Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a02f9994-3943-4a2f-8467-87935bf3bf9e.roa
File:                     a02f9994-3943-4a2f-8467-87935bf3bf9e.roa (raw, json)
Hash identifier:          V1F9uqfP8z8ncraEDxQxcD3sz9oid5UZpeTsScRRTUg=
Subject key identifier:   57:F2:A3:78:36:8D:71:C7:C4:6C:78:90:C5:CD:E8:08:F0:20:E2:82
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       542CB1D84ACF568A3034BB8144DEADDA9D4C4521
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a02f9994-3943-4a2f-8467-87935bf3bf9e.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.69.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:2c:b1:d8:4a:cf:56:8a:30:34:bb:81:44:de:ad:da:9d:4c:45:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=ba9f8ab6854ff70bd094094a90fb926de221b48d18c396c323fc91d714a3034e, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:62:8f:66:9f:0c:c9:11:31:84:f4:fb:4f:d6:
                    59:7f:cf:fb:e2:60:04:54:9e:22:91:a3:bf:0b:6b:
                    42:67:5c:fd:01:3c:a6:1b:89:5d:29:e9:43:a9:7b:
                    4c:16:33:3c:d0:78:51:74:10:bf:78:81:e4:b1:f8:
                    99:8e:a6:45:bf:a4:d3:83:7d:2c:08:f3:5e:65:40:
                    fa:9e:05:b2:17:58:56:93:27:02:64:16:f1:71:e3:
                    9c:7a:e3:a3:8f:33:03:cb:b4:ca:e9:d8:50:30:72:
                    90:14:ea:b4:a7:ba:d5:97:84:0b:ff:16:14:69:e9:
                    be:1d:1c:b1:6f:8c:ff:b1:5d:11:65:9f:fb:6b:04:
                    6d:97:e7:61:ba:ef:84:22:b9:6f:86:67:ed:f3:28:
                    57:52:b1:35:31:62:b2:13:a8:a6:87:82:4a:63:ca:
                    43:23:6f:19:7d:38:98:a9:16:c4:f0:71:a1:f9:72:
                    fc:0b:f6:db:6a:62:a9:04:0a:d9:cf:e7:67:e4:c4:
                    98:48:38:14:86:da:51:46:0f:7e:d5:b7:59:7f:12:
                    67:d5:28:3b:c0:b4:ea:24:f2:da:f1:47:5d:32:46:
                    71:10:65:f3:d3:3b:02:d5:16:92:2c:b4:85:be:80:
                    90:75:67:16:84:8a:18:59:cf:67:d1:42:a1:38:01:
                    ae:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:F2:A3:78:36:8D:71:C7:C4:6C:78:90:C5:CD:E8:08:F0:20:E2:82
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a02f9994-3943-4a2f-8467-87935bf3bf9e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.69.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2d:40:f6:0c:74:4e:a2:5b:ab:d7:d3:66:4b:27:8a:74:11:e6:
         27:58:38:da:2e:39:79:c5:8e:64:ca:e3:7d:3a:ad:fc:61:03:
         3c:7d:eb:9a:a2:53:98:9b:99:e9:6d:6a:5b:87:2f:30:df:13:
         5c:9e:86:df:df:3e:81:c5:35:b0:8a:de:31:d9:13:36:ed:4c:
         4c:34:9b:88:67:69:69:ee:e0:0d:d0:ad:6e:9d:bc:63:2f:89:
         ea:12:4d:16:d0:71:eb:94:90:7c:aa:e1:3b:7a:76:bd:bd:2b:
         1c:76:26:5b:84:4c:3e:a5:75:13:99:e2:97:32:fe:c0:d9:ab:
         0b:bb:68:4c:7e:f4:b7:03:91:fa:d4:10:c3:b4:9c:3b:51:0c:
         e1:b8:7f:c2:da:0c:f0:ce:67:11:5a:09:53:94:3d:0f:5a:e0:
         9e:c2:d6:5c:40:45:7e:2f:c8:44:be:dc:a6:a8:40:d6:21:6f:
         84:b5:ea:5d:7e:1b:d3:9b:0b:13:28:d0:2f:69:31:98:bd:f7:
         d6:ba:03:73:97:91:64:58:ae:1f:14:b2:f0:c3:23:54:eb:ab:
         69:c4:1b:66:f6:d0:b3:95:1e:28:81:92:a3:4a:e5:75:90:84:
         15:5d:a4:cc:1a:3f:2f:a5:d8:68:4e:2c:a4:3a:7b:f4:b9:20:
         53:1c:17:f9
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUVCyx2ErPVoowNLuBRN6t2p1MRSEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGJhOWY4YWI2ODU0ZmY3MGJkMDk0MDk0YTkwZmI5MjZkZTIyMWI0OGQxOGMz
OTZjMzIzZmM5MWQ3MTRhMzAzNGUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKJij2afDMkRMYT0+0/WWX/P++JgBFSeIpGjvwtrQmdc/QE8phuJXSnpQ6l7
TBYzPNB4UXQQv3iB5LH4mY6mRb+k04N9LAjzXmVA+p4FshdYVpMnAmQW8XHjnHrj
o48zA8u0yunYUDBykBTqtKe61ZeEC/8WFGnpvh0csW+M/7FdEWWf+2sEbZfnYbrv
hCK5b4Zn7fMoV1KxNTFishOopoeCSmPKQyNvGX04mKkWxPBxofly/Av222piqQQK
2c/nZ+TEmEg4FIbaUUYPftW3WX8SZ9UoO8C06iTy2vFHXTJGcRBl89M7AtUWkiy0
hb6AkHVnFoSKGFnPZ9FCoTgBrosCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRX8qN4
No1xx8RseJDFzegI8CDigjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YTAyZjk5OTQtMzk0My00YTJmLTg0NjctODc5MzViZjNiZjllLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNFMA0G
CSqGSIb3DQEBCwUAA4IBAQAtQPYMdE6iW6vX02ZLJ4p0EeYnWDjaLjl5xY5kyuN9
Oq38YQM8feuaolOYm5npbWpbhy8w3xNcnobf3z6BxTWwit4x2RM27UxMNJuIZ2lp
7uAN0K1unbxjL4nqEk0W0HHrlJB8quE7ena9vSscdiZbhEw+pXUTmeKXMv7A2asL
u2hMfvS3A5H61BDDtJw7UQzhuH/C2gzwzmcRWglTlD0PWuCewtZcQEV+L8hEvtym
qEDWIW+EtepdfhvTmwsTKNAvaTGYvffWugNzl5FkWK4fFLLwwyNU66tpxBtm9tCz
lR4ogZKjSuV1kIQVXaTMGj8vpdhoTiykOnv0uSBTHBf5
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:20 2024 by rpki-client on console-fra.rpki-client.org