Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a32b75d1-fb93-459a-bd22-b8f58bccecf3.roa
File:                     a32b75d1-fb93-459a-bd22-b8f58bccecf3.roa (raw, json)
Hash identifier:          kuxRTTLj4U7bc3KZdaqLh5oi/jTv3srED0qESbuqdR4=
Subject key identifier:   A1:BF:73:0E:F3:81:41:1A:3B:85:8A:F3:61:43:B9:34:EF:1C:D0:46
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6863F9D78DF424048131CC1CF0444990B85E571C
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a32b75d1-fb93-459a-bd22-b8f58bccecf3.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        51.0.128.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:63:f9:d7:8d:f4:24:04:81:31:cc:1c:f0:44:49:90:b8:5e:57:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=42c41252e30e8a6f77158fe515118a5d57db71965bc7e6d122778383e4f3d67a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:1d:a5:10:e0:5f:d6:78:3f:8b:48:23:98:78:
                    6b:ac:b3:f2:e8:81:be:b9:d1:4b:03:76:c0:6c:81:
                    97:6f:ac:2e:dc:b3:7f:3d:bc:e3:04:2b:5b:6b:fe:
                    ed:34:ea:30:7d:0a:57:96:b1:5f:31:c3:cf:47:23:
                    45:4b:cd:ec:fd:2f:99:35:fc:63:ad:3c:2b:04:41:
                    cb:09:b5:1e:c9:ff:b0:c6:dc:50:51:44:48:a1:d4:
                    13:58:ee:09:74:28:1d:df:93:7c:c1:5a:c7:a8:da:
                    77:5b:8a:bc:b3:12:2b:41:9a:46:65:27:0f:94:2e:
                    b4:f3:49:53:73:28:03:00:8c:da:29:63:9d:6f:7c:
                    a5:36:3e:99:36:09:b5:61:66:27:8a:0c:35:a4:26:
                    c7:c7:c1:fd:b1:7d:9c:8e:fd:a0:9e:b2:6a:df:e5:
                    d5:74:88:41:49:c7:de:af:fe:f3:c4:0c:ea:ab:dd:
                    2a:f3:ea:ec:9b:dc:18:14:3b:4e:d6:5a:10:8a:3b:
                    4c:86:cc:75:7f:c0:23:03:19:95:1b:31:7c:e6:4c:
                    e4:6c:5d:3b:a7:cc:23:09:50:ee:d6:a8:16:d3:d0:
                    39:d6:c4:3d:b7:39:59:97:28:f2:eb:a7:00:9d:25:
                    6d:5b:3d:c5:60:64:f1:76:28:85:19:9f:42:46:7e:
                    b9:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:BF:73:0E:F3:81:41:1A:3B:85:8A:F3:61:43:B9:34:EF:1C:D0:46
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a32b75d1-fb93-459a-bd22-b8f58bccecf3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.0.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         52:83:f7:8f:64:ae:a2:8e:09:81:85:3b:e7:13:53:11:4a:0c:
         de:17:b2:af:27:cf:3b:9f:67:3e:2c:db:4f:06:b0:e3:0c:cb:
         57:af:0e:94:c5:a8:80:24:fb:fe:58:e8:f7:09:d8:c3:f7:08:
         7e:c8:b1:14:0c:67:32:c1:25:1a:3e:44:9f:e4:72:7e:3f:c4:
         49:6f:56:0e:b1:ba:f9:e2:1f:91:61:1a:66:6a:75:2b:2c:dd:
         e7:07:ca:6b:f8:b4:b4:3b:be:ae:c5:40:74:e9:c4:54:89:58:
         05:a4:b2:df:0c:85:0c:92:d4:5a:23:94:67:f4:09:c1:4d:05:
         bf:90:96:49:15:bd:b6:c9:3b:53:41:12:9b:1c:f2:95:07:2d:
         cf:6e:d6:61:38:6e:36:d0:7c:2e:9a:57:18:c6:66:c4:31:53:
         ba:b8:8f:01:d6:8f:e1:52:6b:c8:78:b6:84:78:29:cc:34:02:
         96:4d:20:b8:d3:9f:d4:98:1d:31:84:50:d1:11:c8:e4:ee:14:
         38:7c:c8:35:84:0e:2f:68:0f:70:d0:dc:43:fa:68:b9:69:96:
         a7:17:a9:5d:59:36:10:06:71:5a:3c:ef:5a:41:90:06:0e:90:
         c9:54:48:d8:4d:a6:40:26:25:02:6e:03:6d:45:67:eb:88:e9:
         67:d5:c9:4f
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUaGP51430JASBMcwc8ERJkLheVxwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDQyYzQxMjUyZTMwZThhNmY3NzE1OGZlNTE1MTE4YTVkNTdkYjcxOTY1YmM3
ZTZkMTIyNzc4MzgzZTRmM2Q2N2ExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANsdpRDgX9Z4P4tII5h4a6yz8uiBvrnRSwN2wGyBl2+sLtyzfz284wQrW2v+
7TTqMH0KV5axXzHDz0cjRUvN7P0vmTX8Y608KwRBywm1Hsn/sMbcUFFESKHUE1ju
CXQoHd+TfMFax6jad1uKvLMSK0GaRmUnD5QutPNJU3MoAwCM2iljnW98pTY+mTYJ
tWFmJ4oMNaQmx8fB/bF9nI79oJ6yat/l1XSIQUnH3q/+88QM6qvdKvPq7JvcGBQ7
TtZaEIo7TIbMdX/AIwMZlRsxfOZM5GxdO6fMIwlQ7taoFtPQOdbEPbc5WZco8uun
AJ0lbVs9xWBk8XYohRmfQkZ+uWsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBShv3MO
84FBGjuFivNhQ7k07xzQRjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YTMyYjc1ZDEtZmI5My00NTlhLWJkMjItYjhmNThiY2NlY2YzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBzMAgDAN
BgkqhkiG9w0BAQsFAAOCAQEAUoP3j2Suoo4JgYU75xNTEUoM3heyryfPO59nPizb
Twaw4wzLV68OlMWogCT7/ljo9wnYw/cIfsixFAxnMsElGj5En+Ryfj/ESW9WDrG6
+eIfkWEaZmp1Kyzd5wfKa/i0tDu+rsVAdOnEVIlYBaSy3wyFDJLUWiOUZ/QJwU0F
v5CWSRW9tsk7U0ESmxzylQctz27WYThuNtB8LppXGMZmxDFTuriPAdaP4VJryHi2
hHgpzDQClk0guNOf1JgdMYRQ0RHI5O4UOHzINYQOL2gPcNDcQ/pouWmWpxepXVk2
EAZxWjzvWkGQBg6QyVRI2E2mQCYlAm4DbUVn64jpZ9XJTw==
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:20 2024 by rpki-client on console-fra.rpki-client.org