:c8:f6:05:7a:4c:68:
         b7:18:5e:59:c5:bd:01:f3:8e:db:ff:37:de:5b:17:e6:d0:6d:
         d5:ca:81:41:e3:88:1a:79:90:ff:da:74:e3:f0:2a:ec:8b:2e:
         c9:cc:8c:1b:2e:23:bf:3d:fa:ad:c9:47:58:e3:6c:37:cb:fc:
         dc:4d:3c:09:09:6b:2a:77:18:64:d6:15:f5:f7:f8:a2:54:aa:
         27:0b:22:e1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIURdU/uSoeHHK7DBfsf6kRaP3mp8swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDM0ZmI2ZDc2MmE2MTgzOTM3ZjAyYTgzZjJkZDBiMDc3MWNmYzAzNzgyMmVl
Y2M3ZGRkMzA4MmQwNWM4MmE5ZTUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALm4jWkNfqxnvydbjITDUf3xaSu/NZ/I4MSwl7+ta0IqFxh7XtKdVwFFHsWy
idirCsT5Vb94i4l69DRbfwUUM76cWMHbniosJj/x/LwJRGmAavQ00DvZz21oK7dK
lnrVKxNXq4PzRQt+q+Vl9qJGY4U+/mw40O0U1tUtauZy7C2tqGXIiYQVCY3ON9XF
5WtDPuoxfESCik83PUYIbWEsjxO1ks0W4ESq2ttaZKyvfe37IBCq9np99BczxdYt
lJ4l9OzdXX9JRTHX4X6WfuGj3qBcfeUfHVU3WiDAuSSNLWmgvzeN5mwHasS4OK9g
ASWvRJ+caDoSlD9ZXtWJuCBsiy0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQuEKVu
5WaYzMc2W6974K5nP/25VTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MTljOWVlZDUtY2RkMi00ZTNhLTg3ODUtODAwZWM0ZjllMDIzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGASoBBXgS
MA0GCSqGSIb3DQEBCwUAA4IBAQCwi52W/2ei1OreoAcScAN9OhbsyP9XVzCrUGIu
ZZrnl42gEQywGUXASi21wb3K9d8uJRCes1Is/IQJ3HcoPTFb8TMNEfXZpC6rhOFT
yWhGlD3PoJg64eMG1d7SwlgG86oHXERwmfWDO8arLrNQpAByo7R9rxa8o7KNdeJa
qo9HpavoB9uKtx6Euw/U8YtJJi5A6IqWtNQINW2bCFFs5JP9p7/t79kn4bdZJYTt
nJPI9gV6TGi3GF5Zxb0B847b/zfeWxfm0G3VyoFB44gaeZD/2nTj8Crsiy7JzIwb
LiO/PfqtyUdY42w3y/zcTTwJCWsqdxhk1hX19/iiVKonCyLh
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:27 2024 by rpki-client on console-ams.rpki-client.org