Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a17c3105-7086-48e5-a3b7-e8b528c5b9c2.roa
File:                     a17c3105-7086-48e5-a3b7-e8b528c5b9c2.roa (raw, json)
Hash identifier:          HbJNXTIgl8+S7O6ZPo5hxuQzUwNNtqEN00m7ZorjwPY=
Subject key identifier:   E1:D7:A7:21:B8:7A:4D:18:39:65:88:37:12:DB:6B:09:7E:F4:B7:75
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       07DF7358A63460E530D455DF0B1F023A35DDFBDC
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a17c3105-7086-48e5-a3b7-e8b528c5b9c2.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.172.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:df:73:58:a6:34:60:e5:30:d4:55:df:0b:1f:02:3a:35:dd:fb:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=76cb291aa5bfbc2ca9548b682849aa0b1ffb444b8df8d5bb8cb8b0ace79f8d0b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:20:32:a8:19:aa:d8:25:9c:17:48:2d:43:52:
                    2d:e2:cf:87:b3:d6:26:7c:e7:95:f9:b0:d9:fc:7e:
                    3b:27:28:b3:ea:6d:9f:79:a6:14:13:34:33:2e:f1:
                    e3:33:de:2d:a3:95:f7:aa:db:ee:e2:1a:de:69:25:
                    c1:da:dd:56:c1:06:dc:e8:47:0b:d5:a6:cd:61:96:
                    8c:79:6f:d8:d8:3a:54:38:2b:dd:78:ed:1d:f0:11:
                    0a:86:e3:3f:91:67:ae:2e:bb:ec:2b:5e:88:3f:3e:
                    69:75:a3:cf:01:8b:57:3e:a1:92:bf:1b:d6:51:54:
                    56:ba:33:b5:f7:c7:a3:26:96:3c:f4:d8:ce:5a:42:
                    f5:52:c8:07:50:d7:40:f1:5e:3d:52:dc:9e:ff:e5:
                    c2:bc:8d:f7:e7:87:16:9f:a4:17:89:eb:6c:e8:0f:
                    6a:aa:79:88:84:df:27:51:62:20:75:ed:43:2a:32:
                    bf:13:1e:ec:f2:a0:73:2c:6e:6d:d6:9b:61:d7:d3:
                    2a:77:9f:16:70:fa:f3:7a:e2:3e:98:d8:83:ea:da:
                    af:0f:c9:07:8a:56:39:9a:e5:94:7d:1f:39:57:fb:
                    d3:3a:b1:c8:e5:75:57:93:ef:57:0f:63:e6:e1:53:
                    43:99:9b:5c:ad:20:1e:3d:67:d0:b1:5b:e2:00:c2:
                    a3:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:D7:A7:21:B8:7A:4D:18:39:65:88:37:12:DB:6B:09:7E:F4:B7:75
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a17c3105-7086-48e5-a3b7-e8b528c5b9c2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.172.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         2e:b4:61:5d:08:b1:c7:18:b5:e4:c0:5d:50:29:1b:4e:b2:94:
         36:b8:7a:d6:aa:40:cc:8a:b4:15:aa:c6:de:78:73:50:29:46:
         aa:8a:19:5e:99:a0:5c:c3:ba:6f:f3:8f:ab:87:01:ea:36:f0:
         2b:60:27:bb:f1:62:7d:98:48:b5:b3:9e:96:41:b4:81:86:c2:
         e1:2c:44:17:c3:ab:1e:d2:19:3f:2d:4e:49:27:01:64:09:e7:
         66:d5:9f:d6:67:b1:cf:96:2b:73:8b:3f:62:39:9d:41:36:d9:
         ed:33:74:92:01:90:c1:18:1c:3d:c9:f1:f9:91:d8:f5:ec:07:
         72:8b:2e:53:37:82:31:13:2a:64:4e:df:e6:6a:c7:b4:62:bb:
         5a:99:83:b7:a1:f6:38:56:07:e9:56:f6:c5:97:6d:4e:6a:93:
         ec:04:57:d5:ee:20:67:4f:64:a0:98:e0:3f:03:c0:40:b4:9b:
         dc:7e:77:0b:4e:f6:6b:ba:55:4b:85:65:19:bf:9c:7d:0f:84:
         f3:89:85:35:a4:44:ab:4e:55:f0:1e:56:ec:5e:73:07:ba:56:
         f3:66:cc:bf:1e:ab:b9:09:4f:e9:21:98:31:26:ae:61:1e:70:
         aa:d4:4f:7e:1c:02:78:64:3c:8b:fc:33:60:9e:c7:3a:35:e6:
         e3:f3:ed:9f
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUB99zWKY0YOUw1FXfCx8COjXd+9wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDc2Y2IyOTFhYTViZmJjMmNhOTU0OGI2ODI4NDlhYTBiMWZmYjQ0NGI4ZGY4
ZDViYjhjYjhiMGFjZTc5ZjhkMGIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN8gMqgZqtglnBdILUNSLeLPh7PWJnznlfmw2fx+Oycos+ptn3mmFBM0My7x
4zPeLaOV96rb7uIa3mklwdrdVsEG3OhHC9WmzWGWjHlv2Ng6VDgr3XjtHfARCobj
P5Fnri677CteiD8+aXWjzwGLVz6hkr8b1lFUVroztffHoyaWPPTYzlpC9VLIB1DX
QPFePVLcnv/lwryN9+eHFp+kF4nrbOgPaqp5iITfJ1FiIHXtQyoyvxMe7PKgcyxu
bdabYdfTKnefFnD683riPpjYg+rarw/JB4pWOZrllH0fOVf70zqxyOV1V5PvVw9j
5uFTQ5mbXK0gHj1n0LFb4gDCowkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTh16ch
uHpNGDlliDcS22sJfvS3dTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YTE3YzMxMDUtNzA4Ni00OGU1LWEzYjctZThiNTI4YzViOWMyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOsMA0G
CSqGSIb3DQEBCwUAA4IBAQAutGFdCLHHGLXkwF1QKRtOspQ2uHrWqkDMirQVqsbe
eHNQKUaqihlemaBcw7pv84+rhwHqNvArYCe78WJ9mEi1s56WQbSBhsLhLEQXw6se
0hk/LU5JJwFkCedm1Z/WZ7HPlitziz9iOZ1BNtntM3SSAZDBGBw9yfH5kdj17Ady
iy5TN4IxEypkTt/mase0YrtamYO3ofY4VgfpVvbFl21OapPsBFfV7iBnT2SgmOA/
A8BAtJvcfncLTvZrulVLhWUZv5x9D4TziYU1pESrTlXwHlbsXnMHulbzZsy/Hqu5
CU/pIZgxJq5hHnCq1E9+HAJ4ZDyL/DNgnsc6Nebj8+2f
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:20 2024 by rpki-client on console-fra.rpki-client.org