Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/28d63060-33be-4a3e-88dd-24f87af67dd4.roa
File:                     28d63060-33be-4a3e-88dd-24f87af67dd4.roa (raw, json)
Hash identifier:          3gyVYk2n2huAIkosLbbrGA2VY31/2RvlUCt2w+aVaLg=
Subject key identifier:   30:4B:1C:54:A9:17:82:07:01:83:26:F7:40:54:A5:DA:48:16:68:5A
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       357B1EDCA42FE51D04F2F78A34FBC8310EE463FC
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/28d63060-33be-4a3e-88dd-24f87af67dd4.roa
Signing time:             Tue 26 Mar 2024 00:00:00 +0000
ROA not before:           Tue 26 Mar 2024 00:00:00 +0000
ROA not after:            Tue 30 Apr 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        84.48.128.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:7b:1e:dc:a4:2f:e5:1d:04:f2:f7:8a:34:fb:c8:31:0e:e4:63:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 26 00:00:00 2024 GMT
            Not After : Apr 30 23:59:59 2024 GMT
        Subject: serialNumber=09ca34e2741ca60af6281e62aaa3627311ced272244794695cd214fe22341531, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:97:b5:a8:5a:8b:0f:48:44:b8:cf:33:9e:2c:
                    72:12:6b:e1:c7:9a:ec:8a:03:8b:0c:e8:4a:b0:f1:
                    f7:27:f1:50:f6:b5:fa:36:05:0c:15:af:7f:d0:a6:
                    d5:cd:7a:48:cf:ab:f6:b2:00:25:70:f8:77:30:40:
                    16:3c:70:22:9b:55:f1:63:2a:43:0b:d6:62:57:b5:
                    87:55:40:4d:73:0f:f3:89:bb:60:7f:ff:33:52:69:
                    d0:3b:b4:37:a1:42:c2:72:b4:e2:74:4e:92:9b:2b:
                    6f:97:54:a8:2f:76:e2:99:48:37:85:11:f7:08:8d:
                    7c:ff:4e:bb:6c:d7:c2:5b:3a:18:e8:16:c4:01:a3:
                    35:1b:0d:71:e8:d0:61:3e:24:d5:b1:3d:cd:06:a2:
                    58:de:49:c6:bc:26:f6:08:22:62:79:e3:42:6f:6a:
                    06:63:a9:aa:40:1f:0a:de:9f:ff:cc:4f:cb:ef:21:
                    3f:18:49:5a:ae:6e:ed:2f:92:96:21:04:fb:53:84:
                    40:f7:70:cd:f9:fd:97:99:32:4f:ac:f0:80:50:cb:
                    7e:88:be:48:21:e7:e2:bf:9a:33:e4:3c:81:9a:b4:
                    42:9f:f0:5c:cb:17:57:9a:b7:69:14:e3:d3:1e:68:
                    f3:72:7b:81:43:22:56:d9:65:5a:af:5b:0e:93:4b:
                    23:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:4B:1C:54:A9:17:82:07:01:83:26:F7:40:54:A5:DA:48:16:68:5A
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/28d63060-33be-4a3e-88dd-24f87af67dd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.48.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         b7:c7:d8:1f:de:6b:fe:e6:7f:b2:62:2a:1d:0c:61:d6:e3:96:
         6f:72:37:d3:06:62:a1:d3:03:d6:15:9a:e7:d3:42:02:4b:23:
         a1:60:a1:4c:cd:d2:1f:94:23:db:76:f2:1a:9b:57:c3:82:6c:
         8b:86:85:3e:dd:d0:d4:16:58:7b:34:de:52:2a:a0:9b:b2:b0:
         99:75:e7:17:17:3e:9d:f7:37:4f:47:00:46:e9:1c:da:57:3d:
         72:4f:51:55:0c:e3:8a:d0:de:fa:ad:f5:17:8d:2e:20:55:d4:
         7b:f3:e4:1b:7d:7a:d0:b9:ed:a2:48:6b:aa:9c:36:42:2e:ba:
         e2:ed:a7:36:ef:86:84:1a:65:80:a2:d7:bf:17:45:a6:c1:b1:
         63:db:6a:50:5d:08:8a:a9:88:e8:2c:8a:57:a8:f4:ea:7d:63:
         d1:f4:c3:08:bd:0c:8a:f4:ca:c8:d2:c9:df:ce:9b:dc:72:97:
         13:f8:45:78:f1:25:fc:4e:ba:35:ef:e1:95:63:6e:97:e2:23:
         6c:2e:f7:f4:61:ee:a5:e1:28:b0:67:3a:37:91:d9:2a:48:7f:
         11:14:3f:15:a3:cf:ff:b7:6f:b2:02:06:0e:f1:8e:8e:4a:a2:
         57:e1:0f:e0:d0:29:0c:3f:c3:c3:bc:18:7e:16:e5:d3:1c:ec:
         3b:65:92:f1
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUNXse3KQv5R0E8veKNPvIMQ7kY/wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMjYwMDAwMDBaFw0yNDA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDA5Y2EzNGUyNzQxY2E2MGFmNjI4MWU2MmFhYTM2MjczMTFjZWQyNzIyNDQ3
OTQ2OTVjZDIxNGZlMjIzNDE1MzExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI2Xtahaiw9IRLjPM54schJr4cea7IoDiwzoSrDx9yfxUPa1+jYFDBWvf9Cm
1c16SM+r9rIAJXD4dzBAFjxwIptV8WMqQwvWYle1h1VATXMP84m7YH//M1Jp0Du0
N6FCwnK04nROkpsrb5dUqC924plIN4UR9wiNfP9Ou2zXwls6GOgWxAGjNRsNcejQ
YT4k1bE9zQaiWN5Jxrwm9ggiYnnjQm9qBmOpqkAfCt6f/8xPy+8hPxhJWq5u7S+S
liEE+1OEQPdwzfn9l5kyT6zwgFDLfoi+SCHn4r+aM+Q8gZq0Qp/wXMsXV5q3aRTj
0x5o83J7gUMiVtllWq9bDpNLIzcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQwSxxU
qReCBwGDJvdAVKXaSBZoWjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MjhkNjMwNjAtMzNiZS00YTNlLTg4ZGQtMjRmODdhZjY3ZGQ0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB1QwgDAN
BgkqhkiG9w0BAQsFAAOCAQEAt8fYH95r/uZ/smIqHQxh1uOWb3I30wZiodMD1hWa
59NCAksjoWChTM3SH5Qj23byGptXw4Jsi4aFPt3Q1BZYezTeUiqgm7KwmXXnFxc+
nfc3T0cARukc2lc9ck9RVQzjitDe+q31F40uIFXUe/PkG3160Lntokhrqpw2Qi66
4u2nNu+GhBplgKLXvxdFpsGxY9tqUF0IiqmI6CyKV6j06n1j0fTDCL0MivTKyNLJ
386b3HKXE/hFePEl/E66Ne/hlWNul+IjbC739GHupeEosGc6N5HZKkh/ERQ/FaPP
/7dvsgIGDvGOjkqiV+EP4NApDD/Dw7wYfhbl0xzsO2WS8Q==
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:27 2024 by rpki-client on console-ams.rpki-client.org