Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b76b2450-5088-45d4-a9f3-3c0e092919bd.roa
File:                     b76b2450-5088-45d4-a9f3-3c0e092919bd.roa (raw, json)
Hash identifier:          5phLWD7hjP+4zCreSPDDVrtQdH24kNQ2EKEp82BCUjc=
Subject key identifier:   96:46:AC:BE:5B:75:0B:D4:AD:F1:1A:8B:94:83:FD:EF:21:B2:1A:85
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5C7D1A36D3F2A250C6AD7506908F61A33A6CAD17
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b76b2450-5088-45d4-a9f3-3c0e092919bd.roa
Signing time:             Wed 27 Mar 2024 00:00:00 +0000
ROA not before:           Wed 27 Mar 2024 00:00:00 +0000
ROA not after:            Wed 01 May 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        51.168.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:7d:1a:36:d3:f2:a2:50:c6:ad:75:06:90:8f:61:a3:3a:6c:ad:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 27 00:00:00 2024 GMT
            Not After : May  1 23:59:59 2024 GMT
        Subject: serialNumber=b32a5f9d04059bb8da31e604bd7a2356e4603dbcb317f42beb8f216f5c081b91, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:4a:6d:d3:dd:b9:e0:31:5e:55:ab:07:fa:96:
                    14:67:5c:ee:4c:5f:dc:99:b8:77:bf:8b:78:be:de:
                    1e:c5:c7:45:e7:e7:4c:99:64:2b:ad:55:3b:82:7a:
                    51:4c:ce:ac:64:09:dc:a3:74:eb:a1:f0:15:04:e4:
                    8b:91:2a:93:41:ac:8f:28:15:0d:58:2d:11:94:ad:
                    ac:59:02:82:4e:4d:20:97:12:f1:3a:57:0d:41:eb:
                    ed:8a:ac:1d:0d:e9:9f:73:b8:24:3e:e0:f7:9d:f2:
                    b8:7b:5c:6a:61:fe:2d:db:99:ac:f0:0a:65:1e:7d:
                    a7:d6:bb:ea:39:42:8c:8a:a8:cc:39:85:d4:9d:30:
                    4d:b9:61:c4:44:2c:7b:24:68:74:3a:12:bc:ad:9d:
                    0c:19:f9:e8:64:0c:cd:a3:07:60:ce:e5:92:08:e6:
                    cd:f7:4c:60:a0:57:e3:e8:e2:a7:c6:ff:5e:48:f6:
                    10:60:3a:ad:6f:3a:6b:7a:95:96:89:0f:27:a0:91:
                    ca:07:f5:6b:7b:45:b8:79:45:44:a8:5b:b8:12:d2:
                    8e:59:39:77:86:9a:25:03:cc:e0:4a:8e:12:44:3c:
                    ea:ac:a3:28:95:9e:6c:76:57:a2:82:52:30:58:cc:
                    d8:e8:63:d5:32:6f:74:21:a0:d1:41:95:4d:16:bf:
                    f5:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:46:AC:BE:5B:75:0B:D4:AD:F1:1A:8B:94:83:FD:EF:21:B2:1A:85
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b76b2450-5088-45d4-a9f3-3c0e092919bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.168.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         57:ea:cc:9f:25:16:5d:05:60:0a:6f:eb:3b:d8:b8:92:f0:8c:
         a4:e1:c8:d5:b5:5b:c9:e6:c1:e2:cb:5d:19:09:97:7f:21:a7:
         84:07:1d:2e:93:5e:82:d5:71:fc:92:66:93:0d:b1:5b:8c:b0:
         4c:cb:6c:4f:98:a5:ef:0e:ae:73:9c:78:e4:1e:88:d6:b4:fb:
         d8:1e:52:98:cf:c8:a6:f8:34:02:18:51:2e:d3:cd:11:bf:e8:
         de:cf:4e:67:5f:22:6b:a4:69:41:36:10:8d:99:d2:c4:39:e9:
         9c:97:41:fa:f2:d5:a2:5e:55:a3:44:4e:fc:3e:c3:f4:a5:bc:
         f8:14:9b:30:85:e8:c7:28:7b:b5:41:ad:f4:c6:44:7e:a3:7f:
         1e:8d:9d:38:e7:f2:9d:49:dd:c3:b4:78:e3:00:e3:3b:25:24:
         67:40:dd:5a:30:c5:5d:bd:f5:30:05:3c:26:2a:e4:9a:ad:23:
         e5:9c:c7:9d:7b:68:d0:da:50:f2:d1:13:2f:c1:66:26:25:0a:
         fc:d4:59:d9:dc:98:a2:76:3c:f2:ec:bb:8d:29:82:f8:2c:cf:
         8e:6b:c5:44:4b:e0:e7:8c:3f:a4:b7:7d:de:a7:4d:9c:5a:84:
         6b:18:99:35:69:70:1c:cf:98:82:29:dc:cb:1b:4e:d7:fa:03:
         68:74:ff:28
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXH0aNtPyolDGrXUGkI9hozpsrRcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMjcwMDAwMDBaFw0yNDA1MDEyMzU5NTlaMHoxSTBHBgNV
BAUTQGIzMmE1ZjlkMDQwNTliYjhkYTMxZTYwNGJkN2EyMzU2ZTQ2MDNkYmNiMzE3
ZjQyYmViOGYyMTZmNWMwODFiOTExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL5KbdPdueAxXlWrB/qWFGdc7kxf3Jm4d7+LeL7eHsXHRefnTJlkK61VO4J6
UUzOrGQJ3KN066HwFQTki5Eqk0GsjygVDVgtEZStrFkCgk5NIJcS8TpXDUHr7Yqs
HQ3pn3O4JD7g953yuHtcamH+LduZrPAKZR59p9a76jlCjIqozDmF1J0wTblhxEQs
eyRodDoSvK2dDBn56GQMzaMHYM7lkgjmzfdMYKBX4+jip8b/Xkj2EGA6rW86a3qV
lokPJ6CRygf1a3tFuHlFRKhbuBLSjlk5d4aaJQPM4EqOEkQ86qyjKJWebHZXooJS
MFjM2Ohj1TJvdCGg0UGVTRa/9QkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSWRqy+
W3UL1K3xGouUg/3vIbIahTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Yjc2YjI0NTAtNTA4OC00NWQ0LWE5ZjMtM2MwZTA5MjkxOWJkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOoMA0G
CSqGSIb3DQEBCwUAA4IBAQBX6syfJRZdBWAKb+s72LiS8Iyk4cjVtVvJ5sHiy10Z
CZd/IaeEBx0uk16C1XH8kmaTDbFbjLBMy2xPmKXvDq5znHjkHojWtPvYHlKYz8im
+DQCGFEu080Rv+jez05nXyJrpGlBNhCNmdLEOemcl0H68tWiXlWjRE78PsP0pbz4
FJswhejHKHu1Qa30xkR+o38ejZ045/KdSd3DtHjjAOM7JSRnQN1aMMVdvfUwBTwm
KuSarSPlnMede2jQ2lDy0RMvwWYmJQr81FnZ3Jiidjzy7LuNKYL4LM+Oa8VES+Dn
jD+kt33ep02cWoRrGJk1aXAcz5iCKdzLG07X+gNodP8o
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:21 2024 by rpki-client on console-fra.rpki-client.org