Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9c5a1a14-73c1-4c49-8b22-7d10c4379e08.roa
File:                     9c5a1a14-73c1-4c49-8b22-7d10c4379e08.roa (raw, json)
Hash identifier:          zKV82xpU8N9w1lMsqjeL60wR/oMkQ2Wf3OlLYmekIvc=
Subject key identifier:   3A:5B:83:0D:76:F3:44:06:4C:7A:5E:78:FC:DF:CE:CE:7F:9C:0A:CB
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6A3F321EED9972B55BEA77BA2792A44DD82ABC05
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9c5a1a14-73c1-4c49-8b22-7d10c4379e08.roa
Signing time:             Wed 27 Mar 2024 00:00:00 +0000
ROA not before:           Wed 27 Mar 2024 00:00:00 +0000
ROA not after:            Wed 01 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.70.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:3f:32:1e:ed:99:72:b5:5b:ea:77:ba:27:92:a4:4d:d8:2a:bc:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 27 00:00:00 2024 GMT
            Not After : May  1 23:59:59 2024 GMT
        Subject: serialNumber=420e9ef0a5880e871aee75ee29e61f497b52623269b0122b222ad292c0593ee9, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:36:32:f0:fe:23:8f:3d:1e:cd:5c:3f:2a:f8:
                    ea:0b:2d:19:aa:66:b3:f0:fc:08:91:06:62:01:9a:
                    d7:d1:33:6f:4f:f1:3f:7a:53:77:ba:1e:82:c1:0e:
                    cf:05:2e:c3:c8:23:33:6d:c5:99:ab:e6:e0:7d:cf:
                    8a:78:b7:1a:86:1c:4b:60:ee:ed:75:42:00:51:73:
                    39:ef:c7:65:d2:b0:a4:78:08:aa:a2:13:a4:97:82:
                    e8:96:b6:d2:54:f4:88:4c:31:06:e7:d7:3a:46:88:
                    2e:f5:99:2a:d3:2a:cf:10:fd:b4:37:47:c3:38:c7:
                    b8:c3:d2:a3:db:d4:b3:ff:6b:c8:86:52:d7:8b:8b:
                    f0:21:dc:47:6e:3c:12:81:1f:78:d5:f8:f5:24:ff:
                    00:b5:f4:e1:81:7f:9d:c6:4a:4b:10:a0:12:3e:ff:
                    3b:a2:ef:20:f5:8a:a8:95:9a:ce:6c:9d:a1:af:fe:
                    7e:ba:8a:13:c5:1a:79:5d:96:7d:7e:40:49:31:39:
                    ff:cf:4c:56:e6:36:00:48:02:b7:0c:b8:ee:d8:b4:
                    18:67:88:0f:f3:4d:cb:45:9b:95:5b:70:17:ce:6d:
                    12:ae:71:c7:ed:11:d5:70:b1:5c:ec:b3:14:54:ca:
                    df:e8:91:d1:48:88:2e:b5:a0:79:73:9d:d2:11:b0:
                    f7:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:5B:83:0D:76:F3:44:06:4C:7A:5E:78:FC:DF:CE:CE:7F:9C:0A:CB
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9c5a1a14-73c1-4c49-8b22-7d10c4379e08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.70.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         72:b1:12:70:8a:2e:c4:bd:d0:67:8c:fa:3b:65:8d:be:bd:9f:
         51:59:02:ac:b4:9b:c8:d9:51:60:2b:04:74:be:34:34:ec:b9:
         3f:22:2c:8d:45:9c:88:f5:3d:5e:b9:81:6a:63:39:bb:17:5e:
         ef:a5:30:51:e0:db:10:ec:01:81:30:8e:31:ac:02:6d:0e:45:
         e1:1d:b0:f7:f0:0f:10:14:34:cf:47:81:48:00:21:5b:05:19:
         d7:46:b3:83:0a:04:74:9f:d7:85:77:50:85:40:7f:e5:58:90:
         95:a6:19:f5:ed:46:61:5c:56:60:22:f5:f1:25:d4:16:45:b1:
         43:b6:3c:7b:94:f2:9e:23:e9:29:78:8f:2e:dc:64:4f:75:d5:
         bc:49:51:22:5a:97:f7:44:c2:e1:f2:24:a3:3e:f3:a0:1d:08:
         69:72:52:10:40:62:87:cd:58:d0:c3:07:60:8a:45:f0:11:f1:
         b9:e9:9a:7a:ed:53:ca:c2:50:2b:83:a0:63:b5:96:3a:ad:57:
         73:aa:6e:70:a3:ac:78:79:81:b0:18:43:84:d5:19:3a:35:6e:
         bc:12:71:60:44:d7:75:48:6b:9a:72:07:9e:84:4a:ae:0e:6f:
         7c:79:86:22:0b:e0:60:2b:cd:2a:0d:1e:37:36:a9:5d:7c:3c:
         9e:fb:54:6c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUaj8yHu2ZcrVb6ne6J5KkTdgqvAUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMjcwMDAwMDBaFw0yNDA1MDEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQyMGU5ZWYwYTU4ODBlODcxYWVlNzVlZTI5ZTYxZjQ5N2I1MjYyMzI2OWIw
MTIyYjIyMmFkMjkyYzA1OTNlZTkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANY2MvD+I489Hs1cPyr46gstGapms/D8CJEGYgGa19Ezb0/xP3pTd7oegsEO
zwUuw8gjM23Fmavm4H3Pini3GoYcS2Du7XVCAFFzOe/HZdKwpHgIqqITpJeC6Ja2
0lT0iEwxBufXOkaILvWZKtMqzxD9tDdHwzjHuMPSo9vUs/9ryIZS14uL8CHcR248
EoEfeNX49ST/ALX04YF/ncZKSxCgEj7/O6LvIPWKqJWazmydoa/+frqKE8UaeV2W
fX5ASTE5/89MVuY2AEgCtwy47ti0GGeID/NNy0WblVtwF85tEq5xx+0R1XCxXOyz
FFTK3+iR0UiILrWgeXOd0hGw9xUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ6W4MN
dvNEBkx6Xnj8387Of5wKyzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWM1YTFhMTQtNzNjMS00YzQ5LThiMjItN2QxMGM0Mzc5ZTA4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNGMA0G
CSqGSIb3DQEBCwUAA4IBAQBysRJwii7EvdBnjPo7ZY2+vZ9RWQKstJvI2VFgKwR0
vjQ07Lk/IiyNRZyI9T1euYFqYzm7F17vpTBR4NsQ7AGBMI4xrAJtDkXhHbD38A8Q
FDTPR4FIACFbBRnXRrODCgR0n9eFd1CFQH/lWJCVphn17UZhXFZgIvXxJdQWRbFD
tjx7lPKeI+kpeI8u3GRPddW8SVEiWpf3RMLh8iSjPvOgHQhpclIQQGKHzVjQwwdg
ikXwEfG56Zp67VPKwlArg6BjtZY6rVdzqm5wo6x4eYGwGEOE1Rk6NW68EnFgRNd1
SGuacgeehEquDm98eYYiC+BgK80qDR43NqldfDye+1Rs
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:24 2024 by rpki-client on console-fra.rpki-client.org