Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ab1e8156-1e29-44e7-a78d-0697ecae5b91.roa
File:                     ab1e8156-1e29-44e7-a78d-0697ecae5b91.roa (raw, json)
Hash identifier:          tFXRQAqvhAg+9lOpYyEH7z41fq+/w4eAvWXmvbByuz8=
Subject key identifier:   4B:96:3D:08:EC:74:88:97:F4:9E:D1:5A:30:A8:59:EB:75:A8:62:7E
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       4C8EF4BE7261949DEBDAF69DB339CB4C5FFE9C28
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ab1e8156-1e29-44e7-a78d-0697ecae5b91.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        193.186.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:8e:f4:be:72:61:94:9d:eb:da:f6:9d:b3:39:cb:4c:5f:fe:9c:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=b1fbb7da8cedfaed0432b8e45efafdbd297d06cd765882d93163525984145a39, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:44:cc:1e:bf:27:54:c8:30:ad:60:4b:ea:f3:
                    0c:a1:70:cc:16:7d:18:af:59:86:3d:9a:b5:93:e5:
                    93:14:2b:cd:f1:67:f6:32:d4:62:0e:41:0d:bf:bb:
                    4d:80:d5:1f:e8:43:8c:eb:d8:30:6f:3a:ef:56:83:
                    8a:08:7a:23:6b:bb:50:c9:b7:15:ed:b1:8e:db:0c:
                    c6:d5:b2:33:3d:f2:51:83:2a:85:28:28:b0:6a:75:
                    ed:9e:00:0a:e2:a3:c0:f1:be:e5:0d:a7:41:7d:b2:
                    91:e8:ca:d6:0e:70:38:8c:29:a3:48:e1:3d:58:f8:
                    f6:9f:fb:e0:bb:1d:0f:fd:88:51:d5:47:7f:25:00:
                    fb:7c:63:62:26:64:e9:f9:e1:b5:42:e8:c6:6c:85:
                    2b:e4:d5:3c:70:f3:c8:0b:70:16:43:ba:23:6d:ca:
                    3d:c2:18:00:5d:31:e2:37:3f:05:26:e7:e4:23:ea:
                    4a:e8:26:c1:76:47:dd:10:5a:cc:84:be:e7:74:76:
                    8b:74:d5:87:76:2e:0d:cc:a4:c0:6f:ad:83:a8:1a:
                    22:95:8b:bc:6a:89:71:9b:3b:46:07:ab:8c:89:29:
                    32:76:2a:78:57:96:80:ea:39:54:cf:a1:e0:e3:01:
                    27:c4:ab:33:32:cd:42:00:2f:65:bf:b5:c6:2f:c8:
                    b0:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:96:3D:08:EC:74:88:97:F4:9E:D1:5A:30:A8:59:EB:75:A8:62:7E
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ab1e8156-1e29-44e7-a78d-0697ecae5b91.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.186.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:f5:49:02:a3:27:c4:24:90:49:af:9e:70:65:61:1c:5f:8c:
         71:98:78:68:4a:08:9a:64:d5:aa:e4:09:63:03:ce:80:25:39:
         bb:d9:9a:0c:2a:af:83:21:f1:67:87:92:82:c0:dc:72:b7:aa:
         ba:c8:3d:b3:68:c1:ff:47:d0:63:10:b4:d6:96:a0:4a:12:7b:
         04:3f:93:6a:60:96:80:bc:6a:ec:ee:73:54:85:68:26:7e:5a:
         e5:f8:a2:eb:92:40:8a:46:f0:66:5c:de:71:46:c3:a2:05:62:
         fd:c7:6c:9a:be:ba:a1:92:68:0f:82:40:81:e2:eb:9c:31:8c:
         74:57:4a:de:0f:2e:3a:9f:25:f4:79:e9:66:f8:1c:09:ce:d8:
         a2:25:06:ef:00:58:0f:64:4b:aa:bb:b6:0d:bd:e7:c0:90:65:
         0e:47:22:81:fc:c5:39:dd:89:1c:79:0a:bb:b2:ff:2b:9d:84:
         51:9d:9b:c0:6b:b6:94:af:78:b7:63:67:4e:be:91:d4:0f:b1:
         8c:b3:22:88:a1:65:79:22:97:da:ba:76:35:08:5a:c1:e7:03:
         6c:e4:ac:3a:86:a8:52:55:78:42:4e:33:b6:b8:e5:6a:b8:23:
         1c:19:2e:60:a6:ca:16:3c:c0:3f:e9:4c:a0:7d:62:48:ea:a8:
         b8:e4:c5:83
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUTI70vnJhlJ3r2vadsznLTF/+nCgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGIxZmJiN2RhOGNlZGZhZWQwNDMyYjhlNDVlZmFmZGJkMjk3ZDA2Y2Q3NjU4
ODJkOTMxNjM1MjU5ODQxNDVhMzkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANFEzB6/J1TIMK1gS+rzDKFwzBZ9GK9Zhj2atZPlkxQrzfFn9jLUYg5BDb+7
TYDVH+hDjOvYMG8671aDigh6I2u7UMm3Fe2xjtsMxtWyMz3yUYMqhSgosGp17Z4A
CuKjwPG+5Q2nQX2ykejK1g5wOIwpo0jhPVj49p/74LsdD/2IUdVHfyUA+3xjYiZk
6fnhtULoxmyFK+TVPHDzyAtwFkO6I23KPcIYAF0x4jc/BSbn5CPqSugmwXZH3RBa
zIS+53R2i3TVh3YuDcykwG+tg6gaIpWLvGqJcZs7RgerjIkpMnYqeFeWgOo5VM+h
4OMBJ8SrMzLNQgAvZb+1xi/IsEMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRLlj0I
7HSIl/Se0VowqFnrdahifjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YWIxZTgxNTYtMWUyOS00NGU3LWE3OGQtMDY5N2VjYWU1YjkxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMG60jAN
BgkqhkiG9w0BAQsFAAOCAQEAK/VJAqMnxCSQSa+ecGVhHF+McZh4aEoImmTVquQJ
YwPOgCU5u9maDCqvgyHxZ4eSgsDccrequsg9s2jB/0fQYxC01pagShJ7BD+TamCW
gLxq7O5zVIVoJn5a5fii65JAikbwZlzecUbDogVi/cdsmr66oZJoD4JAgeLrnDGM
dFdK3g8uOp8l9HnpZvgcCc7YoiUG7wBYD2RLqru2Db3nwJBlDkcigfzFOd2JHHkK
u7L/K52EUZ2bwGu2lK94t2NnTr6R1A+xjLMiiKFleSKX2rp2NQhawecDbOSsOoao
UlV4Qk4ztrjlargjHBkuYKbKFjzAP+lMoH1iSOqouOTFgw==
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:24 2024 by rpki-client on console-fra.rpki-client.org