Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4291e769-5d4c-4010-818f-64c1716d6e54.roa
File:                     4291e769-5d4c-4010-818f-64c1716d6e54.roa (raw, json)
Hash identifier:          SeOubB7mjf12Qg2MBVROPxZ8PGbWUriwsmlrlv5sZFY=
Subject key identifier:   50:98:17:74:CA:94:47:7B:EF:01:0C:D9:0E:56:0A:56:37:F1:84:A5
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       37027662EDE3F1D5932CF8406CE7816EBFAFA4EF
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4291e769-5d4c-4010-818f-64c1716d6e54.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        193.26.64.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:02:76:62:ed:e3:f1:d5:93:2c:f8:40:6c:e7:81:6e:bf:af:a4:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=711d6abbec284b5b8c64a8a495c5d594f32c843fdbe16162eab20b61ab4200d2, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:38:9b:43:21:d8:75:d0:e2:b6:91:dc:d9:13:
                    e3:38:bf:ce:6b:ed:2d:fe:cb:b2:8f:6d:64:29:9f:
                    c5:9c:db:bb:87:01:88:4d:24:8d:77:bb:76:0d:ba:
                    5d:1a:81:78:96:8d:29:94:67:cc:a8:5c:92:10:ca:
                    ea:d4:f1:dd:c6:25:64:1c:95:51:60:f4:63:51:61:
                    23:24:80:61:13:6c:e4:51:ce:b8:e5:b2:46:8c:2d:
                    92:f0:9a:87:e5:8d:d3:1c:f5:cf:a5:ce:79:f5:3e:
                    75:25:f5:66:79:c8:30:b4:4b:8c:7a:6c:e0:82:32:
                    2e:26:01:07:24:c9:0d:a1:df:5b:a1:58:d0:40:ae:
                    a5:b0:11:30:08:f9:e4:18:71:c7:d7:b8:b4:f8:4a:
                    cf:f3:75:1a:64:6f:51:5c:17:3a:7b:0a:ad:76:c0:
                    0c:5a:8d:16:5c:b5:86:19:3f:40:67:3a:06:0a:15:
                    1c:52:33:97:cb:02:39:bd:bb:b5:df:c3:cb:d9:15:
                    af:8f:27:ac:5f:39:fa:66:91:13:e3:92:56:33:86:
                    12:40:f7:87:5f:70:b8:6e:9c:ba:54:26:80:43:b7:
                    76:b9:74:6a:19:61:9a:dc:d7:57:b5:09:75:2f:c3:
                    75:ae:07:dc:58:0c:47:de:d6:d7:01:d2:24:95:13:
                    b9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:98:17:74:CA:94:47:7B:EF:01:0C:D9:0E:56:0A:56:37:F1:84:A5
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4291e769-5d4c-4010-818f-64c1716d6e54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         b5:4b:ff:02:74:8a:f4:0c:84:59:bc:a3:da:5d:cc:b1:76:60:
         fe:78:51:0a:d4:f8:42:72:13:44:7d:c2:3b:28:0e:59:03:5f:
         90:6f:03:ba:fd:e0:a9:e8:ff:00:35:3f:98:97:db:46:1b:28:
         c4:8b:58:75:42:ab:a8:34:52:6a:f4:f7:3b:dd:2d:38:d2:01:
         31:15:73:cd:8b:0e:f9:d8:68:83:b7:14:3b:95:50:21:f4:4b:
         67:b7:d5:84:25:86:67:d3:1e:a7:05:38:38:8c:eb:ce:d4:bc:
         67:c4:6a:bc:31:74:f2:ad:a7:18:05:ae:1a:cb:70:4c:80:fb:
         61:ac:4e:60:f3:53:16:1b:78:9e:f8:05:ec:18:b8:1a:f0:38:
         ea:8e:b8:ff:38:36:97:c0:ee:4d:88:47:e2:50:ff:8d:41:21:
         5e:d0:48:96:63:6c:e5:7d:76:8b:84:01:de:b8:30:4a:9f:21:
         89:b9:8f:21:21:27:c7:e0:a4:16:87:f6:92:1b:c0:8d:92:8c:
         42:2f:f9:d6:1b:58:cc:bd:98:e5:94:1d:06:97:59:f2:41:9e:
         1d:0c:aa:71:50:a3:fd:6a:0b:2e:97:d4:41:b8:50:e1:50:32:
         33:7e:6d:e2:43:2d:28:77:4c:40:3d:08:1e:bd:e9:3b:b7:27:
         ee:80:5f:a3
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUNwJ2Yu3j8dWTLPhAbOeBbr+vpO8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDcxMWQ2YWJiZWMyODRiNWI4YzY0YThhNDk1YzVkNTk0ZjMyYzg0M2ZkYmUx
NjE2MmVhYjIwYjYxYWI0MjAwZDIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJg4m0Mh2HXQ4raR3NkT4zi/zmvtLf7Lso9tZCmfxZzbu4cBiE0kjXe7dg26
XRqBeJaNKZRnzKhckhDK6tTx3cYlZByVUWD0Y1FhIySAYRNs5FHOuOWyRowtkvCa
h+WN0xz1z6XOefU+dSX1ZnnIMLRLjHps4IIyLiYBByTJDaHfW6FY0ECupbARMAj5
5Bhxx9e4tPhKz/N1GmRvUVwXOnsKrXbADFqNFly1hhk/QGc6BgoVHFIzl8sCOb27
td/Dy9kVr48nrF85+maRE+OSVjOGEkD3h19wuG6culQmgEO3drl0ahlhmtzXV7UJ
dS/Dda4H3FgMR97W1wHSJJUTuT8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRQmBd0
ypRHe+8BDNkOVgpWN/GEpTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDI5MWU3NjktNWQ0Yy00MDEwLTgxOGYtNjRjMTcxNmQ2ZTU0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBcEaQDAN
BgkqhkiG9w0BAQsFAAOCAQEAtUv/AnSK9AyEWbyj2l3MsXZg/nhRCtT4QnITRH3C
OygOWQNfkG8Duv3gqej/ADU/mJfbRhsoxItYdUKrqDRSavT3O90tONIBMRVzzYsO
+dhog7cUO5VQIfRLZ7fVhCWGZ9MepwU4OIzrztS8Z8RqvDF08q2nGAWuGstwTID7
YaxOYPNTFht4nvgF7Bi4GvA46o64/zg2l8DuTYhH4lD/jUEhXtBIlmNs5X12i4QB
3rgwSp8hibmPISEnx+CkFof2khvAjZKMQi/51htYzL2Y5ZQdBpdZ8kGeHQyqcVCj
/WoLLpfUQbhQ4VAyM35t4kMtKHdMQD0IHr3pO7cn7oBfow==
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:23 2024 by rpki-client on console-fra.rpki-client.org