Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4153cd44-f090-48a5-bffc-3b2fed0e0348.roa
File:                     4153cd44-f090-48a5-bffc-3b2fed0e0348.roa (raw, json)
Hash identifier:          9rWD9ov/EAaFqHLx9O1dzOI/IwJ7UmupkHqyeWdueoc=
Subject key identifier:   1D:8F:C9:0C:59:0E:64:07:77:55:8E:C8:96:EB:C6:0F:8B:B3:96:F1
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       543EFA177D59C48897CEABF1D2360AD6CE732F1F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4153cd44-f090-48a5-bffc-3b2fed0e0348.roa
Signing time:             Tue 26 Mar 2024 00:00:00 +0000
ROA not before:           Tue 26 Mar 2024 00:00:00 +0000
ROA not after:            Tue 30 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        51.72.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:3e:fa:17:7d:59:c4:88:97:ce:ab:f1:d2:36:0a:d6:ce:73:2f:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 26 00:00:00 2024 GMT
            Not After : Apr 30 23:59:59 2024 GMT
        Subject: serialNumber=5e8ba5eed10f65f3d35547d9999add1063c2da99a55d0e85bc078cb06ee8a8a4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:28:7e:95:49:24:aa:c9:60:79:c1:bb:86:6d:
                    23:14:84:98:57:56:78:65:00:39:a5:f2:2e:23:c8:
                    52:02:ac:53:2c:6f:1d:e8:18:aa:6d:47:3f:b9:75:
                    c4:21:a3:11:b8:ac:52:b6:2a:94:9d:f9:d3:d5:13:
                    95:e3:75:f2:ee:42:ab:6c:81:76:d1:dd:87:02:b8:
                    a8:88:e8:c9:78:65:68:57:76:89:e8:32:01:74:b0:
                    a8:61:23:d2:b9:73:96:96:3b:00:39:ab:e7:4d:7f:
                    85:ee:6d:14:13:b7:27:25:42:e8:b0:de:2e:3e:2d:
                    c7:5c:8d:e0:c3:a4:e1:63:96:24:ef:22:35:b0:b8:
                    b7:0e:0f:db:ce:a8:e4:64:33:83:c2:66:43:d4:da:
                    06:16:2c:3e:38:a4:16:29:70:2f:5d:1a:81:09:7d:
                    b2:85:f2:2c:70:7e:fe:ea:74:69:e2:24:d8:1a:e0:
                    b8:5b:83:d0:f1:15:12:8b:a2:4c:65:ad:61:0f:09:
                    a3:f8:85:79:4e:4d:1e:59:41:f3:f0:ce:70:eb:e7:
                    6d:14:90:f6:cb:70:ff:e3:2a:4e:b9:75:fb:0b:06:
                    45:6c:4a:78:ed:90:45:2b:03:92:98:67:fd:f5:74:
                    6d:75:5a:d8:ce:a0:de:cf:00:1a:2b:c5:a2:61:2f:
                    e2:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:8F:C9:0C:59:0E:64:07:77:55:8E:C8:96:EB:C6:0F:8B:B3:96:F1
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4153cd44-f090-48a5-bffc-3b2fed0e0348.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.72.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         ad:98:88:85:d7:6f:d9:2a:9e:27:e1:ef:8c:00:f1:cf:9d:66:
         29:bd:65:45:e6:9c:23:00:c1:d2:76:5c:ef:64:45:78:0e:56:
         f3:cc:ba:da:fd:d9:85:4d:0b:fd:59:d1:8c:43:b3:be:b6:af:
         37:90:55:05:b5:21:3e:c8:98:d7:7a:b7:05:3b:a5:3a:07:36:
         e5:f1:a4:ed:b4:4c:70:f6:3d:e3:a8:b4:f9:87:25:7e:60:65:
         e2:0d:41:5d:58:3f:c6:51:5f:6d:59:00:c6:cd:8f:57:63:bb:
         8f:88:b0:fe:9f:8a:95:9b:cf:56:42:eb:32:20:48:7c:93:c5:
         84:f7:3c:35:75:f0:d1:2b:f6:d6:75:0b:5a:41:d4:cd:22:79:
         1b:3e:80:16:f5:33:01:23:d1:eb:0e:31:30:b6:b5:30:ae:b1:
         fa:85:fc:68:50:31:12:80:14:c4:b3:7e:30:58:37:f3:79:e1:
         7c:40:98:eb:70:79:19:b1:11:57:84:0a:d3:1e:78:46:c6:56:
         69:bc:a1:b1:15:b7:12:f1:3f:39:e0:54:cc:a5:35:bc:23:2d:
         62:2c:fc:31:89:2d:7a:3d:e9:48:17:2a:51:58:27:68:10:31:
         be:93:2d:ae:0e:70:ba:45:89:b1:97:d3:20:10:95:c4:f2:54:
         14:20:a5:ce
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUVD76F31ZxIiXzqvx0jYK1s5zLx8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMjYwMDAwMDBaFw0yNDA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDVlOGJhNWVlZDEwZjY1ZjNkMzU1NDdkOTk5OWFkZDEwNjNjMmRhOTlhNTVk
MGU4NWJjMDc4Y2IwNmVlOGE4YTQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM8ofpVJJKrJYHnBu4ZtIxSEmFdWeGUAOaXyLiPIUgKsUyxvHegYqm1HP7l1
xCGjEbisUrYqlJ3509UTleN18u5Cq2yBdtHdhwK4qIjoyXhlaFd2iegyAXSwqGEj
0rlzlpY7ADmr501/he5tFBO3JyVC6LDeLj4tx1yN4MOk4WOWJO8iNbC4tw4P286o
5GQzg8JmQ9TaBhYsPjikFilwL10agQl9soXyLHB+/up0aeIk2BrguFuD0PEVEoui
TGWtYQ8Jo/iFeU5NHllB8/DOcOvnbRSQ9stw/+MqTrl1+wsGRWxKeO2QRSsDkphn
/fV0bXVa2M6g3s8AGivFomEv4mMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQdj8kM
WQ5kB3dVjsiW68YPi7OW8TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDE1M2NkNDQtZjA5MC00OGE1LWJmZmMtM2IyZmVkMGUwMzQ4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNIMA0G
CSqGSIb3DQEBCwUAA4IBAQCtmIiF12/ZKp4n4e+MAPHPnWYpvWVF5pwjAMHSdlzv
ZEV4DlbzzLra/dmFTQv9WdGMQ7O+tq83kFUFtSE+yJjXercFO6U6Bzbl8aTttExw
9j3jqLT5hyV+YGXiDUFdWD/GUV9tWQDGzY9XY7uPiLD+n4qVm89WQusyIEh8k8WE
9zw1dfDRK/bWdQtaQdTNInkbPoAW9TMBI9HrDjEwtrUwrrH6hfxoUDESgBTEs34w
WDfzeeF8QJjrcHkZsRFXhArTHnhGxlZpvKGxFbcS8T854FTMpTW8Iy1iLPwxiS16
PelIFypRWCdoEDG+ky2uDnC6RYmxl9MgEJXE8lQUIKXO
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:20 2024 by rpki-client on console-fra.rpki-client.org