Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/41816f61-5ce3-406a-8d78-37c4eafa6915.roa
File:                     41816f61-5ce3-406a-8d78-37c4eafa6915.roa (raw, json)
Hash identifier:          Fnc+najBPdDB+hhfhq4Vld6zO2saUCFPijkAsbg+EdY=
Subject key identifier:   3D:87:5A:F3:4E:AB:A7:5C:E9:34:1B:E6:F9:51:31:5D:EA:BD:64:F7
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       16E3FFAAB65C4F43363D230AE2968892739ABB80
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/41816f61-5ce3-406a-8d78-37c4eafa6915.roa
Signing time:             Mon 18 Nov 2024 00:00:00 +0000
ROA not before:           Mon 18 Nov 2024 00:00:00 +0000
ROA not after:            Mon 23 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.0.32.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Dec 2024 16:33:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:e3:ff:aa:b6:5c:4f:43:36:3d:23:0a:e2:96:88:92:73:9a:bb:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Nov 18 00:00:00 2024 GMT
            Not After : Dec 23 23:59:59 2024 GMT
        Subject: serialNumber=2f8754a441969097407f510df5b6e1bb62c470a85f4bd596470e377ab3c53757, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:4f:e3:29:ca:94:34:fe:a7:9c:4b:ab:de:5f:
                    7a:cf:81:3b:ab:c3:60:6e:0f:d0:36:6f:59:d1:38:
                    5c:a3:fe:27:6e:0e:92:b7:6f:47:1a:c9:9e:82:dd:
                    94:65:cc:3e:b5:df:e5:b2:47:74:f2:61:50:a6:82:
                    92:60:39:6d:fa:fe:f1:a6:0e:6c:3d:62:3e:38:3c:
                    e4:51:39:f0:af:e4:48:ac:a2:ec:b4:74:6e:c3:24:
                    73:e7:88:c1:70:5d:48:ce:04:ed:08:13:a2:e0:b2:
                    d7:8a:6e:4b:34:d5:b3:39:0f:30:14:9e:7a:56:f1:
                    79:b3:23:13:ec:c5:d5:24:6d:fb:8c:37:06:90:0f:
                    10:5a:67:a5:70:dc:39:20:e9:8e:b8:41:63:38:ea:
                    cf:b6:b3:68:69:44:de:0c:46:10:a4:3e:c6:eb:a3:
                    05:df:29:2f:76:c5:d3:5e:c5:de:30:ef:88:94:52:
                    f8:de:03:c2:29:ec:7b:da:86:f4:af:3c:00:49:0c:
                    66:dc:27:62:bd:cd:b8:b6:80:30:a4:25:93:f2:73:
                    94:2e:16:cc:e9:fb:e8:2d:a2:fa:11:93:e6:0b:31:
                    ea:eb:72:8e:26:fc:34:8b:ca:69:c2:a7:0e:64:0a:
                    6a:ff:66:83:b5:7a:61:b6:83:2d:4a:f2:4b:03:ed:
                    af:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:87:5A:F3:4E:AB:A7:5C:E9:34:1B:E6:F9:51:31:5D:EA:BD:64:F7
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/41816f61-5ce3-406a-8d78-37c4eafa6915.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.0.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         0b:4e:26:0d:15:5d:9d:69:95:6c:45:67:7c:a3:8e:11:7e:a6:
         c1:37:92:b3:e4:f1:fa:f0:90:ca:12:a5:9b:24:11:ce:d7:a2:
         b7:cd:5b:c3:83:f7:94:98:26:11:9c:0b:4c:67:97:20:e4:d3:
         35:1e:84:c2:e4:5f:47:6e:a5:73:e0:20:d6:97:c2:46:b7:33:
         5e:b0:66:3d:ec:f2:c3:92:0c:57:ae:8c:f1:2d:70:9b:d0:bf:
         ff:e9:1e:0f:4e:a6:be:14:31:44:16:6d:59:fa:dd:b0:37:e3:
         14:73:22:c8:82:70:86:7e:63:21:18:35:fc:7f:d4:f7:c2:07:
         38:30:08:03:1a:5a:c7:67:68:9f:c3:bc:8c:fb:8e:2c:b7:ac:
         33:c5:f0:a2:5a:04:79:65:90:1e:22:48:62:98:d4:13:c1:d9:
         83:0d:bd:19:21:0e:c1:5f:1b:32:a1:92:9e:b1:87:73:80:4e:
         4d:32:11:04:16:83:cb:97:87:b8:0e:c6:2b:91:fa:0c:91:7f:
         b1:a4:95:09:ce:63:bd:9a:7c:60:64:76:c7:d8:f9:37:50:a5:
         73:d4:23:d0:04:24:01:9e:98:f7:20:d2:96:50:14:76:61:0e:
         d2:5f:71:c6:d2:a3:9b:20:47:d9:6f:1f:bf:a6:ff:8a:b3:29:
         1b:e6:61:0d
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUFuP/qrZcT0M2PSMK4paIknOau4AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDExMTgwMDAwMDBaFw0yNDEyMjMyMzU5NTlaMHoxSTBHBgNV
BAUTQDJmODc1NGE0NDE5NjkwOTc0MDdmNTEwZGY1YjZlMWJiNjJjNDcwYTg1ZjRi
ZDU5NjQ3MGUzNzdhYjNjNTM3NTcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMZP4ynKlDT+p5xLq95fes+BO6vDYG4P0DZvWdE4XKP+J24OkrdvRxrJnoLd
lGXMPrXf5bJHdPJhUKaCkmA5bfr+8aYObD1iPjg85FE58K/kSKyi7LR0bsMkc+eI
wXBdSM4E7QgTouCy14puSzTVszkPMBSeelbxebMjE+zF1SRt+4w3BpAPEFpnpXDc
OSDpjrhBYzjqz7azaGlE3gxGEKQ+xuujBd8pL3bF017F3jDviJRS+N4Dwinse9qG
9K88AEkMZtwnYr3NuLaAMKQlk/JzlC4WzOn76C2i+hGT5gsx6utyjib8NIvKacKn
DmQKav9mg7V6YbaDLUrySwPtr9sCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQ9h1rz
TqunXOk0G+b5UTFd6r1k9zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDE4MTZmNjEtNWNlMy00MDZhLThkNzgtMzdjNGVhZmE2OTE1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBTMAIDAN
BgkqhkiG9w0BAQsFAAOCAQEAC04mDRVdnWmVbEVnfKOOEX6mwTeSs+Tx+vCQyhKl
myQRzteit81bw4P3lJgmEZwLTGeXIOTTNR6EwuRfR26lc+Ag1pfCRrczXrBmPezy
w5IMV66M8S1wm9C//+keD06mvhQxRBZtWfrdsDfjFHMiyIJwhn5jIRg1/H/U98IH
ODAIAxpax2don8O8jPuOLLesM8XwoloEeWWQHiJIYpjUE8HZgw29GSEOwV8bMqGS
nrGHc4BOTTIRBBaDy5eHuA7GK5H6DJF/saSVCc5jvZp8YGR2x9j5N1Clc9Qj0AQk
AZ6Y9yDSllAUdmEO0l9xxtKjmyBH2W8fv6b/irMpG+ZhDQ==
-----END CERTIFICATE-----
Generated at Tue Dec 10 20:59:43 2024 by rpki-client on console-fra.rpki-client.org