Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2740a5f5-ec55-42ac-b7df-f4c863c83981.roa
File:                     2740a5f5-ec55-42ac-b7df-f4c863c83981.roa (raw, json)
Hash identifier:          kFjJct5YIhlfYD7WyExBiQJkLTZcC4UnUUd8lNSansg=
Subject key identifier:   F5:EA:4C:8A:34:BE:A6:8B:14:0D:82:C5:8A:62:AD:C8:03:9C:C7:0F
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       665B9E0456B1C35CC4591FD1EE8F93196B53D521
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2740a5f5-ec55-42ac-b7df-f4c863c83981.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.125.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:5b:9e:04:56:b1:c3:5c:c4:59:1f:d1:ee:8f:93:19:6b:53:d5:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=d1d584deff998ae9f53f66d7e017f2c1f7e0d79274ba66ea87993aefe41a6ee3, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ea:e9:2c:fd:24:d6:9a:e5:7d:3f:f7:97:37:
                    78:80:d7:1e:6d:eb:6a:c5:b8:75:11:63:aa:75:16:
                    35:ae:2c:36:a7:ce:a3:a7:c9:31:c1:56:90:a2:52:
                    ec:99:10:21:ac:c4:b0:b0:85:b0:83:45:28:55:7a:
                    d5:1f:8e:d1:43:e6:d9:fd:7d:5d:09:f1:a6:8d:f8:
                    6c:76:20:1a:79:28:d3:d5:2c:f5:e4:20:4e:2a:2c:
                    11:3f:8d:dc:a4:cd:45:99:72:6b:64:e6:52:71:ee:
                    cd:d1:ce:77:69:a4:5d:bb:4d:df:9f:e1:51:3a:89:
                    ba:4c:24:3f:2d:a3:1c:80:75:c9:99:3e:d2:c6:63:
                    e9:b2:30:c1:cc:af:e6:72:16:21:9f:c6:f4:a3:c5:
                    a8:3c:b4:8b:9d:7f:07:15:08:39:4c:82:0c:39:f7:
                    ff:5e:62:41:89:b4:d6:22:d9:1d:2b:81:28:71:74:
                    d3:27:15:ec:8e:74:4f:34:71:43:aa:dd:b5:e0:59:
                    1b:86:91:8a:a5:38:74:6e:a8:df:3b:4c:76:e9:84:
                    67:ec:f8:1e:1e:7b:28:de:a4:7d:d0:a2:d4:d1:f1:
                    63:b4:bf:c8:6f:e7:d2:45:f2:5b:3a:90:f6:d3:58:
                    75:11:d0:24:4f:c0:3c:84:49:f4:ee:ea:ca:9b:d1:
                    ae:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:EA:4C:8A:34:BE:A6:8B:14:0D:82:C5:8A:62:AD:C8:03:9C:C7:0F
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2740a5f5-ec55-42ac-b7df-f4c863c83981.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.125.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         17:1d:0b:0d:c0:ae:d3:8e:b3:04:ed:17:46:e9:ae:4f:5f:e6:
         56:55:71:be:14:49:6c:ae:77:6e:14:dd:a1:32:f3:ba:f8:76:
         3f:52:9d:6d:e0:5a:89:cd:04:e3:71:43:32:eb:83:00:81:0b:
         6b:58:39:08:81:62:68:16:ae:70:58:49:86:ec:2d:04:bb:e4:
         53:14:84:7a:47:a4:91:63:dc:1a:ad:c7:79:de:1a:d9:c8:b0:
         45:d9:3f:aa:cc:51:54:c2:55:60:f7:f3:80:fc:0c:6b:61:18:
         c9:da:82:e9:4e:54:32:0e:56:b2:63:11:df:62:70:73:b6:49:
         0f:c1:d4:f1:57:d6:88:05:93:e4:4e:0c:54:49:85:55:bb:1c:
         ae:aa:12:25:61:a6:1d:4b:25:84:b6:53:7d:55:a5:33:97:51:
         d4:2e:28:4e:b6:7c:33:9e:30:1a:26:6b:aa:d1:87:ef:22:f5:
         bb:9d:6f:2d:1c:2b:5e:37:43:b4:8f:12:27:de:80:d0:e4:3c:
         47:89:cc:6f:10:42:47:87:72:ae:09:23:c9:d3:16:82:66:44:
         86:58:b3:59:6c:07:ce:22:d5:83:23:57:af:9f:ac:46:98:5b:
         e5:7d:ac:c8:b4:15:51:7d:ec:20:9a:7f:28:92:c8:5e:17:33:
         51:67:08:d9
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUZlueBFaxw1zEWR/R7o+TGWtT1SEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGQxZDU4NGRlZmY5OThhZTlmNTNmNjZkN2UwMTdmMmMxZjdlMGQ3OTI3NGJh
NjZlYTg3OTkzYWVmZTQxYTZlZTMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKbq6Sz9JNaa5X0/95c3eIDXHm3rasW4dRFjqnUWNa4sNqfOo6fJMcFWkKJS
7JkQIazEsLCFsINFKFV61R+O0UPm2f19XQnxpo34bHYgGnko09Us9eQgTiosET+N
3KTNRZlya2TmUnHuzdHOd2mkXbtN35/hUTqJukwkPy2jHIB1yZk+0sZj6bIwwcyv
5nIWIZ/G9KPFqDy0i51/BxUIOUyCDDn3/15iQYm01iLZHSuBKHF00ycV7I50TzRx
Q6rdteBZG4aRiqU4dG6o3ztMdumEZ+z4Hh57KN6kfdCi1NHxY7S/yG/n0kXyWzqQ
9tNYdRHQJE/APIRJ9O7qypvRrmUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBT16kyK
NL6mixQNgsWKYq3IA5zHDzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Mjc0MGE1ZjUtZWM1NS00MmFjLWI3ZGYtZjRjODYzYzgzOTgxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADN9MA0G
CSqGSIb3DQEBCwUAA4IBAQAXHQsNwK7TjrME7RdG6a5PX+ZWVXG+FElsrnduFN2h
MvO6+HY/Up1t4FqJzQTjcUMy64MAgQtrWDkIgWJoFq5wWEmG7C0Eu+RTFIR6R6SR
Y9warcd53hrZyLBF2T+qzFFUwlVg9/OA/AxrYRjJ2oLpTlQyDlayYxHfYnBztkkP
wdTxV9aIBZPkTgxUSYVVuxyuqhIlYaYdSyWEtlN9VaUzl1HULihOtnwznjAaJmuq
0YfvIvW7nW8tHCteN0O0jxIn3oDQ5DxHicxvEEJHh3KuCSPJ0xaCZkSGWLNZbAfO
ItWDI1evn6xGmFvlfazItBVRfewgmn8oksheFzNRZwjZ
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:27 2024 by rpki-client on console-ams.rpki-client.org