Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a08b99a-284f-4e69-83b1-fbfba94e7f22.roa
File:                     9a08b99a-284f-4e69-83b1-fbfba94e7f22.roa (raw, json)
Hash identifier:          3gKr4fnVLm+p3GQAG0Fyk0NraipgCE+bY5Uh3+y3bis=
Subject key identifier:   02:48:8E:ED:74:C6:2F:24:98:08:28:8B:F8:DC:A7:03:1F:DE:33:2D
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       3DC92E724B9A9664192C633C863AD0497008B59D
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a08b99a-284f-4e69-83b1-fbfba94e7f22.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        145.55.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:c9:2e:72:4b:9a:96:64:19:2c:63:3c:86:3a:d0:49:70:08:b5:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=ec1ebb92c9d9ff5f28a4d60dc5fc7a5eb8fc1f39aa30778f1cb15b540b2e508d, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:b4:bb:88:93:1e:86:9c:ea:3e:2e:25:4a:b7:
                    54:b1:c9:1e:27:f1:c7:6c:a0:da:ba:29:c5:19:d7:
                    6d:16:03:98:67:59:7e:5a:d7:fb:86:65:98:be:e2:
                    28:76:39:e9:87:9f:29:28:c7:61:9f:56:d2:7d:2d:
                    55:2b:5d:23:19:b5:a0:47:a0:18:82:fd:25:b6:51:
                    70:78:81:b8:94:82:53:89:71:cc:17:c9:99:63:f3:
                    c3:2f:19:ce:5a:90:c2:52:75:d8:96:42:fb:c0:6b:
                    2c:a9:95:d7:68:c4:b4:d9:08:44:56:44:d5:a8:c2:
                    77:a9:7c:a9:c9:56:39:56:79:4d:46:d6:62:96:e3:
                    ec:85:1a:27:4f:49:e7:55:e6:75:92:3c:c4:dc:ab:
                    dc:59:fb:df:75:28:9b:01:6c:2f:a4:09:c2:60:33:
                    3e:b9:86:5d:db:82:68:79:38:49:68:3e:13:27:3f:
                    64:31:42:f3:e4:b3:26:3f:5c:1d:7c:76:2a:82:dc:
                    28:88:ab:87:52:53:81:f1:1e:31:0f:ef:a2:e5:f3:
                    1a:9c:da:9a:81:6f:7d:ff:84:3b:ad:f7:6b:8c:fe:
                    4a:55:7c:a1:1f:03:b6:00:1b:4d:44:ba:5e:1f:d2:
                    40:06:8f:43:8a:df:8c:28:c0:1e:c3:4f:a4:7f:bf:
                    31:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:48:8E:ED:74:C6:2F:24:98:08:28:8B:F8:DC:A7:03:1F:DE:33:2D
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a08b99a-284f-4e69-83b1-fbfba94e7f22.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.55.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         74:30:1b:85:9d:de:ee:9a:51:07:b5:72:57:67:ea:1c:d6:6e:
         de:f1:aa:34:24:d6:43:e8:ec:cb:19:af:f6:71:5a:c8:9c:85:
         04:5a:71:b7:40:1c:78:2f:7d:73:6c:ef:12:28:8a:df:3e:3d:
         ce:6b:1d:aa:1e:b3:6e:7c:19:8a:77:d4:8e:f2:f3:af:77:07:
         2f:89:d3:0f:5e:2c:43:6b:71:0f:a9:a6:6b:5d:42:eb:f9:ad:
         d3:1b:33:3e:d4:2e:7b:a6:30:c1:70:00:91:c6:57:80:c4:24:
         56:e6:f9:de:5e:85:73:6b:e5:35:cf:01:2b:b4:04:1e:ee:35:
         7f:6a:08:05:5a:b6:70:4d:73:dc:47:6c:07:09:34:e2:ed:c2:
         57:8e:9a:68:e3:97:89:7b:c3:22:44:e3:36:59:d9:94:ef:3f:
         f5:04:3b:bd:89:4c:bc:bb:52:fb:96:9a:1a:d7:c9:dd:b0:83:
         9b:64:d6:a0:aa:db:a1:e6:02:38:b3:ce:59:53:d6:e9:c2:3a:
         b9:13:c5:70:b3:05:dd:bb:62:c4:cc:ee:48:a1:02:22:11:44:
         77:ed:5e:fe:cd:f5:51:f3:51:3b:85:01:e6:03:ff:f0:83:c4:
         17:97:51:18:b6:2f:5b:76:82:c4:c3:5c:c6:aa:93:19:25:6d:
         94:d9:d7:13
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUPckuckualmQZLGM8hjrQSXAItZ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGVjMWViYjkyYzlkOWZmNWYyOGE0ZDYwZGM1ZmM3YTVlYjhmYzFmMzlhYTMw
Nzc4ZjFjYjE1YjU0MGIyZTUwOGQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPW0u4iTHoac6j4uJUq3VLHJHifxx2yg2ropxRnXbRYDmGdZflrX+4ZlmL7i
KHY56YefKSjHYZ9W0n0tVStdIxm1oEegGIL9JbZRcHiBuJSCU4lxzBfJmWPzwy8Z
zlqQwlJ12JZC+8BrLKmV12jEtNkIRFZE1ajCd6l8qclWOVZ5TUbWYpbj7IUaJ09J
51XmdZI8xNyr3Fn733UomwFsL6QJwmAzPrmGXduCaHk4SWg+Eyc/ZDFC8+SzJj9c
HXx2KoLcKIirh1JTgfEeMQ/vouXzGpzamoFvff+EO633a4z+SlV8oR8DtgAbTUS6
Xh/SQAaPQ4rfjCjAHsNPpH+/Md0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQCSI7t
dMYvJJgIKIv43KcDH94zLTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWEwOGI5OWEtMjg0Zi00ZTY5LTgzYjEtZmJmYmE5NGU3ZjIyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJE3MA0G
CSqGSIb3DQEBCwUAA4IBAQB0MBuFnd7umlEHtXJXZ+oc1m7e8ao0JNZD6OzLGa/2
cVrInIUEWnG3QBx4L31zbO8SKIrfPj3Oax2qHrNufBmKd9SO8vOvdwcvidMPXixD
a3EPqaZrXULr+a3TGzM+1C57pjDBcACRxleAxCRW5vneXoVza+U1zwErtAQe7jV/
aggFWrZwTXPcR2wHCTTi7cJXjppo45eJe8MiROM2WdmU7z/1BDu9iUy8u1L7lpoa
18ndsIObZNagqtuh5gI4s85ZU9bpwjq5E8VwswXdu2LEzO5IoQIiEUR37V7+zfVR
81E7hQHmA//wg8QXl1EYti9bdoLEw1zGqpMZJW2U2dcT
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:24 2024 by rpki-client on console-fra.rpki-client.org