Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3b7d2dc9-a8a3-4f79-b9fd-1aacf4f4373a.roa
File:                     3b7d2dc9-a8a3-4f79-b9fd-1aacf4f4373a.roa (raw, json)
Hash identifier:          nlZ6xta0yxt48WmlBmY5SeaB0vdUrpPdWC7eVmPMYOY=
Subject key identifier:   27:5A:77:CE:01:68:90:B0:88:AB:00:3D:39:14:3B:EB:D8:5D:24:21
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       1049DE3024D799DFF7B6297845EA100ABA392EBC
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3b7d2dc9-a8a3-4f79-b9fd-1aacf4f4373a.roa
Signing time:             Tue 26 Mar 2024 00:00:00 +0000
ROA not before:           Tue 26 Mar 2024 00:00:00 +0000
ROA not after:            Tue 30 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        51.108.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:49:de:30:24:d7:99:df:f7:b6:29:78:45:ea:10:0a:ba:39:2e:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 26 00:00:00 2024 GMT
            Not After : Apr 30 23:59:59 2024 GMT
        Subject: serialNumber=20f09e631883bc92e73df78e9b1ac9772ab2f7cbf8bb7c2e71b1aa47195bd1e0, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:59:e2:22:dd:96:15:b4:ab:94:9f:ea:ab:5c:
                    5c:1a:3e:f5:f4:e5:76:7a:92:60:8b:aa:dc:b4:57:
                    d8:4f:a7:99:3c:26:04:88:27:b8:d6:24:82:5a:01:
                    65:64:e1:a3:a9:ae:82:65:52:40:79:e2:f9:6f:d0:
                    58:92:63:cd:b5:da:0a:79:f9:b3:40:7f:df:0c:18:
                    a8:62:8a:b8:19:b9:0e:8b:c9:1b:9b:4b:b7:18:52:
                    24:d8:48:c1:33:ae:ef:2b:59:0c:1e:3b:3d:f2:11:
                    1c:6f:a6:b5:18:fe:96:b0:89:da:33:54:7e:7e:e7:
                    f4:96:64:fd:61:b4:9f:5b:e6:82:16:b1:b6:40:6e:
                    54:64:99:62:41:65:f1:38:fe:20:05:94:b1:a4:d2:
                    7e:a0:01:79:1b:1b:8c:bd:72:8a:e0:da:1a:f8:72:
                    2d:9f:50:13:2a:a0:42:de:c4:0b:f2:7e:37:df:7a:
                    fd:a0:5d:86:19:34:3c:19:73:71:72:ef:35:d1:14:
                    15:5f:b6:b4:ac:48:2a:65:bf:79:a9:db:f4:24:5a:
                    29:4c:4b:7b:37:28:de:e7:99:91:a5:7c:ce:d3:e8:
                    98:ad:12:bc:02:e8:7c:4d:2e:04:90:8a:6f:ec:f0:
                    b6:d7:70:c3:44:b9:c6:fc:f2:5a:cb:3e:6e:65:14:
                    7d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:5A:77:CE:01:68:90:B0:88:AB:00:3D:39:14:3B:EB:D8:5D:24:21
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3b7d2dc9-a8a3-4f79-b9fd-1aacf4f4373a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.108.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0b:0a:47:80:d6:d9:00:f2:fe:84:07:91:aa:de:b1:37:60:c4:
         55:91:8a:90:93:3e:55:9b:cb:ce:8c:70:fd:c6:40:f8:c9:2e:
         f3:e5:8e:a2:8f:97:b2:9d:47:84:60:2f:7d:5f:be:13:2b:cd:
         43:e5:04:d3:5f:4b:bd:52:d5:84:e6:b9:16:31:b7:7d:0f:3f:
         c0:67:38:fc:21:74:d0:49:68:e4:b9:a4:c8:a3:ee:65:59:ad:
         4d:58:ed:91:9e:1e:d2:90:12:bf:65:0d:6a:5a:a3:ac:65:06:
         75:96:17:2c:31:9f:51:85:71:3d:c3:62:e2:39:3c:d2:12:5b:
         17:1e:38:ce:0d:55:ad:ba:26:1a:28:9b:d7:93:d1:65:5c:bc:
         7d:65:1e:b2:37:29:8d:86:06:a2:d8:b6:62:ce:ae:5a:15:a5:
         0d:ff:53:8c:fc:7c:38:73:47:21:31:60:8d:44:ea:68:b4:c3:
         73:b8:20:33:43:6b:25:db:e5:c8:3e:79:dd:0e:44:0a:76:77:
         89:26:61:85:aa:67:95:8e:b9:b0:c1:7b:67:38:3d:43:6e:3b:
         7b:b0:c7:96:18:ab:34:be:53:2f:0a:92:5c:de:e1:38:e0:c9:
         e6:93:62:dc:d3:ff:6b:7b:86:0b:04:74:65:85:a4:30:bd:68:
         9e:63:b0:4a
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUEEneMCTXmd/3til4ReoQCro5LrwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMjYwMDAwMDBaFw0yNDA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDIwZjA5ZTYzMTg4M2JjOTJlNzNkZjc4ZTliMWFjOTc3MmFiMmY3Y2JmOGJi
N2MyZTcxYjFhYTQ3MTk1YmQxZTAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANJZ4iLdlhW0q5Sf6qtcXBo+9fTldnqSYIuq3LRX2E+nmTwmBIgnuNYkgloB
ZWTho6mugmVSQHni+W/QWJJjzbXaCnn5s0B/3wwYqGKKuBm5DovJG5tLtxhSJNhI
wTOu7ytZDB47PfIRHG+mtRj+lrCJ2jNUfn7n9JZk/WG0n1vmghaxtkBuVGSZYkFl
8Tj+IAWUsaTSfqABeRsbjL1yiuDaGvhyLZ9QEyqgQt7EC/J+N996/aBdhhk0PBlz
cXLvNdEUFV+2tKxIKmW/eanb9CRaKUxLezco3ueZkaV8ztPomK0SvALofE0uBJCK
b+zwttdww0S5xvzyWss+bmUUfQECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQnWnfO
AWiQsIirAD05FDvr2F0kITAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
M2I3ZDJkYzktYThhMy00Zjc5LWI5ZmQtMWFhY2Y0ZjQzNzNhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNsMA0G
CSqGSIb3DQEBCwUAA4IBAQALCkeA1tkA8v6EB5Gq3rE3YMRVkYqQkz5Vm8vOjHD9
xkD4yS7z5Y6ij5eynUeEYC99X74TK81D5QTTX0u9UtWE5rkWMbd9Dz/AZzj8IXTQ
SWjkuaTIo+5lWa1NWO2Rnh7SkBK/ZQ1qWqOsZQZ1lhcsMZ9RhXE9w2LiOTzSElsX
HjjODVWtuiYaKJvXk9FlXLx9ZR6yNymNhgai2LZizq5aFaUN/1OM/Hw4c0chMWCN
ROpotMNzuCAzQ2sl2+XIPnndDkQKdneJJmGFqmeVjrmwwXtnOD1Dbjt7sMeWGKs0
vlMvCpJc3uE44Mnmk2Lc0/9re4YLBHRlhaQwvWieY7BK
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:20 2024 by rpki-client on console-fra.rpki-client.org