Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a4d0611b-6ace-49c7-bbb6-ff031993f658.roa
File:                     a4d0611b-6ace-49c7-bbb6-ff031993f658.roa (raw, json)
Hash identifier:          aJER/i4/P0dkXNLcaOiexFk8Hx7t91NIDZT5ixZCaGw=
Subject key identifier:   16:59:FE:C8:68:E9:4D:4E:88:81:01:27:98:36:C6:C2:FE:BD:3F:C4
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5C64D4C51659F2E1E875FB8430382294819ACEEA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a4d0611b-6ace-49c7-bbb6-ff031993f658.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.112.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:64:d4:c5:16:59:f2:e1:e8:75:fb:84:30:38:22:94:81:9a:ce:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=d52e90fa8b09daa91e88f7c98123a72d7abd3bd164aab9e34416a31d945f4ff0, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2c:bc:6f:ae:9a:0f:ce:1b:38:4a:42:f7:50:
                    e0:a0:29:59:0a:3d:d0:3c:3e:be:76:7e:6c:40:4c:
                    9e:ea:13:ee:53:73:ad:ed:56:ed:f1:73:b1:73:ca:
                    bd:f4:d6:86:e7:5b:85:41:80:2f:66:75:2b:b2:8d:
                    89:4c:c5:8d:6b:8e:cc:52:a5:7c:11:28:b6:2c:fb:
                    92:d3:94:a4:ad:7a:5b:d0:1f:7d:69:2f:98:93:62:
                    8e:d4:12:ad:60:d9:c9:a2:70:01:e8:70:30:1f:85:
                    1d:95:41:c9:91:90:1c:29:60:00:a9:7f:17:84:85:
                    6e:a3:70:22:1e:60:8e:68:0d:4c:9c:f9:44:e8:98:
                    b0:34:c7:1f:33:82:d6:9d:46:52:2d:b1:14:ed:6c:
                    de:87:8a:70:91:77:1e:ba:1b:21:2d:e6:4c:56:2b:
                    1b:96:32:a9:01:29:c1:b7:f8:08:f6:d5:72:37:8f:
                    5b:68:05:e2:65:7c:3f:d3:ed:c9:6c:5c:4b:fb:26:
                    a5:52:40:a5:d8:21:d8:4e:1e:16:18:59:18:3b:63:
                    7d:89:39:f4:33:87:bc:f1:43:f2:7d:ff:ad:cb:ad:
                    f2:21:de:a9:fa:0c:88:e4:9b:c3:00:de:c8:c5:63:
                    49:08:8a:a0:ba:49:69:a5:cc:13:86:11:d5:77:14:
                    40:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:59:FE:C8:68:E9:4D:4E:88:81:01:27:98:36:C6:C2:FE:BD:3F:C4
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a4d0611b-6ace-49c7-bbb6-ff031993f658.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.112.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         3b:99:18:e6:b4:85:08:92:f5:eb:cc:5b:8f:65:36:c9:80:51:
         0f:c6:f7:02:a6:2c:4d:66:72:b8:d7:86:67:7c:1c:c7:f2:a7:
         65:0a:ce:b4:27:06:c6:83:74:bd:49:12:81:ce:ea:3e:2d:a2:
         cb:6b:06:d5:74:e9:65:b3:8d:f3:e9:d7:ec:d4:92:6d:7b:f8:
         6d:60:11:8a:e0:ee:2f:a5:10:56:2b:15:a4:42:73:b5:e9:97:
         9e:96:69:02:a9:b2:e1:6d:68:7b:07:26:0e:86:ff:60:92:c0:
         18:32:44:a1:1b:08:a9:21:0b:a1:7c:25:0e:46:53:67:6b:e4:
         35:d9:0e:f0:c2:97:39:61:8b:b0:7a:1f:5b:95:20:9f:14:e9:
         f3:63:b4:95:eb:5c:1f:ab:f3:8a:eb:77:c8:2a:03:cf:06:ef:
         37:07:a1:53:58:c3:8a:87:43:0f:36:66:6e:aa:48:d6:f3:61:
         10:f7:d9:1d:d8:3f:8d:0b:1c:62:bc:4e:21:90:23:bc:9e:4a:
         2e:05:d7:c3:ab:59:aa:27:39:33:bf:82:c2:a2:11:52:db:7c:
         c9:b6:f1:87:98:a0:dc:22:7c:2b:f1:6a:85:9e:ab:db:91:5f:
         3f:f1:27:10:6a:cc:2b:1c:3f:5e:bc:01:8e:9f:96:5f:3a:06:
         4c:ca:10:3e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXGTUxRZZ8uHodfuEMDgilIGazuowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ1MmU5MGZhOGIwOWRhYTkxZTg4ZjdjOTgxMjNhNzJkN2FiZDNiZDE2NGFh
YjllMzQ0MTZhMzFkOTQ1ZjRmZjAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALwsvG+umg/OGzhKQvdQ4KApWQo90Dw+vnZ+bEBMnuoT7lNzre1W7fFzsXPK
vfTWhudbhUGAL2Z1K7KNiUzFjWuOzFKlfBEotiz7ktOUpK16W9AffWkvmJNijtQS
rWDZyaJwAehwMB+FHZVByZGQHClgAKl/F4SFbqNwIh5gjmgNTJz5ROiYsDTHHzOC
1p1GUi2xFO1s3oeKcJF3HrobIS3mTFYrG5YyqQEpwbf4CPbVcjePW2gF4mV8P9Pt
yWxcS/smpVJApdgh2E4eFhhZGDtjfYk59DOHvPFD8n3/rcut8iHeqfoMiOSbwwDe
yMVjSQiKoLpJaaXME4YR1XcUQMcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQWWf7I
aOlNToiBASeYNsbC/r0/xDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YTRkMDYxMWItNmFjZS00OWM3LWJiYjYtZmYwMzE5OTNmNjU4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNwMA0G
CSqGSIb3DQEBCwUAA4IBAQA7mRjmtIUIkvXrzFuPZTbJgFEPxvcCpixNZnK414Zn
fBzH8qdlCs60JwbGg3S9SRKBzuo+LaLLawbVdOlls43z6dfs1JJte/htYBGK4O4v
pRBWKxWkQnO16ZeelmkCqbLhbWh7ByYOhv9gksAYMkShGwipIQuhfCUORlNna+Q1
2Q7wwpc5YYuweh9blSCfFOnzY7SV61wfq/OK63fIKgPPBu83B6FTWMOKh0MPNmZu
qkjW82EQ99kd2D+NCxxivE4hkCO8nkouBdfDq1mqJzkzv4LCohFS23zJtvGHmKDc
Inwr8WqFnqvbkV8/8ScQaswrHD9evAGOn5ZfOgZMyhA+
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:20 2024 by rpki-client on console-fra.rpki-client.org