Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1db20bc8-3bbe-45ae-975a-e89becd95e47.roa
File:                     1db20bc8-3bbe-45ae-975a-e89becd95e47.roa (raw, json)
Hash identifier:          KX4ZLdTvCZTCiI3XkXrTa8jfM+vpYyByGD1WDWNuihE=
Subject key identifier:   1F:59:6A:3E:90:80:94:6E:8B:62:76:58:67:47:A9:EF:B9:FC:39:E3
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       056C338A2CE5D72F5FDDADCD92FFB6EEDCE099D9
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1db20bc8-3bbe-45ae-975a-e89becd95e47.roa
Signing time:             Wed 27 Mar 2024 00:00:00 +0000
ROA not before:           Wed 27 Mar 2024 00:00:00 +0000
ROA not after:            Wed 01 May 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        51.44.0.0/14 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:6c:33:8a:2c:e5:d7:2f:5f:dd:ad:cd:92:ff:b6:ee:dc:e0:99:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 27 00:00:00 2024 GMT
            Not After : May  1 23:59:59 2024 GMT
        Subject: serialNumber=9b0a9c2988e8033be5eb770805fb677517054142b47929e3e1a826a99e298a1a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ce:a4:d6:e6:98:52:02:e9:e5:f6:b7:c9:de:
                    cb:36:85:d0:04:14:21:a0:b2:3e:fc:e8:78:b9:34:
                    80:ac:a5:e2:21:7f:5b:5c:48:59:4e:cb:e5:44:f6:
                    76:be:f6:ab:4a:a9:82:80:1f:fb:35:11:9a:ff:19:
                    fa:ca:0d:f5:1f:59:06:e5:ef:e9:80:96:24:df:3a:
                    03:3d:86:49:de:de:9e:8c:e9:c0:7d:5a:cd:92:69:
                    15:dd:d5:77:1f:4d:68:64:2d:6b:2f:1e:11:76:7b:
                    ce:66:83:9a:a0:35:e4:53:df:02:cb:15:6a:a7:44:
                    4e:4b:4c:0f:63:13:d0:e1:9c:27:c1:56:27:5a:eb:
                    29:3a:b7:ff:53:bf:7f:25:a2:c1:92:bb:e5:ce:eb:
                    a9:4a:91:69:e0:e9:90:1f:c0:95:13:a7:8c:fd:7f:
                    01:5d:8c:41:ac:ca:36:0b:43:52:33:d3:96:52:73:
                    42:dc:41:f5:6c:ae:47:7e:87:68:78:3e:83:c6:a1:
                    3b:ee:ca:d2:61:e1:da:16:b2:2d:58:95:27:af:44:
                    ff:f4:d4:60:52:90:3f:05:76:f0:52:91:0f:e3:b2:
                    70:d0:b1:e4:66:fd:4e:22:e8:8f:bb:a8:ea:48:f5:
                    b5:35:90:c9:15:d6:e7:06:92:55:b4:e3:a7:f1:d6:
                    7a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:59:6A:3E:90:80:94:6E:8B:62:76:58:67:47:A9:EF:B9:FC:39:E3
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1db20bc8-3bbe-45ae-975a-e89becd95e47.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.44.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         7f:ac:f8:5a:13:94:ea:b8:17:0f:35:df:f4:3d:12:ec:7d:77:
         39:9a:ec:7a:c2:1c:0b:d1:67:59:ed:86:13:5f:a9:dc:63:5e:
         ea:66:cc:16:a0:02:d5:ee:97:10:55:a1:12:ba:6d:0e:b3:e4:
         6f:bb:ff:b9:01:62:0b:bf:e9:57:89:ca:e2:9e:42:11:b2:56:
         38:42:04:a0:b9:c9:c6:5e:cd:02:6a:26:e8:56:af:65:cd:b7:
         18:0d:51:6a:c2:1f:a2:d2:c6:22:9c:12:b9:ef:9a:6a:59:a4:
         b5:fb:27:36:a3:78:ee:96:d5:9b:c8:64:db:56:bf:40:03:a8:
         d8:6d:99:ae:e1:6d:f1:e0:f0:77:a2:e9:fa:6a:26:e2:e9:26:
         33:81:2e:55:c4:d2:af:5e:61:4f:a1:f2:d8:ea:0a:39:9d:d2:
         7b:46:75:ad:70:9c:ea:ab:04:e0:a7:f2:d1:bb:94:98:a6:42:
         83:91:c1:24:0c:36:09:32:00:41:16:1c:0a:24:2f:3e:43:7c:
         b3:56:ae:70:ed:25:e5:5b:da:a6:48:4e:6e:72:7b:0e:f9:35:
         e5:6c:8c:ef:65:6d:81:7f:1e:c1:75:10:02:97:02:85:3f:f0:
         d9:11:dd:f5:e0:c1:6b:5c:51:33:5e:1a:b4:26:7e:69:25:d3:
         0a:b2:52:1c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUBWwziizl1y9f3a3Nkv+27tzgmdkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMjcwMDAwMDBaFw0yNDA1MDEyMzU5NTlaMHoxSTBHBgNV
BAUTQDliMGE5YzI5ODhlODAzM2JlNWViNzcwODA1ZmI2Nzc1MTcwNTQxNDJiNDc5
MjllM2UxYTgyNmE5OWUyOThhMWExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALPOpNbmmFIC6eX2t8neyzaF0AQUIaCyPvzoeLk0gKyl4iF/W1xIWU7L5UT2
dr72q0qpgoAf+zURmv8Z+soN9R9ZBuXv6YCWJN86Az2GSd7enozpwH1azZJpFd3V
dx9NaGQtay8eEXZ7zmaDmqA15FPfAssVaqdETktMD2MT0OGcJ8FWJ1rrKTq3/1O/
fyWiwZK75c7rqUqRaeDpkB/AlROnjP1/AV2MQazKNgtDUjPTllJzQtxB9WyuR36H
aHg+g8ahO+7K0mHh2hayLViVJ69E//TUYFKQPwV28FKRD+OycNCx5Gb9TiLoj7uo
6kj1tTWQyRXW5waSVbTjp/HWerECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQfWWo+
kICUbotidlhnR6nvufw54zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MWRiMjBiYzgtM2JiZS00NWFlLTk3NWEtZTg5YmVjZDk1ZTQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAjMsMA0G
CSqGSIb3DQEBCwUAA4IBAQB/rPhaE5TquBcPNd/0PRLsfXc5mux6whwL0WdZ7YYT
X6ncY17qZswWoALV7pcQVaESum0Os+Rvu/+5AWILv+lXicrinkIRslY4QgSgucnG
Xs0CaiboVq9lzbcYDVFqwh+i0sYinBK575pqWaS1+yc2o3jultWbyGTbVr9AA6jY
bZmu4W3x4PB3oun6aibi6SYzgS5VxNKvXmFPofLY6go5ndJ7RnWtcJzqqwTgp/LR
u5SYpkKDkcEkDDYJMgBBFhwKJC8+Q3yzVq5w7SXlW9qmSE5ucnsO+TXlbIzvZW2B
fx7BdRAClwKFP/DZEd314MFrXFEzXhq0Jn5pJdMKslIc
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:27 2024 by rpki-client on console-ams.rpki-client.org