Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/582a854d-4985-4bca-ae2a-4cc422726702.roa
File:                     582a854d-4985-4bca-ae2a-4cc422726702.roa (raw, json)
Hash identifier:          d0jOqhFnexuIg09VUvCK7FYCwiU8SsfcNpOF0A8I328=
Subject key identifier:   93:16:1F:38:C6:D6:78:26:97:C3:4C:9B:7A:87:E8:7A:70:BA:C0:C3
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       2D10EB5C9C32A061BD341A6CBD868B1E78D2A300
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/582a854d-4985-4bca-ae2a-4cc422726702.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.40.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:10:eb:5c:9c:32:a0:61:bd:34:1a:6c:bd:86:8b:1e:78:d2:a3:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=67d104937902a15f7dea4503a47420484a40c518abb5af67b1c5ec14dfe3b568, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:c6:3a:43:52:1d:c2:6f:cd:ba:a8:a3:38:f0:
                    2e:b7:a5:55:35:54:56:d9:53:12:ef:ff:ea:32:f1:
                    40:05:9e:ec:7a:83:79:47:79:b0:f6:4e:34:e3:bb:
                    4c:a5:85:06:62:43:32:f0:5b:62:65:0a:e3:86:ae:
                    95:ba:0e:ab:1d:9e:42:24:f1:ba:65:fa:28:7b:6c:
                    a2:4b:9e:bb:2c:c6:65:db:9d:ec:1c:83:b9:02:c3:
                    c8:be:bc:26:0a:e4:60:16:2b:80:d9:ba:3e:37:5f:
                    e6:3a:1f:64:cc:b4:80:44:1d:35:1a:c1:56:ec:2b:
                    00:d3:37:b0:69:3f:f8:96:96:b6:17:4c:d0:76:b9:
                    0c:09:0e:d6:25:1b:5d:6c:f5:b4:9a:28:e3:ac:49:
                    99:81:77:af:11:6a:92:75:b9:41:34:b7:63:43:b5:
                    b6:0a:85:6b:dd:a9:00:e3:ff:ee:39:3f:96:fa:3f:
                    21:93:8d:a2:2b:f0:aa:b2:2d:1f:d0:80:46:02:38:
                    2c:2d:52:23:29:34:21:a8:16:a7:e8:c1:88:c4:3b:
                    34:cd:e5:79:48:34:40:ac:2a:0e:8a:58:03:13:48:
                    5e:c6:c2:3e:35:05:18:fe:6d:4e:03:8b:b0:3c:fe:
                    df:a8:c5:16:d4:a0:3b:80:e3:29:66:44:06:9c:aa:
                    43:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:16:1F:38:C6:D6:78:26:97:C3:4C:9B:7A:87:E8:7A:70:BA:C0:C3
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/582a854d-4985-4bca-ae2a-4cc422726702.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.40.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a7:1c:fe:52:a3:5d:64:f5:33:02:56:81:a0:43:b2:5c:67:a7:
         57:ca:aa:9b:af:e5:dc:6a:da:e4:74:1e:99:23:4b:58:c1:43:
         9e:66:e1:ec:53:6f:1d:94:24:6a:a2:9a:2b:e3:77:50:db:f5:
         99:4f:38:f9:5c:42:d4:90:11:cc:b3:98:60:30:8a:1f:11:dc:
         ed:34:59:39:b7:a4:45:ac:29:2e:e5:53:5a:ad:cf:21:0e:11:
         d2:1a:87:e0:76:43:3e:db:9e:c6:46:b2:4e:bf:2b:65:09:ab:
         41:81:48:2a:22:b7:3d:4e:03:8e:72:2b:fc:75:98:2c:94:df:
         cf:b4:d4:72:de:44:7f:a6:20:dd:53:75:9b:71:5d:45:b3:c4:
         4c:a8:0f:5c:84:8b:c2:99:28:0a:40:41:91:c0:f1:2b:86:28:
         53:f3:dc:cd:21:16:98:27:f1:bc:67:60:c3:9c:c7:4c:17:33:
         84:5b:4a:3b:1f:6f:52:72:5a:41:0b:c2:86:98:1e:bd:4f:dd:
         f7:e9:b0:43:4c:65:c2:e0:d9:6d:58:60:70:cf:26:39:7e:fe:
         25:d2:7f:40:33:ee:36:c5:2b:d2:e0:41:6d:5b:86:39:db:ab:
         3d:18:d7:aa:7b:17:c5:c2:8a:1d:04:4a:af:f8:86:21:0d:a0:
         bc:60:d9:65
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIULRDrXJwyoGG9NBpsvYaLHnjSowAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDY3ZDEwNDkzNzkwMmExNWY3ZGVhNDUwM2E0NzQyMDQ4NGE0MGM1MThhYmI1
YWY2N2IxYzVlYzE0ZGZlM2I1NjgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN7GOkNSHcJvzbqoozjwLrelVTVUVtlTEu//6jLxQAWe7HqDeUd5sPZONOO7
TKWFBmJDMvBbYmUK44aulboOqx2eQiTxumX6KHtsokueuyzGZdud7ByDuQLDyL68
JgrkYBYrgNm6Pjdf5jofZMy0gEQdNRrBVuwrANM3sGk/+JaWthdM0Ha5DAkO1iUb
XWz1tJoo46xJmYF3rxFqknW5QTS3Y0O1tgqFa92pAOP/7jk/lvo/IZONoivwqrIt
H9CARgI4LC1SIyk0IagWp+jBiMQ7NM3leUg0QKwqDopYAxNIXsbCPjUFGP5tTgOL
sDz+36jFFtSgO4DjKWZEBpyqQ68CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSTFh84
xtZ4JpfDTJt6h+h6cLrAwzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NTgyYTg1NGQtNDk4NS00YmNhLWFlMmEtNGNjNDIyNzI2NzAyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMoMA0G
CSqGSIb3DQEBCwUAA4IBAQCnHP5So11k9TMCVoGgQ7JcZ6dXyqqbr+XcatrkdB6Z
I0tYwUOeZuHsU28dlCRqopor43dQ2/WZTzj5XELUkBHMs5hgMIofEdztNFk5t6RF
rCku5VNarc8hDhHSGofgdkM+257GRrJOvytlCatBgUgqIrc9TgOOciv8dZgslN/P
tNRy3kR/piDdU3WbcV1Fs8RMqA9chIvCmSgKQEGRwPErhihT89zNIRaYJ/G8Z2DD
nMdMFzOEW0o7H29SclpBC8KGmB69T9336bBDTGXC4NltWGBwzyY5fv4l0n9AM+42
xSvS4EFtW4Y526s9GNeqexfFwoodBEqv+IYhDaC8YNll
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:40 2024 by rpki-client on console-ams.rpki-client.org