Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/34e19faa-5cf1-4226-b61a-b6161eba0791.roa
File:                     34e19faa-5cf1-4226-b61a-b6161eba0791.roa (raw, json)
Hash identifier:          0/sQgpcuRskmE+VBg8Hi092l0Tvkx/CnGHsi1nSJyvI=
Subject key identifier:   2F:2A:CC:10:6D:5F:61:6E:74:E3:89:26:62:BA:14:B6:BD:2D:01:67
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       7B6812BAEC0ADD01F275F9275641ECDDCA6647
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/34e19faa-5cf1-4226-b61a-b6161eba0791.roa
Signing time:             Wed 27 Mar 2024 00:00:00 +0000
ROA not before:           Wed 27 Mar 2024 00:00:00 +0000
ROA not after:            Wed 01 May 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        62.230.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:68:12:ba:ec:0a:dd:01:f2:75:f9:27:56:41:ec:dd:ca:66:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 27 00:00:00 2024 GMT
            Not After : May  1 23:59:59 2024 GMT
        Subject: serialNumber=8e714f26a841990106cbc0bdd85c592df74913fbb373f67aeeb4ffc877bc1736, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:e7:74:62:08:f1:d1:fb:49:5a:12:5d:74:11:
                    31:73:24:d0:4e:a7:09:65:d4:76:c1:fa:f9:05:5c:
                    bd:3d:ef:e5:3d:45:29:31:05:44:5d:3a:4e:c8:27:
                    e8:36:ef:62:67:0c:10:b0:c4:4f:ff:62:16:75:30:
                    95:07:57:55:e2:75:41:2d:2f:2d:99:77:35:b7:ab:
                    4d:b9:18:4c:f4:1c:ec:12:35:78:32:9e:90:67:e7:
                    08:79:4a:e0:b5:2d:93:f8:82:38:8d:4a:7c:6b:92:
                    ff:cc:8b:ef:09:87:61:c7:be:6c:2d:da:64:92:4a:
                    bc:c1:ad:b2:82:31:97:5d:f4:2c:2a:ca:e9:69:c6:
                    54:38:37:29:79:5e:ba:4c:8b:1d:96:16:bb:5a:15:
                    96:12:dd:0c:45:e6:7f:a8:98:9a:03:75:f1:7b:3f:
                    5b:06:f9:7b:b7:21:64:e7:71:f7:5b:cd:3d:bd:8b:
                    4b:a5:93:cb:f8:97:72:48:34:47:3f:16:fb:c9:0a:
                    c2:5e:b3:bd:91:2a:6f:77:f5:b2:20:e0:9a:45:49:
                    ef:f9:17:57:b8:a6:d1:b4:7f:48:a6:80:1c:ce:10:
                    2f:47:95:3d:6b:ce:d8:9a:e5:a5:95:15:37:3a:62:
                    f4:4e:18:cf:bb:f3:87:a3:df:f4:01:15:35:e4:df:
                    5f:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:2A:CC:10:6D:5F:61:6E:74:E3:89:26:62:BA:14:B6:BD:2D:01:67
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/34e19faa-5cf1-4226-b61a-b6161eba0791.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.230.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c4:08:41:89:49:9f:05:de:48:3d:55:6f:4b:93:96:da:02:7e:
         73:d7:42:8d:f7:5d:0c:6e:f7:fd:b0:01:40:d5:0f:8b:f7:ce:
         38:a7:bd:a1:2b:ec:c2:be:e0:23:99:af:d9:d2:59:b7:62:33:
         1d:f6:bf:ae:98:da:3f:f6:53:32:d0:cc:ff:8c:fc:a7:66:16:
         12:ff:6b:17:b0:e2:b1:2f:d6:5e:67:06:72:c9:f2:43:23:dd:
         3a:a8:0b:fc:45:14:88:47:c7:2a:5e:59:47:7d:ce:07:bc:fb:
         f3:1c:eb:c1:90:03:ef:26:1c:20:ec:35:20:77:3c:32:1d:62:
         1f:2d:4d:15:e1:56:0d:db:d5:43:ab:87:5f:d2:73:30:4b:e6:
         68:05:8b:1a:cd:ce:81:7d:d5:26:80:f4:8e:50:b8:fc:7f:0e:
         74:ab:c4:b2:57:11:dc:cf:51:a4:b2:c3:19:eb:4b:41:01:38:
         77:40:10:82:41:24:b7:ed:cb:2c:c1:6a:59:e2:53:74:25:ae:
         cc:58:2d:40:8d:aa:33:9c:e8:a6:c8:dd:ef:e7:a5:80:27:e9:
         fa:4b:0f:02:b4:e5:ed:43:57:4f:dc:4e:c8:22:2c:9d:b5:8c:
         c0:e3:33:87:49:49:c4:a0:8e:38:6f:3d:e5:4a:b3:80:7d:0b:
         43:ab:50:90
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgITe2gSuuwK3QHydfknVkHs3cpmRzANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg0NTNmNDc0NjM1NGUyYWQxNWNlN2ViZDhkYzIxZjk2YzBl
NWM4N2NmMB4XDTI0MDMyNzAwMDAwMFoXDTI0MDUwMTIzNTk1OVowejFJMEcGA1UE
BRNAOGU3MTRmMjZhODQxOTkwMTA2Y2JjMGJkZDg1YzU5MmRmNzQ5MTNmYmIzNzNm
NjdhZWViNGZmYzg3N2JjMTczNjEtMCsGA1UEAxMkYzMzNjQxMWEtNjY1MS00ZjEz
LThlZjktZGU2ODFjN2M5NDQ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5+d0Ygjx0ftJWhJddBExcyTQTqcJZdR2wfr5BVy9Pe/lPUUpMQVEXTpOyCfo
Nu9iZwwQsMRP/2IWdTCVB1dV4nVBLS8tmXc1t6tNuRhM9BzsEjV4Mp6QZ+cIeUrg
tS2T+II4jUp8a5L/zIvvCYdhx75sLdpkkkq8wa2ygjGXXfQsKsrpacZUODcpeV66
TIsdlha7WhWWEt0MReZ/qJiaA3Xxez9bBvl7tyFk53H3W809vYtLpZPL+JdySDRH
Pxb7yQrCXrO9kSpvd/WyIOCaRUnv+RdXuKbRtH9IpoAczhAvR5U9a87YmuWllRU3
OmL0ThjPu/OHo9/0ARU15N9fTwIDAQABo4ICIDCCAhwwHQYDVR0OBBYEFC8qzBBt
X2FudOOJJmK6FLa9LQFnMB8GA1UdIwQYMBaAFEU/R0Y1TirRXOfr2Nwh+WwOXIfP
MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvUlQ5SFJqVk9L
dEZjNS12WTNDSDViQTVjaDg4LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsG
AQUFBzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5j
b20vdm9sdW1lLzk2N2EyNTVjLWQ2ODAtNDJkMy05ZWMzLWVjYjNmOWRhMDg4Yy8z
NGUxOWZhYS01Y2YxLTQyMjYtYjYxYS1iNjE2MWViYTA3OTEucm9hMIGIBgNVHR8E
gYAwfjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25h
d3MuY29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4
OGMvX2xBaTVUSERzUWRQWUE5bm1FVDZvbEh1VmM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAPuYwDQYJ
KoZIhvcNAQELBQADggEBAMQIQYlJnwXeSD1Vb0uTltoCfnPXQo33XQxu9/2wAUDV
D4v3zjinvaEr7MK+4COZr9nSWbdiMx32v66Y2j/2UzLQzP+M/KdmFhL/axew4rEv
1l5nBnLJ8kMj3TqoC/xFFIhHxypeWUd9zge8+/Mc68GQA+8mHCDsNSB3PDIdYh8t
TRXhVg3b1UOrh1/SczBL5mgFixrNzoF91SaA9I5QuPx/DnSrxLJXEdzPUaSywxnr
S0EBOHdAEIJBJLftyyzBalniU3QlrsxYLUCNqjOc6KbI3e/npYAn6fpLDwK05e1D
V0/cTsgiLJ21jMDjM4dJScSgjjhvPeVKs4B9C0OrUJA=
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:20 2024 by rpki-client on console-fra.rpki-client.org