Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/71d66127-3f22-4413-8fe7-9d46d7fe6626.roa
File:                     71d66127-3f22-4413-8fe7-9d46d7fe6626.roa (raw, json)
Hash identifier:          /79aHdS8xvroGysn0Gkanf2Z8hZPTnhGRxmcZSaiEvI=
Subject key identifier:   5B:CD:27:3F:22:E1:ED:CE:8F:B7:17:A4:7F:A1:31:0A:8C:87:8F:FB
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5CD6361C963FC8CE406394DE22FFC6A208FFD62F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/71d66127-3f22-4413-8fe7-9d46d7fe6626.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        57.101.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:d6:36:1c:96:3f:c8:ce:40:63:94:de:22:ff:c6:a2:08:ff:d6:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=393e08a6dc281bb2fff084b198640ca9321bc8ff6225d469210340f39d295cde, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ca:4b:d2:a2:45:56:76:0f:ab:5c:1f:41:d2:
                    fe:69:dc:07:95:86:f9:23:e5:0d:42:f6:09:82:a0:
                    48:46:03:c5:42:fa:36:9d:50:ea:9a:34:39:9a:12:
                    06:fb:b1:f3:df:69:96:15:22:63:aa:bc:c2:8d:96:
                    f4:88:24:b7:04:c6:69:9c:ca:a6:f6:76:31:0f:2b:
                    ad:08:09:20:34:bc:99:12:d0:00:08:f7:7f:5f:d7:
                    71:a6:d5:7b:a0:af:33:9f:44:c1:43:c6:13:a5:47:
                    f4:65:0f:2c:de:93:08:ef:0d:39:73:4f:6f:98:af:
                    87:a7:10:27:c6:f4:56:50:f2:32:e3:ee:fe:a5:56:
                    9c:2e:bc:39:f4:5f:40:71:6d:51:ea:59:da:58:6b:
                    18:51:76:03:c9:63:ac:0a:8e:09:f9:ef:39:c7:49:
                    b9:18:99:e0:d0:c4:22:2a:c5:0b:ea:64:44:3f:43:
                    e0:f2:ec:cb:86:b1:d5:c7:a8:25:9d:9b:7f:3e:7f:
                    b4:28:88:3e:eb:93:e6:e0:a0:9a:e6:c8:56:a9:e8:
                    aa:6f:50:8b:19:57:ba:8e:13:ee:06:0c:e0:5a:05:
                    f3:90:e3:f9:8b:04:03:aa:38:7a:e0:a4:12:c7:6e:
                    f0:9b:11:b4:1f:d7:25:62:01:4a:23:35:aa:c8:0b:
                    ab:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:CD:27:3F:22:E1:ED:CE:8F:B7:17:A4:7F:A1:31:0A:8C:87:8F:FB
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/71d66127-3f22-4413-8fe7-9d46d7fe6626.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.101.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d0:76:30:34:65:5d:f2:4a:cf:dc:e6:e1:fa:7f:89:c2:08:91:
         d3:ef:b2:a3:25:cc:4e:06:ca:98:23:12:b6:6b:62:81:02:81:
         6f:f2:ad:b7:a4:88:7d:19:86:b2:48:e2:22:cb:fd:d2:c1:be:
         6a:c8:71:9b:0b:f5:78:0a:6f:3e:ba:50:28:9e:3c:65:ed:3f:
         16:76:4d:62:73:7e:07:78:d3:55:84:81:2c:e9:da:69:8a:f1:
         74:e3:2f:74:12:f5:e8:c3:f6:1d:28:5e:ba:ca:04:1f:c2:33:
         cb:68:86:74:d6:1b:90:72:f6:8b:a5:1c:36:e4:2b:a9:87:dd:
         8c:4e:1a:7f:7d:12:a2:8b:04:d3:b8:4d:a9:47:57:63:ea:8a:
         19:3f:d1:83:29:43:de:8c:69:e6:8c:ae:31:2c:37:24:7e:29:
         bc:77:13:ff:e7:0e:be:16:66:24:92:6b:18:2b:36:fe:c0:3e:
         a6:ef:50:f5:0e:04:18:c9:7d:a4:6f:8e:a0:c9:34:51:fd:5a:
         a5:c4:d7:d2:4a:c9:8c:89:8a:84:8c:c3:21:b6:eb:e4:60:23:
         83:a8:10:22:91:17:4e:4c:03:60:c0:80:cb:fe:f6:a1:41:95:
         cb:28:32:52:b4:f5:6c:10:79:bc:8a:2e:96:51:e9:50:44:ff:
         9c:22:86:00
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXNY2HJY/yM5AY5TeIv/Gogj/1i8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDM5M2UwOGE2ZGMyODFiYjJmZmYwODRiMTk4NjQwY2E5MzIxYmM4ZmY2MjI1
ZDQ2OTIxMDM0MGYzOWQyOTVjZGUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK/KS9KiRVZ2D6tcH0HS/mncB5WG+SPlDUL2CYKgSEYDxUL6Np1Q6po0OZoS
Bvux899plhUiY6q8wo2W9IgktwTGaZzKpvZ2MQ8rrQgJIDS8mRLQAAj3f1/XcabV
e6CvM59EwUPGE6VH9GUPLN6TCO8NOXNPb5ivh6cQJ8b0VlDyMuPu/qVWnC68OfRf
QHFtUepZ2lhrGFF2A8ljrAqOCfnvOcdJuRiZ4NDEIirFC+pkRD9D4PLsy4ax1ceo
JZ2bfz5/tCiIPuuT5uCgmubIVqnoqm9QixlXuo4T7gYM4FoF85Dj+YsEA6o4euCk
Esdu8JsRtB/XJWIBSiM1qsgLq70CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRbzSc/
IuHtzo+3F6R/oTEKjIeP+zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NzFkNjYxMjctM2YyMi00NDEzLThmZTctOWQ0NmQ3ZmU2NjI2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADllMA0G
CSqGSIb3DQEBCwUAA4IBAQDQdjA0ZV3ySs/c5uH6f4nCCJHT77KjJcxOBsqYIxK2
a2KBAoFv8q23pIh9GYaySOIiy/3Swb5qyHGbC/V4Cm8+ulAonjxl7T8Wdk1ic34H
eNNVhIEs6dppivF04y90EvXow/YdKF66ygQfwjPLaIZ01huQcvaLpRw25Cuph92M
Thp/fRKiiwTTuE2pR1dj6ooZP9GDKUPejGnmjK4xLDckfim8dxP/5w6+FmYkkmsY
Kzb+wD6m71D1DgQYyX2kb46gyTRR/VqlxNfSSsmMiYqEjMMhtuvkYCODqBAikRdO
TANgwIDL/vahQZXLKDJStPVsEHm8ii6WUelQRP+cIoYA
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:20 2024 by rpki-client on console-fra.rpki-client.org