Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/46eb8bb9-8a91-491d-8f3f-9cc4afcf5ecd.roa
File:                     46eb8bb9-8a91-491d-8f3f-9cc4afcf5ecd.roa (raw, json)
Hash identifier:          2eWSRmfVod3Alo5y/tH0fqpWIwd4SVIXHT+cwcHinTg=
Subject key identifier:   0B:CA:AE:88:C3:93:C5:5F:37:64:66:5A:06:5B:09:A1:72:6A:D6:74
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       448B95F0EAFC4B5DCCB3DFE7024ECE1C7E729EDA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/46eb8bb9-8a91-491d-8f3f-9cc4afcf5ecd.roa
Signing time:             Tue 26 Mar 2024 00:00:00 +0000
ROA not before:           Tue 26 Mar 2024 00:00:00 +0000
ROA not after:            Tue 30 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.108.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:8b:95:f0:ea:fc:4b:5d:cc:b3:df:e7:02:4e:ce:1c:7e:72:9e:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 26 00:00:00 2024 GMT
            Not After : Apr 30 23:59:59 2024 GMT
        Subject: serialNumber=fb26d374681211fc09f1db7ec7fd4ba9c347da9db79d64e2019dd95a87532506, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ca:db:4a:da:7a:14:5b:13:fe:5a:da:ad:f2:
                    79:0d:6a:36:03:ab:87:dd:0f:89:dd:fe:66:05:c9:
                    f3:01:54:64:90:90:ce:58:8e:72:0e:50:6b:38:05:
                    bb:50:ae:1a:3d:df:c7:14:0c:83:c3:dc:cc:33:49:
                    ae:a0:59:10:7b:40:80:86:82:09:6b:74:95:1a:3f:
                    c1:05:75:ce:57:ff:7a:3b:b4:12:7b:0a:29:1b:41:
                    f0:b7:9b:ca:38:87:52:d0:f3:9b:ed:f6:14:a8:b2:
                    c9:26:29:6b:21:29:72:74:0a:00:4a:b8:61:ef:ca:
                    5f:7e:a8:cd:a1:85:e4:b6:81:12:c2:0d:ed:b8:67:
                    67:ec:30:a6:59:0f:ad:a5:7e:22:f6:30:43:16:8f:
                    f2:e4:b0:cf:73:ce:c6:c5:66:1a:33:73:ab:50:0c:
                    8f:f9:c5:1e:6d:17:e1:5d:22:96:f8:e0:f9:3a:5d:
                    ec:15:14:24:49:fb:e7:f5:0a:17:0c:f5:f3:af:9d:
                    7d:65:09:a2:26:f4:4f:a2:5c:11:e3:32:9a:2c:16:
                    97:6e:26:18:78:f2:ed:22:24:50:95:a4:9a:d9:16:
                    33:7a:1b:4e:5f:7c:99:38:3b:4b:62:b7:55:9f:2e:
                    81:6b:e7:56:ed:e0:18:d3:71:8e:6f:6d:c8:27:83:
                    4a:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:CA:AE:88:C3:93:C5:5F:37:64:66:5A:06:5B:09:A1:72:6A:D6:74
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/46eb8bb9-8a91-491d-8f3f-9cc4afcf5ecd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.108.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6a:b6:91:22:5d:65:d9:fa:ee:1b:73:b9:e3:e6:43:f2:ba:f6:
         78:67:9b:25:b0:5e:47:cc:ec:0e:a7:20:4a:e7:00:26:16:49:
         33:b1:a6:cf:fa:12:1e:32:ba:50:84:61:a6:cc:1b:13:2a:48:
         5c:93:30:ba:51:e4:b2:5f:5c:8f:0a:88:97:c7:a4:fc:8e:10:
         9a:0f:51:11:3c:fd:c9:cc:9f:0c:0d:5b:c2:1a:9b:09:18:1c:
         b6:9a:17:7a:ad:3b:8b:12:03:98:af:18:49:95:23:66:88:71:
         2a:28:b7:e6:30:16:83:4c:20:04:e3:2d:d7:3a:a1:bb:c7:c5:
         7c:34:17:a2:da:8c:a0:e4:b8:3a:14:9a:c6:a4:54:c9:38:dc:
         75:a4:72:03:01:5a:8e:d1:18:e3:e1:3f:6b:b5:5b:89:f7:c8:
         66:1a:5b:d0:56:d3:a0:2d:a3:75:05:48:75:77:34:f5:d8:b9:
         42:56:6c:dd:95:69:6b:c8:9a:47:a2:c3:e9:37:d2:23:bd:bf:
         40:19:b5:ef:f1:be:0d:3d:9d:84:41:69:05:f1:53:85:96:ce:
         cb:bd:bc:88:41:98:13:56:f5:72:ee:d9:35:b7:a0:0a:29:13:
         df:14:fc:51:75:72:af:3a:f8:7c:83:07:e8:dc:dc:ba:65:63:
         de:28:d2:f5
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIURIuV8Or8S13Ms9/nAk7OHH5yntowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMjYwMDAwMDBaFw0yNDA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGZiMjZkMzc0NjgxMjExZmMwOWYxZGI3ZWM3ZmQ0YmE5YzM0N2RhOWRiNzlk
NjRlMjAxOWRkOTVhODc1MzI1MDYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJbK20raehRbE/5a2q3yeQ1qNgOrh90Pid3+ZgXJ8wFUZJCQzliOcg5QazgF
u1CuGj3fxxQMg8PczDNJrqBZEHtAgIaCCWt0lRo/wQV1zlf/eju0EnsKKRtB8Leb
yjiHUtDzm+32FKiyySYpayEpcnQKAEq4Ye/KX36ozaGF5LaBEsIN7bhnZ+wwplkP
raV+IvYwQxaP8uSwz3POxsVmGjNzq1AMj/nFHm0X4V0ilvjg+Tpd7BUUJEn75/UK
Fwz186+dfWUJoib0T6JcEeMymiwWl24mGHjy7SIkUJWkmtkWM3obTl98mTg7S2K3
VZ8ugWvnVu3gGNNxjm9tyCeDSnUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQLyq6I
w5PFXzdkZloGWwmhcmrWdDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDZlYjhiYjktOGE5MS00OTFkLThmM2YtOWNjNGFmY2Y1ZWNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNsMA0G
CSqGSIb3DQEBCwUAA4IBAQBqtpEiXWXZ+u4bc7nj5kPyuvZ4Z5slsF5HzOwOpyBK
5wAmFkkzsabP+hIeMrpQhGGmzBsTKkhckzC6UeSyX1yPCoiXx6T8jhCaD1ERPP3J
zJ8MDVvCGpsJGBy2mhd6rTuLEgOYrxhJlSNmiHEqKLfmMBaDTCAE4y3XOqG7x8V8
NBei2oyg5Lg6FJrGpFTJONx1pHIDAVqO0Rjj4T9rtVuJ98hmGlvQVtOgLaN1BUh1
dzT12LlCVmzdlWlryJpHosPpN9Ijvb9AGbXv8b4NPZ2EQWkF8VOFls7LvbyIQZgT
VvVy7tk1t6AKKRPfFPxRdXKvOvh8gwfo3Ny6ZWPeKNL1
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:40 2024 by rpki-client on console-ams.rpki-client.org