Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/89aac802-59d0-4631-a004-2a1c6311b27f.roa
File:                     89aac802-59d0-4631-a004-2a1c6311b27f.roa (raw, json)
Hash identifier:          gyBify6Is61MNYg+xlVyB0KLLpSVXw1+Y3FUOzV6eKU=
Subject key identifier:   6B:A7:01:3F:CF:C3:B0:62:08:2A:5F:16:5E:06:B0:95:F8:CB:D1:92
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       2D4F57FACAA04982AE1C81A8D320CE2245175479
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/89aac802-59d0-4631-a004-2a1c6311b27f.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.196.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:4f:57:fa:ca:a0:49:82:ae:1c:81:a8:d3:20:ce:22:45:17:54:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=70012cb79af32993f3d70fe3246a84fbe761e1903f9974f18c2d271cd50abc4c, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:1e:5b:07:2f:cd:7c:1b:d2:76:70:c4:61:dd:
                    4e:2d:0b:7f:1f:19:1b:73:13:06:7a:5c:e0:70:f4:
                    0c:dc:38:52:69:ad:36:fa:77:38:66:1f:dc:cb:1f:
                    08:43:30:a0:6c:d0:eb:13:44:2d:9e:1f:58:89:55:
                    8c:1c:53:a5:24:95:8c:e7:d8:b4:d7:00:76:92:2e:
                    25:23:9a:ac:c4:c1:9c:0c:54:7b:31:b7:84:57:7f:
                    f6:66:8b:30:81:7a:76:97:a6:9a:6a:c2:ac:88:3b:
                    c9:81:62:7c:ed:9b:b6:de:9f:88:60:fa:7d:29:79:
                    45:82:ac:76:bd:a4:89:37:ea:79:23:79:ed:5d:e5:
                    1d:0a:c2:42:44:a7:a6:7a:47:af:c6:e9:f5:43:17:
                    73:69:ce:c7:93:49:47:ed:81:71:b9:26:db:92:8e:
                    26:99:cc:3b:9c:d9:b8:7c:68:d0:2b:1a:27:8f:3a:
                    2d:3d:09:48:5f:3e:82:be:17:47:7a:20:07:25:84:
                    e3:4f:7b:16:95:71:07:2c:9f:ab:95:c9:30:ee:de:
                    6c:35:ea:a5:a5:21:de:df:c1:c6:54:ed:33:40:4f:
                    e9:ee:fe:54:83:fc:c5:1d:01:62:9c:55:88:3d:1a:
                    ee:57:bd:a2:e5:bd:26:f6:42:9a:ea:5c:6b:01:c0:
                    be:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:A7:01:3F:CF:C3:B0:62:08:2A:5F:16:5E:06:B0:95:F8:CB:D1:92
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/89aac802-59d0-4631-a004-2a1c6311b27f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.196.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         50:3f:78:9a:b5:43:c1:15:51:7c:87:e9:2e:31:46:5c:aa:05:
         d2:f7:5a:c7:4b:90:0e:12:ca:f7:7e:b2:86:13:44:32:ba:66:
         94:76:0f:99:fa:b6:d0:70:14:87:6a:d1:ea:b8:ed:98:19:a3:
         c2:00:06:fd:02:49:ee:12:52:1f:84:b6:b7:9d:42:25:fc:33:
         a5:c7:92:a1:f4:db:38:c0:02:02:0e:08:db:73:ca:f0:26:95:
         5b:12:fa:e6:a9:4e:61:58:da:a9:5f:bc:f2:7e:82:ee:42:14:
         fe:c9:6f:5d:76:d6:22:7b:35:b2:e8:c9:e2:4e:c2:ba:5b:47:
         3b:cc:77:bd:9b:9e:9c:fc:03:90:a4:eb:f4:e4:5d:2a:b0:4b:
         d4:95:3f:ae:73:40:d0:e0:af:10:87:a0:d0:34:54:32:19:42:
         6b:8b:a5:d4:e2:98:db:e5:bb:cb:42:9e:73:f2:3d:9e:72:3b:
         ef:9c:20:d8:70:6f:c8:14:2f:e7:9f:86:6f:b1:bf:0e:2c:56:
         e4:0b:93:b9:ee:c8:dc:92:5c:7a:ce:32:32:59:10:3b:a9:21:
         75:b5:25:80:3d:31:c9:21:17:70:8b:e7:88:93:de:f9:0b:e8:
         81:6d:a7:6e:67:44:95:4d:34:cf:04:62:63:7d:e8:4d:ab:26:
         a6:06:1c:9e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIULU9X+sqgSYKuHIGo0yDOIkUXVHkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDcwMDEyY2I3OWFmMzI5OTNmM2Q3MGZlMzI0NmE4NGZiZTc2MWUxOTAzZjk5
NzRmMThjMmQyNzFjZDUwYWJjNGMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALAeWwcvzXwb0nZwxGHdTi0Lfx8ZG3MTBnpc4HD0DNw4UmmtNvp3OGYf3Msf
CEMwoGzQ6xNELZ4fWIlVjBxTpSSVjOfYtNcAdpIuJSOarMTBnAxUezG3hFd/9maL
MIF6dpemmmrCrIg7yYFifO2btt6fiGD6fSl5RYKsdr2kiTfqeSN57V3lHQrCQkSn
pnpHr8bp9UMXc2nOx5NJR+2Bcbkm25KOJpnMO5zZuHxo0CsaJ486LT0JSF8+gr4X
R3ogByWE4097FpVxByyfq5XJMO7ebDXqpaUh3t/BxlTtM0BP6e7+VIP8xR0BYpxV
iD0a7le9ouW9JvZCmupcawHAvjcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRrpwE/
z8OwYggqXxZeBrCV+MvRkjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODlhYWM4MDItNTlkMC00NjMxLWEwMDQtMmExYzYzMTFiMjdmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPEMA0G
CSqGSIb3DQEBCwUAA4IBAQBQP3iatUPBFVF8h+kuMUZcqgXS91rHS5AOEsr3frKG
E0QyumaUdg+Z+rbQcBSHatHquO2YGaPCAAb9AknuElIfhLa3nUIl/DOlx5Kh9Ns4
wAICDgjbc8rwJpVbEvrmqU5hWNqpX7zyfoLuQhT+yW9ddtYiezWy6MniTsK6W0c7
zHe9m56c/AOQpOv05F0qsEvUlT+uc0DQ4K8Qh6DQNFQyGUJri6XU4pjb5bvLQp5z
8j2ecjvvnCDYcG/IFC/nn4Zvsb8OLFbkC5O57sjcklx6zjIyWRA7qSF1tSWAPTHJ
IRdwi+eIk975C+iBbaduZ0SVTTTPBGJjfehNqyamBhye
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:24 2024 by rpki-client on console-fra.rpki-client.org