Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a9916a41-7c7f-4c1c-bcf2-b6e1b32b7dfb.roa
File:                     a9916a41-7c7f-4c1c-bcf2-b6e1b32b7dfb.roa (raw, json)
Hash identifier:          u6eJ7JnD/VmyxZse18dWulO07efsE7CLCJWGqPylHEU=
Subject key identifier:   F4:40:64:41:86:E6:60:DC:C6:7A:AD:9E:6E:2E:1D:6A:12:1D:38:49
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       4D1F33272472A56D13D0C915A06F1EE79D3A9952
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a9916a41-7c7f-4c1c-bcf2-b6e1b32b7dfb.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        51.212.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:1f:33:27:24:72:a5:6d:13:d0:c9:15:a0:6f:1e:e7:9d:3a:99:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=b8018926db03960dd1f0d5345be19954c7dae5fa5d1371481aaa2fe02b374823, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:6e:ef:5c:cc:b6:be:e3:87:5a:15:80:84:98:
                    b0:1e:f8:7b:f6:0e:16:f1:cc:77:b2:d2:65:c0:08:
                    c9:5b:62:40:27:22:6c:7b:94:ef:29:79:38:3a:34:
                    a5:71:09:72:eb:55:a7:8c:1d:0e:14:f0:fa:28:63:
                    f2:af:a5:a7:87:56:32:9c:7b:de:e3:87:85:41:00:
                    c6:a7:1a:c5:16:f4:84:40:6d:74:c8:64:a7:96:b6:
                    91:6c:ee:3d:31:50:18:e2:3d:63:d7:0b:a4:e7:35:
                    13:d8:b0:a7:a2:69:b7:8b:2e:26:40:f5:9e:a6:16:
                    1a:00:d3:76:33:a4:11:c3:f9:c4:24:5b:4d:71:54:
                    f7:c5:1d:f3:58:15:b1:9e:0e:78:01:16:2c:89:9a:
                    de:c4:c0:6e:65:84:cf:4a:7e:7d:b9:5c:8c:f4:8f:
                    90:44:53:97:35:26:7d:30:91:9d:b5:f5:63:56:64:
                    a9:2f:dc:94:1b:91:ae:9d:4b:c6:bc:cf:ca:4d:58:
                    a8:f0:2a:b7:17:4e:0b:3b:9a:e9:0e:15:33:15:d9:
                    8a:74:05:f4:fb:16:0b:53:8f:0f:ef:f1:2a:45:43:
                    34:12:1b:09:1b:cf:c5:b1:82:19:01:f6:04:f1:d3:
                    8f:fd:bb:0f:d3:f2:cf:9d:75:a2:2c:fe:a7:ee:c1:
                    f3:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:40:64:41:86:E6:60:DC:C6:7A:AD:9E:6E:2E:1D:6A:12:1D:38:49
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a9916a41-7c7f-4c1c-bcf2-b6e1b32b7dfb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.212.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         23:8a:76:16:65:d5:f9:bb:03:1c:7f:85:fe:02:f0:a9:b0:49:
         2c:be:00:66:d6:7b:ff:9d:1f:bb:ca:57:57:01:33:59:74:8b:
         64:27:0d:43:0a:27:87:76:9c:9a:d8:2a:e6:e5:69:ce:25:0e:
         9b:d3:0f:4c:fc:db:cf:74:bc:80:ef:b4:96:0f:fb:e1:2c:db:
         b5:f3:a5:d2:8a:c9:c9:c5:15:ba:74:e2:55:6e:1d:c3:cd:45:
         78:19:2f:6f:04:8f:bf:08:5f:7c:ab:94:95:41:e8:bb:f6:c2:
         0a:fd:97:ca:b4:85:de:05:b3:84:e4:f3:67:c2:a9:32:fa:c8:
         cd:da:4f:11:09:e5:b0:ae:b2:30:dc:11:ab:ab:a3:72:bf:16:
         2e:c1:50:b3:01:30:e3:e2:d3:ee:47:c1:2f:ff:96:1f:85:a8:
         0a:92:6d:d2:9f:cb:5d:0a:f9:ec:10:00:27:a2:dd:be:21:81:
         3a:d3:5a:28:d8:41:96:57:4d:e3:f6:e7:9a:7d:ec:08:6c:d0:
         14:11:23:6b:8f:53:71:28:b2:0f:22:8f:19:bd:2b:cc:47:b9:
         4f:86:db:96:eb:5f:23:d7:24:31:f7:f3:54:5c:62:47:1c:fa:
         54:5a:48:e8:ed:59:e5:d1:3b:96:b7:89:ff:3d:07:b5:41:44:
         9b:e7:62:03
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUTR8zJyRypW0T0MkVoG8e5506mVIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGI4MDE4OTI2ZGIwMzk2MGRkMWYwZDUzNDViZTE5OTU0YzdkYWU1ZmE1ZDEz
NzE0ODFhYWEyZmUwMmIzNzQ4MjMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKdu71zMtr7jh1oVgISYsB74e/YOFvHMd7LSZcAIyVtiQCcibHuU7yl5ODo0
pXEJcutVp4wdDhTw+ihj8q+lp4dWMpx73uOHhUEAxqcaxRb0hEBtdMhkp5a2kWzu
PTFQGOI9Y9cLpOc1E9iwp6Jpt4suJkD1nqYWGgDTdjOkEcP5xCRbTXFU98Ud81gV
sZ4OeAEWLIma3sTAbmWEz0p+fblcjPSPkERTlzUmfTCRnbX1Y1ZkqS/clBuRrp1L
xrzPyk1YqPAqtxdOCzua6Q4VMxXZinQF9PsWC1OPD+/xKkVDNBIbCRvPxbGCGQH2
BPHTj/27D9Pyz511oiz+p+7B81MCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBT0QGRB
huZg3MZ6rZ5uLh1qEh04STAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YTk5MTZhNDEtN2M3Zi00YzFjLWJjZjItYjZlMWIzMmI3ZGZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPUMA0G
CSqGSIb3DQEBCwUAA4IBAQAjinYWZdX5uwMcf4X+AvCpsEksvgBm1nv/nR+7yldX
ATNZdItkJw1DCieHdpya2Crm5WnOJQ6b0w9M/NvPdLyA77SWD/vhLNu186XSisnJ
xRW6dOJVbh3DzUV4GS9vBI+/CF98q5SVQei79sIK/ZfKtIXeBbOE5PNnwqky+sjN
2k8RCeWwrrIw3BGrq6NyvxYuwVCzATDj4tPuR8Ev/5YfhagKkm3Sn8tdCvnsEAAn
ot2+IYE601oo2EGWV03j9ueafewIbNAUESNrj1NxKLIPIo8ZvSvMR7lPhtuW618j
1yQx9/NUXGJHHPpUWkjo7Vnl0TuWt4n/PQe1QUSb52ID
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:28 2024 by rpki-client on console-ams.rpki-client.org