Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/645140ca-ded9-48d5-91a3-42aec1941dcf.roa
File:                     645140ca-ded9-48d5-91a3-42aec1941dcf.roa (raw, json)
Hash identifier:          +BuF3TZXm3HDkH2sOt9iSjsZEvXkme1S5/MANEpr6Zs=
Subject key identifier:   E9:9F:9D:A8:0B:AD:F3:D2:04:EF:08:3A:8C:C2:66:EA:EF:A1:65:05
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       60AA36F996EBADEBAF5499956D0CBEF1A8077512
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/645140ca-ded9-48d5-91a3-42aec1941dcf.roa
Signing time:             Tue 26 Mar 2024 00:00:00 +0000
ROA not before:           Tue 26 Mar 2024 00:00:00 +0000
ROA not after:            Tue 30 Apr 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.244.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:aa:36:f9:96:eb:ad:eb:af:54:99:95:6d:0c:be:f1:a8:07:75:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 26 00:00:00 2024 GMT
            Not After : Apr 30 23:59:59 2024 GMT
        Subject: serialNumber=9b6692556d4641cd859e8b1be4141aff4dc3f46f286d66900c60a1b0851c9274, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:05:a4:63:e9:32:5b:9d:44:1f:d1:9f:51:f7:
                    f1:e5:a2:af:bd:fd:5f:14:2c:4a:dd:7b:60:1e:6f:
                    67:d9:a4:a3:c2:38:83:bc:8d:77:b1:8a:ba:2b:b9:
                    91:89:6f:13:13:50:b6:e9:05:aa:3c:23:10:88:73:
                    46:16:ce:d4:44:ea:e7:f4:2b:fa:50:8b:50:c4:10:
                    fb:74:c1:5b:66:31:db:98:5e:d5:95:72:00:5a:ff:
                    1b:bf:8f:9c:1d:67:c9:b7:9f:0f:5f:44:10:1b:06:
                    5d:34:4a:c9:19:d9:cb:5b:7d:c1:36:ac:ce:00:cc:
                    96:dd:6c:34:bf:2a:f1:f9:bc:84:dc:bd:27:b5:44:
                    c0:b2:2f:36:a0:cd:59:7d:d7:43:01:5e:e6:17:f6:
                    b4:84:ba:a1:6e:d3:8b:fb:c5:20:e1:b7:13:32:57:
                    28:c4:97:6b:15:c7:94:7e:d4:b7:bf:d8:ff:6c:63:
                    32:5e:b0:87:29:1d:ed:50:e0:20:66:a4:3c:e3:1c:
                    85:84:fa:dc:60:68:c6:78:49:d7:21:1f:1b:ae:e7:
                    d2:e4:15:f4:29:d3:b8:b4:c7:3f:64:da:d7:f7:ad:
                    3c:0c:89:99:aa:39:b3:74:4e:8b:bf:ba:68:a2:bd:
                    f1:21:96:67:3b:70:1a:60:b1:3c:4a:cd:2a:88:3e:
                    e1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:9F:9D:A8:0B:AD:F3:D2:04:EF:08:3A:8C:C2:66:EA:EF:A1:65:05
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/645140ca-ded9-48d5-91a3-42aec1941dcf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.244.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         0d:ef:91:ae:58:a0:74:d8:4b:5f:a4:b4:1f:87:b4:4f:21:ac:
         18:98:2c:11:ec:b8:fe:2f:2c:bc:9c:6b:8f:fb:64:b0:eb:b3:
         ae:a5:6b:fd:45:60:7b:9e:5e:56:75:fb:f1:89:98:6d:3b:59:
         20:c2:ef:07:56:97:26:e7:e1:ad:c5:40:5b:75:e5:85:4a:ea:
         42:e0:31:19:3d:eb:6f:35:a4:d4:6b:55:de:41:0e:34:5d:14:
         cc:8c:41:fa:66:d2:4d:6e:58:a8:bb:36:f2:e9:9f:b1:35:38:
         49:bd:f7:dd:0e:70:c1:cf:b0:79:4f:5d:56:b7:9f:d2:a0:02:
         e6:e1:94:68:dc:1b:6a:77:c8:b3:6d:c3:fb:dd:3b:46:59:92:
         32:ec:66:68:a1:85:12:30:a7:21:29:dc:01:df:da:0b:13:35:
         91:dc:d2:42:48:d0:46:3a:57:4e:f2:35:c1:59:da:a3:7b:a1:
         17:ed:b9:26:04:64:ec:1d:0e:96:c6:1c:59:9d:fe:1e:f2:bc:
         c3:a4:61:48:f3:88:8d:3f:77:e4:ec:cb:49:8f:bc:90:de:e3:
         db:f6:04:1c:dc:bd:4d:0c:c6:8a:fe:5f:59:38:49:77:6a:54:
         41:07:91:34:20:7d:4a:6c:3b:30:7a:2e:b6:65:91:9f:31:77:
         17:04:db:5e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUYKo2+ZbrreuvVJmVbQy+8agHdRIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMjYwMDAwMDBaFw0yNDA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDliNjY5MjU1NmQ0NjQxY2Q4NTllOGIxYmU0MTQxYWZmNGRjM2Y0NmYyODZk
NjY5MDBjNjBhMWIwODUxYzkyNzQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMgFpGPpMludRB/Rn1H38eWir739XxQsSt17YB5vZ9mko8I4g7yNd7GKuiu5
kYlvExNQtukFqjwjEIhzRhbO1ETq5/Qr+lCLUMQQ+3TBW2Yx25he1ZVyAFr/G7+P
nB1nybefD19EEBsGXTRKyRnZy1t9wTaszgDMlt1sNL8q8fm8hNy9J7VEwLIvNqDN
WX3XQwFe5hf2tIS6oW7Ti/vFIOG3EzJXKMSXaxXHlH7Ut7/Y/2xjMl6whykd7VDg
IGakPOMchYT63GBoxnhJ1yEfG67n0uQV9CnTuLTHP2Ta1/etPAyJmao5s3ROi7+6
aKK98SGWZztwGmCxPErNKog+4X0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTpn52o
C63z0gTvCDqMwmbq76FlBTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjQ1MTQwY2EtZGVkOS00OGQ1LTkxYTMtNDJhZWMxOTQxZGNmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATP0MA0G
CSqGSIb3DQEBCwUAA4IBAQAN75GuWKB02EtfpLQfh7RPIawYmCwR7Lj+Lyy8nGuP
+2Sw67OupWv9RWB7nl5WdfvxiZhtO1kgwu8HVpcm5+GtxUBbdeWFSupC4DEZPetv
NaTUa1XeQQ40XRTMjEH6ZtJNbliouzby6Z+xNThJvffdDnDBz7B5T11Wt5/SoALm
4ZRo3Btqd8izbcP73TtGWZIy7GZooYUSMKchKdwB39oLEzWR3NJCSNBGOldO8jXB
Wdqje6EX7bkmBGTsHQ6WxhxZnf4e8rzDpGFI84iNP3fk7MtJj7yQ3uPb9gQc3L1N
DMaK/l9ZOEl3alRBB5E0IH1KbDswei62ZZGfMXcXBNte
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:40 2024 by rpki-client on console-ams.rpki-client.org