Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4318df07-9ca9-4ca8-8daf-2c7e8b4424e4.roa
File:                     4318df07-9ca9-4ca8-8daf-2c7e8b4424e4.roa (raw, json)
Hash identifier:          f6zZPdB44frqPnwlCWuxh3vp7XCMqeXLTmeuX3U3L0g=
Subject key identifier:   93:5D:42:C1:30:6C:43:7A:F2:AE:DA:98:07:B7:F3:B4:EE:88:D9:7D
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       64D6FBFEF074BA7DD5409FF9E12464E4935195CA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4318df07-9ca9-4ca8-8daf-2c7e8b4424e4.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        51.151.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:d6:fb:fe:f0:74:ba:7d:d5:40:9f:f9:e1:24:64:e4:93:51:95:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=07e8d234207bab4566e1f3e09a6d36135063c57725eb0a071897939aca9ad6b5, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:67:7b:3c:a8:21:b2:8c:8b:ab:26:77:28:8d:
                    d9:1b:af:31:82:6d:11:7c:77:af:33:5e:d9:2e:c0:
                    11:a7:cb:e8:0c:97:84:3f:5b:fe:6d:1b:03:60:64:
                    d1:05:f4:ff:3e:84:ba:0b:a9:59:e3:52:f3:94:50:
                    af:a5:75:cb:3c:04:89:db:e4:46:4d:a4:01:82:d6:
                    18:c4:03:e7:57:ef:59:81:d5:2e:ea:93:a4:bd:85:
                    95:78:c8:12:a4:67:8b:25:df:b4:c6:6d:3f:54:53:
                    25:20:79:10:d3:05:0b:f7:14:70:ae:6f:43:e0:ce:
                    1b:f5:86:65:d4:c1:8d:62:85:98:f1:a0:2e:0e:e4:
                    ce:19:c9:aa:b8:a4:e1:ef:a7:04:47:23:35:32:21:
                    9d:2d:12:d7:18:68:27:55:72:31:82:e3:ed:07:21:
                    8a:dd:de:85:85:86:32:7f:ee:7f:21:4b:3a:7d:ba:
                    41:a4:5c:13:4a:23:a7:30:31:e2:7e:2f:ce:b3:a0:
                    d3:0a:d7:c2:93:c3:a1:47:6f:af:3d:2b:e6:77:2a:
                    3a:bc:52:ea:ac:0b:79:59:59:8e:40:92:3d:17:43:
                    2c:6a:e4:37:8f:ea:37:8c:3d:a7:38:7b:50:7e:e9:
                    f3:fc:38:48:e7:54:74:68:92:6e:26:8b:f1:b4:eb:
                    33:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:5D:42:C1:30:6C:43:7A:F2:AE:DA:98:07:B7:F3:B4:EE:88:D9:7D
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4318df07-9ca9-4ca8-8daf-2c7e8b4424e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.151.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         16:dc:28:78:46:f2:fe:fb:91:0c:8d:ae:94:f7:68:af:76:ac:
         01:bf:9a:b3:2d:6b:27:6d:86:c8:15:fc:77:43:d0:59:22:2d:
         f5:49:cd:79:5a:cc:6c:6a:e6:40:58:18:a7:b7:28:58:b8:4a:
         f8:96:55:9b:b5:c1:21:35:1a:ae:dd:9b:8b:7c:1a:26:af:00:
         fd:39:a2:48:8a:49:f7:eb:0d:ca:c0:56:28:34:1e:7f:68:32:
         f5:5a:42:63:2d:4f:d0:23:27:15:8b:f9:db:b2:eb:5f:95:ab:
         c0:15:c7:cf:80:98:58:7b:b8:d5:42:85:88:9e:da:f7:84:69:
         a4:32:ef:54:10:3f:15:a1:86:49:44:60:c3:28:32:a6:86:00:
         1c:99:8d:d9:cc:99:6f:b7:29:d5:89:61:9e:56:b8:de:18:48:
         52:be:55:e2:fe:da:5e:7e:f4:78:cf:06:1b:f9:44:84:a4:67:
         f1:6b:25:52:37:2d:88:b3:27:2a:85:c2:9e:df:87:29:36:fa:
         95:94:d4:1f:a3:61:73:ff:e5:9c:dc:1e:0c:bd:42:bf:2a:de:
         ba:f9:aa:cd:c7:8d:13:ef:13:e7:72:54:8a:17:c8:62:e4:77:
         c7:4f:ff:0a:c3:a2:a3:36:67:86:39:8e:6b:83:ef:e9:f9:99:
         27:5a:fe:bf
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUZNb7/vB0un3VQJ/54SRk5JNRlcowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDA3ZThkMjM0MjA3YmFiNDU2NmUxZjNlMDlhNmQzNjEzNTA2M2M1NzcyNWVi
MGEwNzE4OTc5MzlhY2E5YWQ2YjUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALNnezyoIbKMi6smdyiN2RuvMYJtEXx3rzNe2S7AEafL6AyXhD9b/m0bA2Bk
0QX0/z6EugupWeNS85RQr6V1yzwEidvkRk2kAYLWGMQD51fvWYHVLuqTpL2FlXjI
EqRniyXftMZtP1RTJSB5ENMFC/cUcK5vQ+DOG/WGZdTBjWKFmPGgLg7kzhnJqrik
4e+nBEcjNTIhnS0S1xhoJ1VyMYLj7Qchit3ehYWGMn/ufyFLOn26QaRcE0ojpzAx
4n4vzrOg0wrXwpPDoUdvrz0r5ncqOrxS6qwLeVlZjkCSPRdDLGrkN4/qN4w9pzh7
UH7p8/w4SOdUdGiSbiaL8bTrM+MCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSTXULB
MGxDevKu2pgHt/O07ojZfTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDMxOGRmMDctOWNhOS00Y2E4LThkYWYtMmM3ZThiNDQyNGU0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOXMA0G
CSqGSIb3DQEBCwUAA4IBAQAW3Ch4RvL++5EMja6U92ivdqwBv5qzLWsnbYbIFfx3
Q9BZIi31Sc15WsxsauZAWBintyhYuEr4llWbtcEhNRqu3ZuLfBomrwD9OaJIikn3
6w3KwFYoNB5/aDL1WkJjLU/QIycVi/nbsutflavAFcfPgJhYe7jVQoWIntr3hGmk
Mu9UED8VoYZJRGDDKDKmhgAcmY3ZzJlvtynViWGeVrjeGEhSvlXi/tpefvR4zwYb
+USEpGfxayVSNy2IsycqhcKe34cpNvqVlNQfo2Fz/+Wc3B4MvUK/Kt66+arNx40T
7xPnclSKF8hi5HfHT/8Kw6KjNmeGOY5rg+/p+ZknWv6/
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:23 2024 by rpki-client on console-fra.rpki-client.org