Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bc2f4f9f-62ab-4d53-895c-22469f5cbef3.roa
File:                     bc2f4f9f-62ab-4d53-895c-22469f5cbef3.roa (raw, json)
Hash identifier:          sc+SD3Cv3DWQIPoV1AUI4ljTRD1Okc5dC/Fm2mmeCtg=
Subject key identifier:   37:E4:38:D0:7C:1C:71:54:F1:FC:94:03:EB:7D:7B:F9:15:58:44:2B
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6648A89DA6B5EC27D8275B3748AFA6AC0D113942
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bc2f4f9f-62ab-4d53-895c-22469f5cbef3.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.152.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:48:a8:9d:a6:b5:ec:27:d8:27:5b:37:48:af:a6:ac:0d:11:39:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=6fc0f2606f8a66d7313260b877a9ac3e07b49d390d23a663d2bbd046ffe0af2a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e0:97:fb:02:3f:85:75:43:7f:98:80:0b:ab:
                    46:43:2a:f1:dd:62:dc:52:c1:a9:1a:4f:94:32:2e:
                    a6:6c:aa:03:fd:3a:65:43:6c:ab:0e:05:06:f7:97:
                    51:c2:96:55:ec:a1:51:0b:78:bc:e6:d0:4a:58:74:
                    ac:2f:b3:f2:a3:a3:9d:78:48:da:70:9f:99:37:fb:
                    74:2a:14:76:09:37:6c:1a:9d:8c:cd:f8:bb:8d:d7:
                    fa:49:3b:b3:57:c7:ce:19:52:5b:78:4c:ad:82:75:
                    f4:b6:9b:a5:06:35:1b:26:23:11:f6:f9:6b:64:6e:
                    ef:13:67:3d:5d:2b:df:02:3c:6c:58:18:08:ce:2c:
                    96:6b:89:d3:28:c9:35:f6:d7:e2:19:69:62:7a:d4:
                    7c:ba:6d:6e:d1:36:c2:4d:78:47:48:fe:72:f2:66:
                    d4:7c:40:77:52:ec:4c:a6:e3:ac:b0:79:a5:4d:7d:
                    30:aa:ed:1e:9e:68:14:29:82:57:e5:12:3c:9d:79:
                    dd:35:bf:8d:bb:fd:ef:25:ef:c2:6d:dd:bb:e8:db:
                    aa:60:e3:22:a0:45:5c:a0:62:d4:70:2b:b1:a3:ee:
                    8f:24:83:72:42:a3:de:52:72:a0:ed:b0:dd:02:aa:
                    d7:bb:42:02:b6:f5:cb:d8:05:53:e3:86:5e:d9:fa:
                    c6:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:E4:38:D0:7C:1C:71:54:F1:FC:94:03:EB:7D:7B:F9:15:58:44:2B
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bc2f4f9f-62ab-4d53-895c-22469f5cbef3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.152.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         d3:5b:e3:10:f4:64:07:ea:08:cf:c0:c6:3a:39:96:06:6f:97:
         89:41:eb:28:d0:c7:d1:8d:6e:df:27:06:15:7d:98:0d:b5:01:
         73:86:d6:be:d5:2b:79:5f:6b:da:c2:89:8f:2c:24:9b:6c:ad:
         f5:8a:e5:9b:6a:0f:77:7c:4c:d5:fe:af:31:02:05:1c:5a:a4:
         f6:3c:f5:00:6a:75:58:4c:e3:0f:ed:f7:08:b1:8e:17:d2:9e:
         64:c4:ad:3d:0a:1f:1e:60:44:9e:16:67:8b:e6:eb:0c:09:82:
         5c:b3:65:35:5f:4d:bd:a6:60:8e:b1:dd:ed:80:99:52:70:b8:
         83:56:f8:9e:cb:fe:48:82:2d:78:50:3b:90:9f:69:1f:c1:63:
         41:15:df:7a:3a:6f:f3:a5:b9:31:22:09:7f:bb:25:54:e1:c9:
         97:7a:ca:31:f1:0e:88:b4:2c:fe:12:4e:07:7a:75:9f:0a:77:
         21:77:22:c1:a5:f3:60:99:c9:99:d3:38:d1:97:71:2a:04:d8:
         bf:41:4c:41:0d:9c:ac:76:1a:60:f2:b3:40:b6:7b:ac:f8:e9:
         2f:28:9e:14:12:71:a5:94:7c:f6:77:17:40:ca:4d:c9:ef:0f:
         1e:54:b9:7d:d2:92:e2:36:d1:13:36:11:1c:3b:19:60:d5:af:
         69:59:fa:64
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUZkionaa17CfYJ1s3SK+mrA0ROUIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDZmYzBmMjYwNmY4YTY2ZDczMTMyNjBiODc3YTlhYzNlMDdiNDlkMzkwZDIz
YTY2M2QyYmJkMDQ2ZmZlMGFmMmExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKHgl/sCP4V1Q3+YgAurRkMq8d1i3FLBqRpPlDIupmyqA/06ZUNsqw4FBveX
UcKWVeyhUQt4vObQSlh0rC+z8qOjnXhI2nCfmTf7dCoUdgk3bBqdjM34u43X+kk7
s1fHzhlSW3hMrYJ19LabpQY1GyYjEfb5a2Ru7xNnPV0r3wI8bFgYCM4slmuJ0yjJ
NfbX4hlpYnrUfLptbtE2wk14R0j+cvJm1HxAd1LsTKbjrLB5pU19MKrtHp5oFCmC
V+USPJ153TW/jbv97yXvwm3du+jbqmDjIqBFXKBi1HArsaPujySDckKj3lJyoO2w
3QKq17tCArb1y9gFU+OGXtn6xlsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ35DjQ
fBxxVPH8lAPrfXv5FVhEKzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YmMyZjRmOWYtNjJhYi00ZDUzLTg5NWMtMjI0NjlmNWNiZWYzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOYMA0G
CSqGSIb3DQEBCwUAA4IBAQDTW+MQ9GQH6gjPwMY6OZYGb5eJQeso0MfRjW7fJwYV
fZgNtQFzhta+1St5X2vawomPLCSbbK31iuWbag93fEzV/q8xAgUcWqT2PPUAanVY
TOMP7fcIsY4X0p5kxK09Ch8eYESeFmeL5usMCYJcs2U1X029pmCOsd3tgJlScLiD
Vviey/5Igi14UDuQn2kfwWNBFd96Om/zpbkxIgl/uyVU4cmXesox8Q6ItCz+Ek4H
enWfCnchdyLBpfNgmcmZ0zjRl3EqBNi/QUxBDZysdhpg8rNAtnus+OkvKJ4UEnGl
lHz2dxdAyk3J7w8eVLl90pLiNtETNhEcOxlg1a9pWfpk
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:21 2024 by rpki-client on console-fra.rpki-client.org