Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b0e4a315-0256-4fb7-917f-d9d79ce0c782.roa
File:                     b0e4a315-0256-4fb7-917f-d9d79ce0c782.roa (raw, json)
Hash identifier:          8gedXaYu2Rf0EWReKpy+qYFtS+i/n/NQuVM/hhAdhYM=
Subject key identifier:   E1:10:27:D3:77:A6:EA:23:4D:BF:A9:87:20:F0:5F:20:34:18:FC:BC
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       2590DB1ABBBD37C011213F62CF915B672245C421
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b0e4a315-0256-4fb7-917f-d9d79ce0c782.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        51.32.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:90:db:1a:bb:bd:37:c0:11:21:3f:62:cf:91:5b:67:22:45:c4:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=1232cc324ca8cf51c4461a219a419d335686d0d6c4a7c08d452803db9bf6df10, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:31:ef:4b:ad:e6:58:3c:15:8b:3e:15:83:ba:
                    f0:3a:7c:e5:0a:3e:9d:19:fa:c0:c1:d5:40:65:24:
                    fd:4d:7d:ff:95:8d:fa:76:d7:15:76:86:ea:b6:72:
                    82:0f:8f:c4:37:f9:d9:0f:fe:fd:cd:c8:e8:e4:34:
                    00:90:03:c8:17:dd:07:88:9a:0d:b8:b7:9e:bb:11:
                    50:7e:29:df:f4:9c:9d:33:8f:84:ec:d8:98:9e:ca:
                    07:40:4f:46:b2:28:06:3f:9b:92:73:4d:de:c4:6c:
                    28:90:45:8a:7f:69:50:6f:2f:d5:1a:82:cb:4b:2c:
                    05:bc:31:a0:b8:ff:32:76:91:9d:ef:5b:61:c2:ca:
                    f9:ba:83:10:dd:c2:0b:51:bd:b7:fb:01:75:5a:11:
                    ae:ec:b4:df:6a:6b:92:6c:4c:74:1d:da:a0:f5:1b:
                    db:05:76:94:b1:90:2a:0f:8a:b5:05:d7:a6:67:f8:
                    e4:bd:22:c3:88:02:0b:a9:9e:3a:bd:e6:76:7e:3b:
                    0e:78:fd:17:be:e6:f3:74:68:aa:f8:96:b4:99:74:
                    7a:b9:47:02:77:c7:92:2e:4c:b2:b4:99:8b:3d:34:
                    14:f3:e9:54:8d:d6:ed:38:28:d1:bf:b5:c2:6c:b0:
                    41:66:49:4e:72:59:b3:6a:fa:bd:35:b1:ea:13:89:
                    e3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:10:27:D3:77:A6:EA:23:4D:BF:A9:87:20:F0:5F:20:34:18:FC:BC
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b0e4a315-0256-4fb7-917f-d9d79ce0c782.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.32.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         95:12:63:5c:61:4d:f6:c5:0b:4f:f7:41:64:8e:ff:f6:bc:0d:
         71:11:5e:50:f6:ae:8b:41:40:ab:28:58:31:b7:1a:7d:e7:8b:
         97:dd:25:21:2f:53:45:fb:9d:88:26:0e:55:18:12:c7:4e:f4:
         8c:30:8a:5c:6a:2c:2b:9a:56:f7:00:44:a8:7e:95:70:9c:42:
         fa:c7:22:c3:99:b1:5b:5f:35:e6:f6:ec:bb:90:7e:f0:75:34:
         79:65:b2:19:55:f6:df:2a:28:d6:56:c4:fe:18:3f:20:5c:be:
         c8:a5:b6:13:be:c1:04:3c:cc:66:27:79:a2:3f:ff:2e:70:36:
         cb:02:ee:09:03:dd:62:21:fc:6c:84:b8:d0:56:80:16:5b:9f:
         74:b5:4f:bc:96:02:c8:bb:86:0a:61:7a:61:fc:99:de:e9:aa:
         fb:59:1e:1d:91:da:51:50:03:ed:65:b7:42:f2:b1:e7:cb:48:
         9a:be:2a:bb:94:65:0d:03:1c:7f:cc:e0:ea:12:a0:4b:63:19:
         94:d7:4f:37:68:10:12:02:23:fe:c8:7b:fe:49:f7:33:42:40:
         07:d2:e5:93:8e:51:08:53:ee:7b:4e:ea:ad:f9:29:37:ae:57:
         ea:7d:87:b4:56:7b:07:49:be:a3:cd:b7:b7:c3:9b:d6:04:59:
         b1:08:93:54
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUJZDbGru9N8ARIT9iz5FbZyJFxCEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDEyMzJjYzMyNGNhOGNmNTFjNDQ2MWEyMTlhNDE5ZDMzNTY4NmQwZDZjNGE3
YzA4ZDQ1MjgwM2RiOWJmNmRmMTAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKMx70ut5lg8FYs+FYO68Dp85Qo+nRn6wMHVQGUk/U19/5WN+nbXFXaG6rZy
gg+PxDf52Q/+/c3I6OQ0AJADyBfdB4iaDbi3nrsRUH4p3/ScnTOPhOzYmJ7KB0BP
RrIoBj+bknNN3sRsKJBFin9pUG8v1RqCy0ssBbwxoLj/MnaRne9bYcLK+bqDEN3C
C1G9t/sBdVoRruy032prkmxMdB3aoPUb2wV2lLGQKg+KtQXXpmf45L0iw4gCC6me
Or3mdn47Dnj9F77m83RoqviWtJl0erlHAnfHki5MsrSZiz00FPPpVI3W7Tgo0b+1
wmywQWZJTnJZs2r6vTWx6hOJ480CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBThECfT
d6bqI02/qYcg8F8gNBj8vDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YjBlNGEzMTUtMDI1Ni00ZmI3LTkxN2YtZDlkNzljZTBjNzgyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMgMA0G
CSqGSIb3DQEBCwUAA4IBAQCVEmNcYU32xQtP90Fkjv/2vA1xEV5Q9q6LQUCrKFgx
txp954uX3SUhL1NF+52IJg5VGBLHTvSMMIpcaiwrmlb3AESofpVwnEL6xyLDmbFb
XzXm9uy7kH7wdTR5ZbIZVfbfKijWVsT+GD8gXL7IpbYTvsEEPMxmJ3miP/8ucDbL
Au4JA91iIfxshLjQVoAWW590tU+8lgLIu4YKYXph/Jne6ar7WR4dkdpRUAPtZbdC
8rHny0iaviq7lGUNAxx/zODqEqBLYxmU1083aBASAiP+yHv+SfczQkAH0uWTjlEI
U+57Tuqt+Sk3rlfqfYe0VnsHSb6jzbe3w5vWBFmxCJNU
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:41 2024 by rpki-client on console-ams.rpki-client.org