Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/78a98b8d-81ac-4e41-a012-084be89be1cb.roa
File:                     78a98b8d-81ac-4e41-a012-084be89be1cb.roa (raw, json)
Hash identifier:          Os71cienRS9wmBH2qpMpvuWsG85EN3S72EmFRGdU6o8=
Subject key identifier:   F1:F1:28:BE:36:C6:DB:CD:9C:38:CA:82:A9:53:7D:DF:28:A0:0C:57
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       477215C2C2D6282E39E8BE5C5E389C3E36EE75E4
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/78a98b8d-81ac-4e41-a012-084be89be1cb.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.112.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:72:15:c2:c2:d6:28:2e:39:e8:be:5c:5e:38:9c:3e:36:ee:75:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=4775270c2182db957e71681d8786f60a02260c0c60669d15aa9b192aa2400221, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:9d:1a:33:ea:8c:c1:29:82:d3:ed:aa:9c:33:
                    24:9d:f9:a0:f2:e3:7d:ba:a9:12:4d:93:12:1b:af:
                    47:96:a6:3b:18:ce:30:de:40:0a:ac:e5:b9:81:f6:
                    18:9c:7a:9c:3e:04:c1:2c:7f:a4:86:1f:eb:5c:0a:
                    c7:fa:ed:ab:d1:bb:af:15:f0:d9:c2:d0:25:39:4f:
                    3c:f9:1a:e1:ac:37:c1:63:b6:11:1b:c4:9f:77:12:
                    95:ca:f3:36:09:66:cf:73:7e:8f:b5:e4:89:6b:5c:
                    f6:8c:bc:84:b6:c1:98:35:2c:42:08:ce:1b:f6:dd:
                    e8:0d:4d:63:a6:73:b2:ec:53:9d:95:31:19:92:f1:
                    bd:d0:e6:97:6b:bf:50:fb:e8:61:7a:21:77:0d:ae:
                    d2:3d:b5:20:f9:02:51:e1:42:d7:60:e2:2e:96:32:
                    35:24:9a:c7:67:ce:d9:9a:d4:8c:cc:07:08:1c:ed:
                    79:59:a4:69:89:40:d2:66:d2:a7:d9:15:ea:00:56:
                    40:d7:c2:90:83:3d:3b:25:01:b2:ce:b4:13:f6:b5:
                    62:dd:64:06:b9:08:a3:dd:ad:dc:0c:32:f0:80:93:
                    4a:dc:2f:7b:6b:ca:1e:82:b5:1f:0c:24:20:b0:0f:
                    3a:81:bd:00:2d:90:b7:18:3e:f2:23:7a:07:84:75:
                    14:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:F1:28:BE:36:C6:DB:CD:9C:38:CA:82:A9:53:7D:DF:28:A0:0C:57
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/78a98b8d-81ac-4e41-a012-084be89be1cb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.112.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         a6:7c:8a:98:dc:82:7e:0c:ff:08:29:b0:54:09:9b:b1:d0:3d:
         35:8d:96:88:90:fa:90:fd:ca:6e:aa:cc:a2:af:16:2a:e6:8f:
         47:86:1b:9c:2c:ff:8c:40:38:92:12:9c:c0:a2:6e:ad:ac:37:
         10:6f:1c:4f:1c:3f:db:8b:62:ab:bb:45:ce:6e:aa:11:85:06:
         3a:f9:78:b7:d7:a2:7b:e6:8a:95:dd:94:22:78:62:ca:1b:d7:
         27:21:8c:cf:9a:14:5a:93:80:c8:5e:a1:33:84:05:52:a8:84:
         cc:fe:3f:4e:cf:f1:99:b5:5e:02:15:23:6a:9a:6d:fa:0b:62:
         37:a2:d8:3e:d4:b7:95:22:64:a4:1c:64:3e:97:1b:b1:d8:bf:
         71:ae:7b:c2:c5:96:df:fd:b9:ec:2c:7f:a7:64:f6:55:fc:57:
         a7:b2:07:00:c0:4f:1d:a6:e3:d8:0c:4a:5c:d9:bc:5e:3c:08:
         22:3b:d8:89:5a:23:d6:66:d6:ad:2d:8d:1e:ee:be:c9:1a:89:
         25:d1:a9:3c:03:c3:ba:96:7f:90:87:a6:be:26:78:31:01:7c:
         01:58:e3:bd:42:80:8b:7f:d0:74:e9:11:a8:f6:72:0b:d4:6b:
         49:75:59:96:0a:8a:3e:32:a0:3e:ff:ba:bd:8f:ca:b9:89:99:
         d9:59:15:49
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUR3IVwsLWKC456L5cXjicPjbudeQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ3NzUyNzBjMjE4MmRiOTU3ZTcxNjgxZDg3ODZmNjBhMDIyNjBjMGM2MDY2
OWQxNWFhOWIxOTJhYTI0MDAyMjExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOydGjPqjMEpgtPtqpwzJJ35oPLjfbqpEk2TEhuvR5amOxjOMN5ACqzluYH2
GJx6nD4EwSx/pIYf61wKx/rtq9G7rxXw2cLQJTlPPPka4aw3wWO2ERvEn3cSlcrz
Nglmz3N+j7XkiWtc9oy8hLbBmDUsQgjOG/bd6A1NY6ZzsuxTnZUxGZLxvdDml2u/
UPvoYXohdw2u0j21IPkCUeFC12DiLpYyNSSax2fO2ZrUjMwHCBzteVmkaYlA0mbS
p9kV6gBWQNfCkIM9OyUBss60E/a1Yt1kBrkIo92t3Awy8ICTStwve2vKHoK1Hwwk
ILAPOoG9AC2Qtxg+8iN6B4R1FNkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTx8Si+
NsbbzZw4yoKpU33fKKAMVzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NzhhOThiOGQtODFhYy00ZTQxLWEwMTItMDg0YmU4OWJlMWNiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNwMA0G
CSqGSIb3DQEBCwUAA4IBAQCmfIqY3IJ+DP8IKbBUCZux0D01jZaIkPqQ/cpuqsyi
rxYq5o9HhhucLP+MQDiSEpzAom6trDcQbxxPHD/bi2Kru0XObqoRhQY6+Xi316J7
5oqV3ZQieGLKG9cnIYzPmhRak4DIXqEzhAVSqITM/j9Oz/GZtV4CFSNqmm36C2I3
otg+1LeVImSkHGQ+lxux2L9xrnvCxZbf/bnsLH+nZPZV/FensgcAwE8dpuPYDEpc
2bxePAgiO9iJWiPWZtatLY0e7r7JGokl0ak8A8O6ln+Qh6a+JngxAXwBWOO9QoCL
f9B06RGo9nIL1GtJdVmWCoo+MqA+/7q9j8q5iZnZWRVJ
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:28 2024 by rpki-client on console-ams.rpki-client.org