Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/83c9f9c4-39a2-4f5f-9188-1a9e0dccf209.roa
File:                     83c9f9c4-39a2-4f5f-9188-1a9e0dccf209.roa (raw, json)
Hash identifier:          nshITRIxdGTjpylYpb3Nmvb4+Yy5jmO/oEp1oBAthOc=
Subject key identifier:   60:5C:A1:2E:CE:3C:B4:4E:25:0A:8D:F1:AA:40:DD:82:C0:D6:99:E3
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       78AC6C2ADE5EC16B3E07C124D8E89D8359A42C95
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/83c9f9c4-39a2-4f5f-9188-1a9e0dccf209.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.150.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:ac:6c:2a:de:5e:c1:6b:3e:07:c1:24:d8:e8:9d:83:59:a4:2c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=ee662ffbbad5333c7e85c049fa4bb53e4e7e4e9bc7aab72a316ee4305ada0945, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:56:95:08:08:a4:73:93:97:d4:54:8b:fe:5f:
                    dc:f5:b1:64:57:7d:42:87:3c:06:ee:2f:db:79:ef:
                    35:9c:12:0c:9f:b9:1c:f3:28:b7:30:c4:10:1b:ad:
                    48:47:8d:af:94:30:93:90:6b:b5:b9:34:d1:e7:64:
                    b2:76:9d:af:86:3e:96:d3:e9:08:53:c0:84:92:a7:
                    e0:0c:e0:b2:0e:aa:66:6f:49:68:c2:17:e7:b4:f8:
                    2d:5a:d9:f7:96:dd:43:a8:37:37:b4:6d:b0:14:6c:
                    d4:0b:ea:30:9c:a2:cc:20:3c:64:eb:5f:3b:07:cb:
                    94:02:3c:8a:ca:7f:25:4a:bd:6f:de:56:24:31:a8:
                    60:c2:59:4f:40:a7:ed:83:e1:3b:ab:ea:75:b4:6e:
                    91:ed:79:e0:3d:24:06:04:61:5c:bb:98:8a:48:7f:
                    30:ba:e1:46:91:76:38:e7:ef:6a:8d:0a:1c:21:e4:
                    2a:62:1b:86:d5:d3:fb:84:cc:11:40:b9:66:86:e7:
                    a0:4f:b1:46:dc:26:84:8f:2c:49:9c:48:8d:eb:d6:
                    e5:88:cc:ef:ff:ec:4f:92:0b:90:6d:22:f7:d2:0b:
                    80:71:f8:b3:8e:98:cf:69:3b:28:63:70:89:f2:44:
                    a7:0a:12:d5:e6:08:28:4e:5d:cc:5f:70:0c:b7:35:
                    d5:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:5C:A1:2E:CE:3C:B4:4E:25:0A:8D:F1:AA:40:DD:82:C0:D6:99:E3
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/83c9f9c4-39a2-4f5f-9188-1a9e0dccf209.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.150.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c0:22:87:d2:9a:e5:d3:6b:bd:0e:8a:2a:48:66:8c:90:e2:c3:
         ed:f6:a7:5f:81:1f:1d:a0:66:bc:b2:7a:ac:51:e9:71:a4:ac:
         79:51:05:3a:a2:13:e2:9b:e5:10:bb:95:a2:4b:ae:b3:a7:ae:
         a8:eb:c4:87:35:0f:d2:c5:10:7f:90:e1:49:47:d5:3d:36:cd:
         f9:2c:9c:2c:54:c4:bb:54:91:17:64:34:ae:be:fa:e8:2c:19:
         1c:1f:56:8f:bc:74:a8:97:cc:a6:ed:89:96:a8:33:2b:a5:88:
         a0:3b:8f:5c:b0:3e:b3:6a:bd:51:33:12:d5:6c:ef:c0:a2:bf:
         b9:1b:2e:be:e8:48:e7:b1:0b:ae:08:12:e1:3b:83:25:93:3e:
         f8:be:96:8f:e0:81:be:dd:5c:0e:57:81:a4:64:52:67:c9:40:
         02:72:b2:ed:be:e0:16:e6:5e:f8:77:ff:22:ad:3f:19:9d:7c:
         04:7c:b3:f2:10:d6:d0:8d:91:fb:31:f1:8a:0a:54:30:a0:1f:
         ce:7f:ee:59:01:37:07:6b:2d:18:b4:5c:a0:7f:e3:84:71:ce:
         d9:57:f9:6f:c9:aa:e5:fd:70:01:8e:b9:6c:5d:72:e0:6b:cc:
         60:b5:7b:30:70:23:0d:71:77:4e:c4:68:57:7a:6f:c2:e9:2c:
         d0:f0:80:e4
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUeKxsKt5ewWs+B8Ek2Oidg1mkLJUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGVlNjYyZmZiYmFkNTMzM2M3ZTg1YzA0OWZhNGJiNTNlNGU3ZTRlOWJjN2Fh
YjcyYTMxNmVlNDMwNWFkYTA5NDUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKNWlQgIpHOTl9RUi/5f3PWxZFd9Qoc8Bu4v23nvNZwSDJ+5HPMotzDEEBut
SEeNr5Qwk5Brtbk00edksnadr4Y+ltPpCFPAhJKn4Azgsg6qZm9JaMIX57T4LVrZ
95bdQ6g3N7RtsBRs1AvqMJyizCA8ZOtfOwfLlAI8isp/JUq9b95WJDGoYMJZT0Cn
7YPhO6vqdbRuke154D0kBgRhXLuYikh/MLrhRpF2OOfvao0KHCHkKmIbhtXT+4TM
EUC5ZobnoE+xRtwmhI8sSZxIjevW5YjM7//sT5ILkG0i99ILgHH4s46Yz2k7KGNw
ifJEpwoS1eYIKE5dzF9wDLc11cMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRgXKEu
zjy0TiUKjfGqQN2CwNaZ4zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODNjOWY5YzQtMzlhMi00ZjVmLTkxODgtMWE5ZTBkY2NmMjA5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOWMA0G
CSqGSIb3DQEBCwUAA4IBAQDAIofSmuXTa70OiipIZoyQ4sPt9qdfgR8doGa8snqs
UelxpKx5UQU6ohPim+UQu5WiS66zp66o68SHNQ/SxRB/kOFJR9U9Ns35LJwsVMS7
VJEXZDSuvvroLBkcH1aPvHSol8ym7YmWqDMrpYigO49csD6zar1RMxLVbO/Aor+5
Gy6+6EjnsQuuCBLhO4Mlkz74vpaP4IG+3VwOV4GkZFJnyUACcrLtvuAW5l74d/8i
rT8ZnXwEfLPyENbQjZH7MfGKClQwoB/Of+5ZATcHay0YtFygf+OEcc7ZV/lvyarl
/XABjrlsXXLga8xgtXswcCMNcXdOxGhXem/C6SzQ8IDk
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:28 2024 by rpki-client on console-ams.rpki-client.org