Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a273d8f1-d41a-494f-91c3-0ac75410919e.roa
File:                     a273d8f1-d41a-494f-91c3-0ac75410919e.roa (raw, json)
Hash identifier:          1a6Z9J5ie1bJHgE+WR2+DXESBI+7Bivicu2MF4ryAdg=
Subject key identifier:   1D:7B:9C:8C:25:EF:38:D8:1B:33:EC:5B:63:30:C7:00:8B:72:3C:DE
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       615785CDAA586F283B3163914B214210F2CE73ED
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a273d8f1-d41a-494f-91c3-0ac75410919e.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        83.118.240.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:57:85:cd:aa:58:6f:28:3b:31:63:91:4b:21:42:10:f2:ce:73:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=e97db7515b8ae07f3e1c67c04529c41088e49964013f2657c1ffaf8ea8ff4ce4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ba:03:3e:6e:2c:9f:5d:3c:e2:86:93:f9:03:
                    5e:79:f1:e3:ef:84:1e:ad:73:d4:a0:08:48:0a:94:
                    de:05:c0:d3:ce:45:94:72:2f:f0:7a:52:c4:d6:22:
                    f2:fb:46:e5:86:be:35:88:6f:25:95:9f:4d:69:c0:
                    24:7b:4d:14:3c:29:78:7b:c0:b3:4c:3f:e8:2a:4c:
                    7a:30:d4:58:ef:0f:5b:3a:fc:f5:7a:a1:33:39:d1:
                    ab:58:43:50:58:0b:8c:ab:26:96:10:c1:be:fa:b5:
                    1d:37:9a:63:09:f1:e9:2d:80:c4:cf:0b:19:68:bd:
                    61:45:9c:21:55:15:0d:75:ba:a2:b3:19:9f:27:1b:
                    ea:7a:a4:c5:8c:8c:5f:fe:f1:18:08:c3:0a:36:f7:
                    ac:a1:c6:1a:5e:90:76:59:48:25:29:5b:73:be:e0:
                    eb:d5:65:de:9b:49:ac:a1:fe:5f:e6:4b:7f:f1:38:
                    61:ef:58:a9:e9:7d:c2:a5:91:21:5e:49:92:c8:ef:
                    f2:4b:79:77:6f:ec:66:07:ca:09:5e:de:97:f0:d3:
                    87:50:4a:3c:4f:dc:88:de:b7:05:03:4b:3b:21:f2:
                    ae:86:5d:d7:50:9b:6c:4f:7d:37:25:e2:d2:2b:fc:
                    f1:f2:b1:e9:64:7e:f2:73:11:09:c2:6e:81:25:0a:
                    49:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:7B:9C:8C:25:EF:38:D8:1B:33:EC:5B:63:30:C7:00:8B:72:3C:DE
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a273d8f1-d41a-494f-91c3-0ac75410919e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.118.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         1a:0e:2d:dc:05:ac:22:1f:e7:85:82:0d:4a:6f:62:31:d6:47:
         41:77:da:6e:c3:30:59:5b:7b:7d:b9:7f:6c:d3:f8:90:9c:8f:
         61:cc:ff:46:2d:a6:0b:d9:da:c2:14:d9:45:51:b2:1d:a4:df:
         b0:b3:e6:14:99:5b:63:aa:3a:5a:2c:4c:7b:1c:3f:7f:62:38:
         b1:cf:8e:be:9e:a5:2e:80:e7:9e:74:27:9c:68:39:9d:ef:c8:
         97:d8:fb:c8:d3:02:6c:81:21:10:34:f0:2d:cf:57:5f:17:0a:
         ad:20:47:ee:11:b5:3f:2f:55:01:c7:d5:a4:04:7f:73:49:a9:
         0c:d4:a5:8e:3d:c0:9f:92:02:62:67:39:95:69:cf:bb:4b:f2:
         74:be:ad:5c:dc:c9:5f:aa:87:50:43:c2:2c:eb:68:c6:4c:ca:
         c3:bd:ae:e3:13:67:20:d9:8b:97:48:a1:10:c9:bf:a0:83:14:
         77:83:dd:0e:c3:67:da:e4:c2:0e:31:e6:80:1f:30:cf:dc:1c:
         36:4c:80:b2:6b:fc:a3:07:fb:cd:e3:7c:3d:8f:40:2d:03:f5:
         d1:cb:98:69:7d:bf:5d:e3:0d:ec:36:cf:c9:07:71:c5:1b:f8:
         3c:52:4c:71:5b:50:41:4c:49:d5:84:52:72:a5:46:53:8f:0a:
         f2:82:9a:29
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUYVeFzapYbyg7MWORSyFCEPLOc+0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGU5N2RiNzUxNWI4YWUwN2YzZTFjNjdjMDQ1MjljNDEwODhlNDk5NjQwMTNm
MjY1N2MxZmZhZjhlYThmZjRjZTQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKm6Az5uLJ9dPOKGk/kDXnnx4++EHq1z1KAISAqU3gXA085FlHIv8HpSxNYi
8vtG5Ya+NYhvJZWfTWnAJHtNFDwpeHvAs0w/6CpMejDUWO8PWzr89XqhMznRq1hD
UFgLjKsmlhDBvvq1HTeaYwnx6S2AxM8LGWi9YUWcIVUVDXW6orMZnycb6nqkxYyM
X/7xGAjDCjb3rKHGGl6QdllIJSlbc77g69Vl3ptJrKH+X+ZLf/E4Ye9Yqel9wqWR
IV5Jksjv8kt5d2/sZgfKCV7el/DTh1BKPE/ciN63BQNLOyHyroZd11CbbE99NyXi
0iv88fKx6WR+8nMRCcJugSUKSW8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQde5yM
Je842Bsz7FtjMMcAi3I83jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YTI3M2Q4ZjEtZDQxYS00OTRmLTkxYzMtMGFjNzU0MTA5MTllLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBFN28DAN
BgkqhkiG9w0BAQsFAAOCAQEAGg4t3AWsIh/nhYINSm9iMdZHQXfabsMwWVt7fbl/
bNP4kJyPYcz/Ri2mC9nawhTZRVGyHaTfsLPmFJlbY6o6WixMexw/f2I4sc+Ovp6l
LoDnnnQnnGg5ne/Il9j7yNMCbIEhEDTwLc9XXxcKrSBH7hG1Py9VAcfVpAR/c0mp
DNSljj3An5ICYmc5lWnPu0vydL6tXNzJX6qHUEPCLOtoxkzKw72u4xNnINmLl0ih
EMm/oIMUd4PdDsNn2uTCDjHmgB8wz9wcNkyAsmv8owf7zeN8PY9ALQP10cuYaX2/
XeMN7DbPyQdxxRv4PFJMcVtQQUxJ1YRScqVGU48K8oKaKQ==
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:28 2024 by rpki-client on console-ams.rpki-client.org