Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/70f878ce-a193-47ae-b517-318c2b88892f.roa
File:                     70f878ce-a193-47ae-b517-318c2b88892f.roa (raw, json)
Hash identifier:          ig6tuYom/fQu8Ibjk6uh9ZEv7QSLw4aA2L35dxJIpls=
Subject key identifier:   EC:03:57:F3:07:D4:08:6D:88:D7:13:FD:24:22:A4:AE:64:BA:70:8E
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       426EE1D3C9F1D0BCC9F1C4F47250AA7998B41653
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/70f878ce-a193-47ae-b517-318c2b88892f.roa
Signing time:             Tue 19 Mar 2024 00:00:00 +0000
ROA not before:           Tue 19 Mar 2024 00:00:00 +0000
ROA not after:            Tue 23 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.0.96.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:6e:e1:d3:c9:f1:d0:bc:c9:f1:c4:f4:72:50:aa:79:98:b4:16:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 19 00:00:00 2024 GMT
            Not After : Apr 23 23:59:59 2024 GMT
        Subject: serialNumber=4f44884d342fb59ddbbd0995a2b4f7cdda235f9fca8664fec7d41bdc125755cd, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:50:36:16:1f:67:92:50:ef:57:7f:87:32:03:
                    f9:77:87:bd:26:4c:8c:01:7d:e5:a6:73:54:79:c1:
                    c1:25:14:41:27:ec:74:e6:a0:19:3b:bc:19:5b:54:
                    73:32:e4:4f:67:d2:27:40:a6:6f:b3:e1:ef:07:aa:
                    fb:b3:34:23:a3:9e:4b:4e:ed:b2:6a:5d:9a:b5:a9:
                    52:fd:63:c1:49:85:f5:1b:0b:82:18:e9:7d:65:34:
                    b9:44:14:65:bb:6b:35:66:67:70:3d:cd:05:4e:a5:
                    97:0b:62:14:7f:32:f3:a2:1c:d3:88:17:29:a0:12:
                    f6:63:94:bd:68:f7:29:0c:5e:c0:25:11:ac:77:fb:
                    e3:fd:e6:ce:ae:a6:90:05:2f:49:cd:e9:fb:f3:55:
                    a5:c5:05:5a:37:57:1e:7b:9a:ad:17:e2:d7:7a:6b:
                    24:69:44:6a:c2:69:d8:db:82:a6:d0:6a:9d:d6:eb:
                    7f:fd:04:eb:37:07:d3:ce:29:c5:51:ab:78:db:7d:
                    99:22:6e:54:32:a3:6e:69:cc:71:7e:b9:b9:1c:3d:
                    00:50:9e:fc:19:d4:60:43:58:45:c8:37:08:a9:60:
                    e6:b8:30:6e:1a:95:ab:38:e3:92:fa:50:cc:52:0e:
                    d0:ec:40:c8:f7:03:66:12:e3:de:cb:77:b9:47:21:
                    09:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:03:57:F3:07:D4:08:6D:88:D7:13:FD:24:22:A4:AE:64:BA:70:8E
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/70f878ce-a193-47ae-b517-318c2b88892f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.0.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         60:03:6e:8d:28:c3:52:a5:44:90:5c:ac:66:24:72:5b:f8:a9:
         35:22:b3:3e:66:49:b8:1f:1e:9a:1b:26:0d:6b:62:17:83:a9:
         18:16:2b:08:4d:10:43:54:2a:c6:0b:0f:2a:5b:1a:0b:db:d4:
         f1:d9:dd:84:c9:f6:b2:fe:88:c8:b8:04:c2:52:0a:33:ab:85:
         4c:cd:dd:58:df:eb:81:d2:b4:d7:57:08:d4:7b:0a:f9:a4:e9:
         88:ec:4f:88:54:16:0c:44:f4:c6:e3:8f:db:09:03:9a:4b:84:
         1e:18:64:8d:48:29:51:42:03:eb:3e:dd:d9:71:60:4e:c1:90:
         b4:e2:ee:81:36:bd:d6:9a:18:87:14:b4:e2:b5:09:f8:bc:3c:
         54:84:cc:2c:86:da:4a:9b:46:10:2a:ee:b8:ab:c6:1c:3b:67:
         2e:af:80:09:c5:da:a1:74:11:8f:3c:45:93:32:27:54:75:87:
         a9:65:53:ed:62:9d:62:88:65:a6:0b:7e:63:ed:54:79:56:9f:
         d7:86:85:eb:af:0e:ab:c8:3b:51:e9:ad:fc:80:ed:34:54:f0:
         a7:84:91:7a:e2:39:25:e5:b8:a9:3c:5b:d7:1d:18:b4:b5:ba:
         93:27:69:e2:a1:b8:41:ae:f2:4d:65:2f:28:6e:78:32:cc:17:
         94:af:a4:47
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUQm7h08nx0LzJ8cT0clCqeZi0FlMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMTkwMDAwMDBaFw0yNDA0MjMyMzU5NTlaMHoxSTBHBgNV
BAUTQDRmNDQ4ODRkMzQyZmI1OWRkYmJkMDk5NWEyYjRmN2NkZGEyMzVmOWZjYTg2
NjRmZWM3ZDQxYmRjMTI1NzU1Y2QxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALRQNhYfZ5JQ71d/hzID+XeHvSZMjAF95aZzVHnBwSUUQSfsdOagGTu8GVtU
czLkT2fSJ0Cmb7Ph7weq+7M0I6OeS07tsmpdmrWpUv1jwUmF9RsLghjpfWU0uUQU
ZbtrNWZncD3NBU6llwtiFH8y86Ic04gXKaAS9mOUvWj3KQxewCURrHf74/3mzq6m
kAUvSc3p+/NVpcUFWjdXHnuarRfi13prJGlEasJp2NuCptBqndbrf/0E6zcH084p
xVGreNt9mSJuVDKjbmnMcX65uRw9AFCe/BnUYENYRcg3CKlg5rgwbhqVqzjjkvpQ
zFIO0OxAyPcDZhLj3st3uUchCXcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTsA1fz
B9QIbYjXE/0kIqSuZLpwjjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NzBmODc4Y2UtYTE5My00N2FlLWI1MTctMzE4YzJiODg4OTJmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAYDAN
BgkqhkiG9w0BAQsFAAOCAQEAYANujSjDUqVEkFysZiRyW/ipNSKzPmZJuB8emhsm
DWtiF4OpGBYrCE0QQ1QqxgsPKlsaC9vU8dndhMn2sv6IyLgEwlIKM6uFTM3dWN/r
gdK011cI1HsK+aTpiOxPiFQWDET0xuOP2wkDmkuEHhhkjUgpUUID6z7d2XFgTsGQ
tOLugTa91poYhxS04rUJ+Lw8VITMLIbaSptGECruuKvGHDtnLq+ACcXaoXQRjzxF
kzInVHWHqWVT7WKdYohlpgt+Y+1UeVaf14aF668Oq8g7Uemt/IDtNFTwp4SReuI5
JeW4qTxb1x0YtLW6kydp4qG4Qa7yTWUvKG54MswXlK+kRw==
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:23 2024 by rpki-client on console-fra.rpki-client.org