Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1dff7204-d968-4bb7-8e61-2db8925bf33e.roa
File:                     1dff7204-d968-4bb7-8e61-2db8925bf33e.roa (raw, json)
Hash identifier:          kuI4zAu9c8NaHxsLzaZlPVrkzYxUe0xaDlM3unX7uJU=
Subject key identifier:   8B:43:B9:73:D9:22:CB:B6:E2:02:B4:E0:BD:0E:10:BE:79:A6:BE:63
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       09E3BC84905378A61F9BD81973D1596D31A2B6A7
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1dff7204-d968-4bb7-8e61-2db8925bf33e.roa
Signing time:             Tue 26 Mar 2024 00:00:00 +0000
ROA not before:           Tue 26 Mar 2024 00:00:00 +0000
ROA not after:            Tue 30 Apr 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        195.61.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:e3:bc:84:90:53:78:a6:1f:9b:d8:19:73:d1:59:6d:31:a2:b6:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 26 00:00:00 2024 GMT
            Not After : Apr 30 23:59:59 2024 GMT
        Subject: serialNumber=7c0fad7de73c3742cf3bd3ef8c9c74e4b5a31e6d33ddbaa5f9a1e33a7b64b4eb, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:70:79:41:bf:87:c8:40:91:e6:03:f8:b3:7f:
                    86:07:75:2c:c6:aa:ec:dd:79:35:c9:a8:aa:c2:58:
                    fd:c6:a3:07:fd:5c:b7:aa:69:f8:e9:97:af:92:1e:
                    66:c0:4d:dc:58:96:e6:be:45:23:6a:9a:62:2a:76:
                    7a:c7:52:5e:51:59:b0:30:64:47:5b:c7:96:9e:23:
                    5e:89:21:e4:ae:2e:28:66:5e:f8:6b:ad:d8:9f:cf:
                    83:9e:7d:dd:b0:5f:d6:0e:9a:c9:6c:bc:59:a5:2b:
                    f2:91:b7:34:f5:52:19:0a:96:f8:f5:fb:91:4e:0b:
                    55:09:31:45:db:2a:98:56:59:50:c6:b9:2c:ea:ed:
                    84:1c:01:8b:ac:65:60:b7:75:af:6d:0f:53:8d:ce:
                    80:28:98:d6:65:d2:92:44:7a:13:4d:32:0a:56:ba:
                    c8:fe:31:1a:ff:e3:8c:fc:77:50:de:fd:98:db:2c:
                    94:12:14:46:f9:d9:b1:ca:90:7b:22:9e:63:0b:61:
                    cc:d5:a1:09:54:63:86:03:af:c1:56:27:5c:41:e7:
                    eb:0c:ec:32:cb:2e:37:a6:26:2d:25:72:f0:24:45:
                    c0:ae:63:fb:f0:3a:30:fd:a5:ac:23:18:85:59:24:
                    73:59:01:4e:23:7d:46:94:c6:6e:52:75:52:a9:12:
                    b4:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:43:B9:73:D9:22:CB:B6:E2:02:B4:E0:BD:0E:10:BE:79:A6:BE:63
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1dff7204-d968-4bb7-8e61-2db8925bf33e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.61.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         00:25:bc:1a:df:5b:aa:cd:88:0b:e7:a8:50:f7:e8:90:c5:fe:
         fc:b5:c1:0b:d7:06:ca:6a:9e:7a:5f:ee:d4:bd:fa:62:29:c1:
         2c:19:da:dc:62:04:2a:61:14:0c:8f:f0:9e:1b:7a:0a:b9:70:
         d3:99:c1:c4:94:44:59:b0:2f:91:86:0f:f5:a6:d9:68:75:5c:
         13:e0:78:bc:80:1c:a4:53:71:74:6f:d9:db:d2:34:87:a6:68:
         69:d0:df:d9:9e:b7:b1:05:6c:d5:6f:d8:dc:de:eb:aa:e8:5f:
         11:60:c0:e5:7f:d0:f4:77:65:44:7d:de:23:e1:7a:da:00:22:
         b7:d3:bb:3e:69:62:6e:80:27:21:aa:37:99:66:3d:77:a2:7b:
         07:85:96:84:72:fc:77:1c:f2:be:a1:e0:eb:fe:fa:cc:21:cc:
         c6:63:64:f4:9b:ce:34:6f:b7:0d:fd:71:e4:86:f9:35:0b:f0:
         6b:e8:4d:a1:d8:ce:c5:08:a1:0a:4c:b5:79:b7:9e:47:62:df:
         f3:08:e1:62:4b:ec:2a:56:bc:41:06:ee:3c:d4:2e:3c:cd:f0:
         5f:8f:f2:53:99:48:46:3c:45:83:fd:97:22:27:23:8d:d6:d0:
         e7:cb:f8:72:1d:7b:df:50:35:b9:57:5d:97:24:c4:35:17:a1:
         2a:bf:5f:4f
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUCeO8hJBTeKYfm9gZc9FZbTGitqcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMjYwMDAwMDBaFw0yNDA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDdjMGZhZDdkZTczYzM3NDJjZjNiZDNlZjhjOWM3NGU0YjVhMzFlNmQzM2Rk
YmFhNWY5YTFlMzNhN2I2NGI0ZWIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJBweUG/h8hAkeYD+LN/hgd1LMaq7N15NcmoqsJY/cajB/1ct6pp+OmXr5Ie
ZsBN3FiW5r5FI2qaYip2esdSXlFZsDBkR1vHlp4jXokh5K4uKGZe+Gut2J/Pg559
3bBf1g6ayWy8WaUr8pG3NPVSGQqW+PX7kU4LVQkxRdsqmFZZUMa5LOrthBwBi6xl
YLd1r20PU43OgCiY1mXSkkR6E00yCla6yP4xGv/jjPx3UN79mNsslBIURvnZscqQ
eyKeYwthzNWhCVRjhgOvwVYnXEHn6wzsMssuN6YmLSVy8CRFwK5j+/A6MP2lrCMY
hVkkc1kBTiN9RpTGblJ1UqkStMkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSLQ7lz
2SLLtuICtOC9DhC+eaa+YzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MWRmZjcyMDQtZDk2OC00YmI3LThlNjEtMmRiODkyNWJmMzNlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMM9MA0G
CSqGSIb3DQEBCwUAA4IBAQAAJbwa31uqzYgL56hQ9+iQxf78tcEL1wbKap56X+7U
vfpiKcEsGdrcYgQqYRQMj/CeG3oKuXDTmcHElERZsC+Rhg/1ptlodVwT4Hi8gByk
U3F0b9nb0jSHpmhp0N/ZnrexBWzVb9jc3uuq6F8RYMDlf9D0d2VEfd4j4XraACK3
07s+aWJugCchqjeZZj13onsHhZaEcvx3HPK+oeDr/vrMIczGY2T0m840b7cN/XHk
hvk1C/Br6E2h2M7FCKEKTLV5t55HYt/zCOFiS+wqVrxBBu481C48zfBfj/JTmUhG
PEWD/ZciJyON1tDny/hyHXvfUDW5V12XJMQ1F6Eqv19P
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:40 2024 by rpki-client on console-ams.rpki-client.org