Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60e56074-ddab-4ffc-a1d4-b7fd9edbfc5e.roa
File:                     60e56074-ddab-4ffc-a1d4-b7fd9edbfc5e.roa (raw, json)
Hash identifier:          WzZsHBoqmSWCUqmbBow7ho9mrDG3gFwRbtn4W4yIHaA=
Subject key identifier:   47:DB:08:B3:CA:3A:DD:82:D2:B3:5D:54:1C:40:FC:B4:88:A6:79:52
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       2538F3826F3DA51A1A075DD19833A7ACA92B80B5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60e56074-ddab-4ffc-a1d4-b7fd9edbfc5e.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        51.118.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:38:f3:82:6f:3d:a5:1a:1a:07:5d:d1:98:33:a7:ac:a9:2b:80:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=c9045289e92a734398fc170dfd4ff9e4adf80fc365df099210c9bf0c1f5ed1af, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e3:a2:23:e5:3a:a6:31:ab:6b:d6:48:1c:75:
                    6d:ca:61:0e:eb:59:c5:96:b6:d2:3d:63:79:49:e6:
                    70:63:cf:61:70:8b:da:b3:a8:58:79:11:c4:10:9d:
                    45:36:c9:94:4d:47:1b:bb:b5:43:83:9f:ec:7a:45:
                    f3:ee:b5:92:1b:52:ea:0c:ff:fa:77:41:23:ff:5f:
                    61:74:5f:53:95:37:18:88:19:8c:d6:4d:e4:d7:c0:
                    a7:b4:63:c9:f1:b6:4e:54:67:92:26:ad:08:6f:df:
                    d8:40:71:60:cf:29:9f:b5:79:f0:28:1e:c1:b2:23:
                    02:e6:a6:ae:e4:c3:f8:8d:cd:f9:6d:b1:10:fc:4e:
                    a3:42:69:8b:63:41:7c:08:01:15:94:cf:b0:95:cd:
                    6d:8a:fd:7d:e1:02:35:f4:f5:1b:78:f1:3a:39:d3:
                    16:c3:f7:a9:8d:1f:f5:7c:4e:a7:a4:4c:50:c5:30:
                    81:33:f8:a6:bb:d6:c6:16:cf:33:5a:c7:01:2c:20:
                    31:fb:28:89:a0:14:e5:cd:5f:e8:07:b4:d9:88:01:
                    2b:99:84:ca:d6:9f:da:c6:ac:bb:89:26:4f:6b:97:
                    65:be:47:3f:de:fa:1c:7d:9f:27:9d:c0:a7:95:df:
                    56:ce:29:98:b9:b0:67:c6:7e:1e:a1:24:96:2f:60:
                    2b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:DB:08:B3:CA:3A:DD:82:D2:B3:5D:54:1C:40:FC:B4:88:A6:79:52
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60e56074-ddab-4ffc-a1d4-b7fd9edbfc5e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.118.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         72:84:ce:d7:fc:2d:94:22:97:2d:29:a3:85:07:ac:b9:53:95:
         42:fd:a8:8a:a0:fe:0f:53:c6:fb:91:61:be:f8:63:c7:df:30:
         ad:9e:43:ff:5e:92:92:d1:00:1b:44:35:86:5a:98:8a:bf:2d:
         1a:00:63:e2:eb:f1:23:76:ce:87:91:99:bd:20:57:6e:8f:85:
         b7:6a:d4:89:a1:09:6b:f9:bd:fd:da:b8:5a:c2:31:64:43:07:
         a1:95:c8:14:3c:53:65:e2:64:d8:37:e3:63:7d:e8:7e:62:23:
         0f:0d:70:68:7d:75:30:bb:11:89:1c:52:ad:96:4f:95:9a:0e:
         21:b0:9e:c3:b8:52:1c:ce:66:50:a4:c4:af:3e:b1:57:0f:ce:
         69:5a:08:4f:0d:43:ce:a0:d7:a8:99:14:fb:5e:5b:5b:45:92:
         03:cd:60:ee:0d:e9:9e:fc:6b:7e:a1:95:82:ec:34:f6:e9:6a:
         2a:c3:7b:ca:dc:30:10:fb:08:e8:0d:29:ae:5a:83:67:97:6c:
         90:16:87:7c:53:03:74:5f:c0:e9:6e:8b:2f:16:4f:e0:84:ce:
         c3:6e:8e:d4:5c:f9:1b:32:74:82:ae:ff:08:5c:e5:47:fa:a3:
         dd:54:f0:3d:5f:b1:66:97:6c:29:8a:c2:cf:78:0a:aa:09:c5:
         ba:c4:83:00
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUJTjzgm89pRoaB13RmDOnrKkrgLUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGM5MDQ1Mjg5ZTkyYTczNDM5OGZjMTcwZGZkNGZmOWU0YWRmODBmYzM2NWRm
MDk5MjEwYzliZjBjMWY1ZWQxYWYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANPjoiPlOqYxq2vWSBx1bcphDutZxZa20j1jeUnmcGPPYXCL2rOoWHkRxBCd
RTbJlE1HG7u1Q4Of7HpF8+61khtS6gz/+ndBI/9fYXRfU5U3GIgZjNZN5NfAp7Rj
yfG2TlRnkiatCG/f2EBxYM8pn7V58CgewbIjAuamruTD+I3N+W2xEPxOo0Jpi2NB
fAgBFZTPsJXNbYr9feECNfT1G3jxOjnTFsP3qY0f9XxOp6RMUMUwgTP4prvWxhbP
M1rHASwgMfsoiaAU5c1f6Ae02YgBK5mEytaf2sasu4kmT2uXZb5HP976HH2fJ53A
p5XfVs4pmLmwZ8Z+HqEkli9gK5MCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRH2wiz
yjrdgtKzXVQcQPy0iKZ5UjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjBlNTYwNzQtZGRhYi00ZmZjLWExZDQtYjdmZDllZGJmYzVlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATN2MA0G
CSqGSIb3DQEBCwUAA4IBAQByhM7X/C2UIpctKaOFB6y5U5VC/aiKoP4PU8b7kWG+
+GPH3zCtnkP/XpKS0QAbRDWGWpiKvy0aAGPi6/Ejds6HkZm9IFduj4W3atSJoQlr
+b392rhawjFkQwehlcgUPFNl4mTYN+Njfeh+YiMPDXBofXUwuxGJHFKtlk+Vmg4h
sJ7DuFIczmZQpMSvPrFXD85pWghPDUPOoNeomRT7XltbRZIDzWDuDeme/Gt+oZWC
7DT26Woqw3vK3DAQ+wjoDSmuWoNnl2yQFod8UwN0X8DpbosvFk/ghM7Dbo7UXPkb
MnSCrv8IXOVH+qPdVPA9X7Fml2wpisLPeAqqCcW6xIMA
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:40 2024 by rpki-client on console-ams.rpki-client.org