Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/44bb00cc-3dee-4cf6-8de9-2febfa0f0f6d.roa
File:                     44bb00cc-3dee-4cf6-8de9-2febfa0f0f6d.roa (raw, json)
Hash identifier:          +Hdg0/SGw/vsZZ2/gveVDlpBI7/huzyZpttYRiRD9IM=
Subject key identifier:   1B:C1:C5:C9:CF:E2:F2:05:73:A4:0C:55:C3:F3:E1:52:0E:E9:9B:4C
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       46F1CF538EDFD99CC50F1200F04FE19CD82AB3C3
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/44bb00cc-3dee-4cf6-8de9-2febfa0f0f6d.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.244.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Dec 2024 15:18:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:f1:cf:53:8e:df:d9:9c:c5:0f:12:00:f0:4f:e1:9c:d8:2a:b3:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: serialNumber=dfb98814671fce2f187966b92412cbd5fcb3d84accd1134234af2a5f9af3cd04, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:93:13:1c:5f:e6:eb:07:23:14:9d:80:e6:61:
                    f3:15:05:54:99:77:32:45:b7:ca:53:6c:73:01:ba:
                    57:ca:a3:9a:56:8f:95:7d:12:e9:03:fb:d4:e5:a5:
                    3b:a2:b1:89:5b:a7:1c:f7:3c:95:59:d2:ed:15:b8:
                    19:92:a0:f6:22:17:48:ba:c5:18:1f:2b:3b:b4:23:
                    80:ec:09:8b:85:8c:fe:3f:7c:fc:01:67:09:ee:99:
                    ba:92:a3:8c:19:78:6a:d0:be:9a:bf:c6:37:9e:60:
                    67:75:75:46:e4:e2:9d:4f:dc:84:af:03:07:60:5d:
                    49:15:3f:ba:bb:fb:eb:e3:37:5e:05:8a:38:78:24:
                    46:ee:86:91:c5:02:30:d2:2f:00:24:c7:6b:34:90:
                    37:7b:b2:fa:8d:1a:ca:43:65:e5:6b:4c:12:bd:20:
                    7b:2c:7b:1a:1c:5d:f1:6e:be:45:17:1a:c4:57:74:
                    0a:d7:b7:5a:0f:62:9e:60:59:e2:f1:24:ef:dd:84:
                    72:c4:f3:d6:36:71:f8:5a:24:49:99:c4:d1:5b:db:
                    01:97:82:c8:b9:14:07:ae:81:5a:e8:62:12:16:08:
                    a5:d0:76:63:7f:a5:0f:8e:cf:26:38:c4:17:7f:d0:
                    60:75:22:f9:48:60:fc:40:c1:57:b9:f5:59:eb:de:
                    f9:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:C1:C5:C9:CF:E2:F2:05:73:A4:0C:55:C3:F3:E1:52:0E:E9:9B:4C
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/44bb00cc-3dee-4cf6-8de9-2febfa0f0f6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.244.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         bd:54:3b:8c:e8:e2:3c:5d:ce:72:30:b0:84:9a:c0:e0:44:2e:
         2c:04:0c:90:1e:62:e0:12:8c:e2:cb:43:a1:8d:be:66:1a:1c:
         54:fc:6c:d3:f0:e3:b6:11:63:0a:58:ba:40:01:44:7f:52:03:
         2b:2d:48:24:bb:e7:58:0c:86:b2:3b:0a:4b:d5:9b:62:c1:e7:
         fc:99:0a:79:1c:cf:3a:5b:63:25:52:a5:77:66:bc:f5:25:fc:
         28:7f:c2:db:16:fa:4c:a7:57:9e:4c:3c:2f:39:1d:c4:1f:55:
         08:a9:d4:ab:ef:b4:e8:71:45:2a:3a:57:16:51:b4:55:20:86:
         ce:db:b3:12:26:fa:23:d1:61:85:63:e1:3e:a8:c4:53:24:08:
         72:79:35:97:78:1c:89:9f:18:26:2a:9e:b3:1d:5e:17:90:66:
         97:03:d2:64:0c:bd:e7:5d:dc:8c:66:37:a6:ec:53:9f:db:d1:
         60:bf:ea:b6:5d:ec:d7:a4:05:fc:04:ac:2f:ad:c8:cd:f4:5d:
         76:57:32:60:c1:3d:e3:12:e3:cf:65:ca:81:66:39:4a:3a:d3:
         cd:61:5b:ae:d9:1a:0b:e9:2c:b3:21:96:81:44:6c:47:6f:7b:
         ec:60:43:56:dc:89:e0:4b:1f:7d:77:87:78:39:e0:01:e2:a1:
         20:34:5a:b4
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIURvHPU47f2ZzFDxIA8E/hnNgqs8MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDEyMDMwMDAwMDBaFw0yNTAxMDcyMzU5NTlaMHoxSTBHBgNV
BAUTQGRmYjk4ODE0NjcxZmNlMmYxODc5NjZiOTI0MTJjYmQ1ZmNiM2Q4NGFjY2Qx
MTM0MjM0YWYyYTVmOWFmM2NkMDQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJiTExxf5usHIxSdgOZh8xUFVJl3MkW3ylNscwG6V8qjmlaPlX0S6QP71OWl
O6KxiVunHPc8lVnS7RW4GZKg9iIXSLrFGB8rO7QjgOwJi4WM/j98/AFnCe6ZupKj
jBl4atC+mr/GN55gZ3V1RuTinU/chK8DB2BdSRU/urv76+M3XgWKOHgkRu6GkcUC
MNIvACTHazSQN3uy+o0aykNl5WtMEr0geyx7Ghxd8W6+RRcaxFd0Cte3Wg9inmBZ
4vEk792EcsTz1jZx+FokSZnE0VvbAZeCyLkUB66BWuhiEhYIpdB2Y3+lD47PJjjE
F3/QYHUi+Uhg/EDBV7n1Weve+f8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQbwcXJ
z+LyBXOkDFXD8+FSDumbTDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDRiYjAwY2MtM2RlZS00Y2Y2LThkZTktMmZlYmZhMGYwZjZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATP0MA0G
CSqGSIb3DQEBCwUAA4IBAQC9VDuM6OI8Xc5yMLCEmsDgRC4sBAyQHmLgEoziy0Oh
jb5mGhxU/GzT8OO2EWMKWLpAAUR/UgMrLUgku+dYDIayOwpL1Ztiwef8mQp5HM86
W2MlUqV3Zrz1Jfwof8LbFvpMp1eeTDwvOR3EH1UIqdSr77TocUUqOlcWUbRVIIbO
27MSJvoj0WGFY+E+qMRTJAhyeTWXeByJnxgmKp6zHV4XkGaXA9JkDL3nXdyMZjem
7FOf29Fgv+q2XezXpAX8BKwvrcjN9F12VzJgwT3jEuPPZcqBZjlKOtPNYVuu2RoL
6SyzIZaBRGxHb3vsYENW3IngSx99d4d4OeAB4qEgNFq0
-----END CERTIFICATE-----
Generated at Mon Dec 9 19:56:31 2024 by rpki-client on console-fra.rpki-client.org