Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/72138391-f885-46be-9450-815e493cd6a4.roa
File:                     72138391-f885-46be-9450-815e493cd6a4.roa (raw, json)
Hash identifier:          ix3xQ7IoyW68HM35xEUKF/qVqw78JeK99QTve7r6GLI=
Subject key identifier:   2D:DD:67:8A:79:A4:48:E6:3A:40:1B:33:2B:2F:0C:5A:67:9A:95:56
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       55BC3E7D5C42F659FEE97FA48CFB0D7DACB6941E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/72138391-f885-46be-9450-815e493cd6a4.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.180.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:bc:3e:7d:5c:42:f6:59:fe:e9:7f:a4:8c:fb:0d:7d:ac:b6:94:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=74c6684cb1e71c63c0820d0429ef8430cb099c5cdbbbfdb360792a5ff4a3ef0e, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:0a:ab:2d:db:f3:cb:39:29:b3:5b:d9:5d:30:
                    6c:27:ae:30:33:1d:13:45:7d:a1:e5:2a:bb:99:11:
                    4e:0e:e2:cb:be:81:df:5e:13:76:d5:c4:14:be:3c:
                    78:b4:e2:a2:15:1f:8d:43:ae:18:4c:6a:b4:98:08:
                    e3:97:c0:09:c6:29:f8:c2:4d:14:45:91:b1:10:7f:
                    6f:10:6c:a7:f2:b8:d9:db:23:e5:9f:71:50:58:8f:
                    c5:04:57:e1:af:34:a4:ff:de:53:9a:fb:53:6c:b6:
                    22:d2:55:42:e9:50:0e:66:e0:ef:48:86:c1:c1:7d:
                    11:c6:59:da:62:4a:bb:68:49:73:29:ab:5a:7a:6b:
                    4a:d4:e3:62:06:5b:fd:3c:64:b7:11:52:b8:d2:d4:
                    a2:23:d6:aa:d7:ef:30:03:fa:07:7d:f9:37:f8:6e:
                    8a:d8:a1:3d:74:ca:f4:70:e2:53:04:8b:9e:4f:0a:
                    26:11:b0:a2:8c:41:8b:a7:8c:43:da:a3:dd:5a:67:
                    67:28:08:88:98:9b:45:8e:d3:e0:a5:bb:e6:f4:9f:
                    b6:9c:40:5e:75:56:fe:99:62:8a:d6:cf:b3:57:85:
                    22:3d:22:ee:de:2a:5c:c3:6e:be:c9:21:65:81:99:
                    68:87:0f:e6:62:05:2b:ba:f7:c5:11:2b:16:aa:bf:
                    3b:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:DD:67:8A:79:A4:48:E6:3A:40:1B:33:2B:2F:0C:5A:67:9A:95:56
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/72138391-f885-46be-9450-815e493cd6a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.180.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         c6:fe:72:f8:7c:69:14:60:b3:38:5a:4e:06:a3:49:9d:23:da:
         7d:40:18:97:e2:14:ca:15:de:9d:2f:9a:87:5d:e3:ec:dc:22:
         a4:a7:d3:84:cd:21:08:e2:10:d9:ea:d6:32:6b:0e:bc:95:c1:
         52:9d:d5:5d:37:e9:06:f4:64:28:34:1c:d8:2a:ef:e2:b8:95:
         c3:1b:2a:68:a0:ea:0b:bb:47:33:b1:a4:37:e1:f8:6c:16:78:
         d9:d3:a3:6e:17:ab:55:4d:1f:84:35:d2:54:90:e2:45:81:a6:
         71:a7:e7:80:0b:0b:ec:1f:44:78:93:41:cd:ef:de:c8:ab:06:
         18:10:96:7c:2a:6e:37:ae:c6:d8:4c:da:48:df:8c:88:ff:98:
         ab:34:f1:2f:13:74:2b:86:63:0f:01:91:53:fa:f4:3b:67:80:
         5d:56:fe:3f:b7:4d:6f:ab:77:91:21:2f:7d:8c:a1:91:97:27:
         74:4d:3f:62:38:e3:50:c0:ed:46:c7:14:c2:a8:cd:cc:a0:4f:
         56:2c:05:8e:1e:55:4c:17:3b:21:66:19:f6:ec:70:e8:c4:40:
         eb:c6:df:f9:41:ff:c4:ee:5f:10:f3:b7:b9:75:a9:13:9e:35:
         b8:46:54:dd:95:b8:08:a3:fa:01:2d:34:a6:44:f9:2e:3e:60:
         b6:4c:ee:7c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUVbw+fVxC9ln+6X+kjPsNfay2lB4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDc0YzY2ODRjYjFlNzFjNjNjMDgyMGQwNDI5ZWY4NDMwY2IwOTljNWNkYmJi
ZmRiMzYwNzkyYTVmZjRhM2VmMGUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ0Kqy3b88s5KbNb2V0wbCeuMDMdE0V9oeUqu5kRTg7iy76B314TdtXEFL48
eLTiohUfjUOuGExqtJgI45fACcYp+MJNFEWRsRB/bxBsp/K42dsj5Z9xUFiPxQRX
4a80pP/eU5r7U2y2ItJVQulQDmbg70iGwcF9EcZZ2mJKu2hJcymrWnprStTjYgZb
/TxktxFSuNLUoiPWqtfvMAP6B335N/huitihPXTK9HDiUwSLnk8KJhGwooxBi6eM
Q9qj3VpnZygIiJibRY7T4KW75vSftpxAXnVW/pliitbPs1eFIj0i7t4qXMNuvskh
ZYGZaIcP5mIFK7r3xRErFqq/O+kCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQt3WeK
eaRI5jpAGzMrLwxaZ5qVVjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NzIxMzgzOTEtZjg4NS00NmJlLTk0NTAtODE1ZTQ5M2NkNmE0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATO0MA0G
CSqGSIb3DQEBCwUAA4IBAQDG/nL4fGkUYLM4Wk4Go0mdI9p9QBiX4hTKFd6dL5qH
XePs3CKkp9OEzSEI4hDZ6tYyaw68lcFSndVdN+kG9GQoNBzYKu/iuJXDGypooOoL
u0czsaQ34fhsFnjZ06NuF6tVTR+ENdJUkOJFgaZxp+eACwvsH0R4k0HN797IqwYY
EJZ8Km43rsbYTNpI34yI/5irNPEvE3QrhmMPAZFT+vQ7Z4BdVv4/t01vq3eRIS99
jKGRlyd0TT9iOONQwO1GxxTCqM3MoE9WLAWOHlVMFzshZhn27HDoxEDrxt/5Qf/E
7l8Q87e5dakTnjW4RlTdlbgIo/oBLTSmRPkuPmC2TO58
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:20 2024 by rpki-client on console-fra.rpki-client.org