Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/71a3959f-fe88-470e-a579-701317fd3928.roa
File:                     71a3959f-fe88-470e-a579-701317fd3928.roa (raw, json)
Hash identifier:          nYlggqS3z3+ASivSXrzViMd+KnUjKb/0Zwd33P+yCN4=
Subject key identifier:   12:95:A0:58:F3:94:F8:89:B3:24:B3:A3:03:33:38:EE:A4:72:59:62
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       17E15D577C5AC07D92BADCADF2386093E1B29556
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/71a3959f-fe88-470e-a579-701317fd3928.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        212.167.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:e1:5d:57:7c:5a:c0:7d:92:ba:dc:ad:f2:38:60:93:e1:b2:95:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=fed6c65911227ab8152ceeaa3578ffa73c3d8959bcc6880ef4137627fc59ed74, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:79:7c:ed:22:6b:b4:67:20:84:2a:bc:6f:f6:
                    c0:93:3c:db:98:ac:e7:47:fd:a5:4b:87:56:4d:4a:
                    f0:95:e4:1f:ad:eb:75:20:32:09:ae:ad:44:65:a8:
                    33:49:a9:9b:10:7e:0e:fa:b5:3b:78:bb:7c:22:66:
                    be:e3:63:e5:ea:e8:cd:08:42:bd:ce:81:c1:c1:2b:
                    39:8b:ac:5c:58:00:a3:92:f5:1e:dd:b4:db:cf:0a:
                    8e:63:79:28:52:11:a4:d1:05:38:5b:f5:68:f5:ec:
                    85:a6:74:78:82:84:c3:67:05:c5:d6:39:18:aa:82:
                    0b:20:9a:ca:6e:3f:33:d8:b4:df:3c:92:9b:3f:3d:
                    41:40:eb:52:01:42:78:d5:d0:ae:60:c9:15:be:b8:
                    9d:aa:56:5e:d8:d9:9d:0a:c0:66:e1:4a:a7:c2:6b:
                    9c:ca:e8:27:1f:4c:27:30:75:fe:4c:3a:e1:f2:02:
                    2e:ec:48:99:93:4e:f7:7f:d6:9f:7b:11:30:1c:17:
                    fe:6f:80:af:cc:aa:3a:8c:3f:d5:c2:2c:60:35:8e:
                    89:7f:9c:7a:87:de:b5:ff:20:1d:b9:6f:11:05:56:
                    f9:cf:cb:48:15:fa:79:7f:83:83:a1:57:e4:4b:7d:
                    b4:c2:5d:0a:8b:4e:07:14:7b:4e:40:b4:d4:4b:70:
                    45:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:95:A0:58:F3:94:F8:89:B3:24:B3:A3:03:33:38:EE:A4:72:59:62
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/71a3959f-fe88-470e-a579-701317fd3928.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.167.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         13:61:40:cb:d2:4d:d4:7d:c2:5e:f2:a5:50:e4:50:0c:d0:88:
         28:62:27:19:0d:41:3b:e9:2a:c2:1e:44:f6:2f:a4:0a:c2:e6:
         d9:c5:26:10:98:66:e1:37:d4:5a:53:2d:a6:8a:06:4d:7c:56:
         91:a0:db:71:d1:a5:9b:26:cc:df:6d:0e:04:5b:c4:8a:f2:5b:
         77:e1:3e:9e:9b:f9:e3:43:1c:35:f2:43:96:30:34:fe:94:b7:
         58:f9:52:0d:17:23:7d:bb:37:53:e3:21:a6:9a:86:da:d1:f9:
         14:ac:91:00:af:55:a7:de:56:b3:f1:56:81:d3:ef:3c:0f:18:
         de:bd:cf:c0:09:54:37:b6:e9:21:05:f1:bb:3b:2f:34:1b:a0:
         18:e9:55:8b:77:f7:99:64:49:f1:a5:e7:b0:1c:bb:ba:4d:84:
         86:26:8b:76:8d:32:aa:c8:1c:25:4e:21:33:ee:31:e9:41:20:
         b0:9f:ab:8c:8e:32:c1:93:2a:44:7f:e4:8e:5e:84:cc:86:83:
         08:7f:0a:83:70:17:81:b1:58:12:03:d4:20:6c:3e:33:f9:49:
         fe:b2:e4:cc:14:f9:b7:4c:6a:98:b5:58:02:1e:70:bd:1e:41:
         52:26:fa:57:63:6c:9c:01:98:53:83:59:29:22:7e:3f:6b:ad:
         8c:d8:d9:5a
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUF+FdV3xawH2Sutyt8jhgk+GylVYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGZlZDZjNjU5MTEyMjdhYjgxNTJjZWVhYTM1NzhmZmE3M2MzZDg5NTliY2M2
ODgwZWY0MTM3NjI3ZmM1OWVkNzQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJ5fO0ia7RnIIQqvG/2wJM825is50f9pUuHVk1K8JXkH63rdSAyCa6tRGWo
M0mpmxB+Dvq1O3i7fCJmvuNj5erozQhCvc6BwcErOYusXFgAo5L1Ht20288KjmN5
KFIRpNEFOFv1aPXshaZ0eIKEw2cFxdY5GKqCCyCaym4/M9i03zySmz89QUDrUgFC
eNXQrmDJFb64napWXtjZnQrAZuFKp8JrnMroJx9MJzB1/kw64fICLuxImZNO93/W
n3sRMBwX/m+Ar8yqOow/1cIsYDWOiX+ceofetf8gHblvEQVW+c/LSBX6eX+Dg6FX
5Et9tMJdCotOBxR7TkC01EtwRecCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQSlaBY
85T4ibMks6MDMzjupHJZYjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NzFhMzk1OWYtZmU4OC00NzBlLWE1NzktNzAxMzE3ZmQzOTI4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDANSnMA0G
CSqGSIb3DQEBCwUAA4IBAQATYUDL0k3UfcJe8qVQ5FAM0IgoYicZDUE76SrCHkT2
L6QKwubZxSYQmGbhN9RaUy2migZNfFaRoNtx0aWbJszfbQ4EW8SK8lt34T6em/nj
Qxw18kOWMDT+lLdY+VINFyN9uzdT4yGmmoba0fkUrJEAr1Wn3laz8VaB0+88Dxje
vc/ACVQ3tukhBfG7Oy80G6AY6VWLd/eZZEnxpeewHLu6TYSGJot2jTKqyBwlTiEz
7jHpQSCwn6uMjjLBkypEf+SOXoTMhoMIfwqDcBeBsVgSA9QgbD4z+Un+suTMFPm3
TGqYtVgCHnC9HkFSJvpXY2ycAZhTg1kpIn4/a62M2Nla
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:23 2024 by rpki-client on console-fra.rpki-client.org