Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bf3c19cc-7e74-4d47-9e2d-5bcee63041aa.roa
File:                     bf3c19cc-7e74-4d47-9e2d-5bcee63041aa.roa (raw, json)
Hash identifier:          Ihm+st1/IuGr297BvSXNLxUMmYe2a2Qj2ycFXq8OGTs=
Subject key identifier:   EF:2A:74:48:0C:A3:B4:B4:66:D1:B8:39:C7:BB:36:95:E0:2E:20:AD
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       3D19D7A383F27305AB1FC2CEE9A22EF5F7E8A4AA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bf3c19cc-7e74-4d47-9e2d-5bcee63041aa.roa
Signing time:             Wed 27 Mar 2024 00:00:00 +0000
ROA not before:           Wed 27 Mar 2024 00:00:00 +0000
ROA not after:            Wed 01 May 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        83.118.234.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:19:d7:a3:83:f2:73:05:ab:1f:c2:ce:e9:a2:2e:f5:f7:e8:a4:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 27 00:00:00 2024 GMT
            Not After : May  1 23:59:59 2024 GMT
        Subject: serialNumber=dd6b7f59c87460063906289cb8ab6556c54ff9a35ec7fe7d946a32af0ffbd5ed, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a6:f7:35:16:bd:2e:b6:3c:37:58:99:46:c0:
                    1a:c4:69:ca:8e:f1:39:90:b9:55:49:53:6f:a4:3a:
                    18:75:47:5b:16:80:17:ad:0c:6d:68:92:86:11:2b:
                    eb:0f:a5:ed:4b:0c:7e:1d:1b:c7:37:9e:59:bc:c3:
                    f4:29:00:f0:97:7b:42:91:06:ed:27:c2:0d:d1:08:
                    a8:d7:6d:a3:31:f8:52:12:de:93:0d:47:3c:81:7a:
                    65:fd:af:ba:29:7b:ef:5b:d9:12:06:99:c9:cf:b7:
                    15:3c:74:c4:1e:b9:bb:25:4b:93:92:9d:bd:f7:11:
                    34:b6:f8:12:58:f5:c5:00:3a:05:f7:41:e5:37:41:
                    80:25:56:a5:c6:ec:b2:51:39:43:d2:5b:88:98:f6:
                    25:00:35:c6:bf:5a:39:d1:b1:53:96:f2:20:d3:0a:
                    ac:e8:04:6a:82:41:7d:7c:78:3a:1d:df:da:cc:ff:
                    dd:67:d0:9c:0f:45:5b:0f:4f:27:40:93:58:c0:93:
                    ed:db:80:10:d9:a7:78:92:05:9e:d0:ae:27:3a:3d:
                    ed:e3:d4:c4:f4:ee:c7:35:a7:d4:55:2f:0d:e8:75:
                    94:c3:2d:15:86:03:0a:b6:d1:df:73:cc:ed:07:54:
                    0e:f3:72:8e:09:a7:34:1c:33:01:f3:bd:c8:d9:0e:
                    11:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:2A:74:48:0C:A3:B4:B4:66:D1:B8:39:C7:BB:36:95:E0:2E:20:AD
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bf3c19cc-7e74-4d47-9e2d-5bcee63041aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.118.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:00:51:e9:95:1c:3d:e8:20:c0:48:94:10:ed:37:07:40:d3:
         e7:36:fc:0d:ed:ed:bb:e8:78:06:36:0c:44:c3:9c:10:d3:72:
         88:7d:12:66:39:f8:e2:b9:c6:3f:36:73:9c:d4:59:29:cf:1a:
         24:35:5e:7e:34:91:80:4d:7d:e0:9b:be:8a:b8:4d:67:ee:20:
         c7:a5:7f:7d:6c:f6:68:0e:10:4d:09:90:2e:bf:07:82:bd:45:
         01:5b:cb:48:a2:f9:6b:e7:46:f4:15:99:fc:b9:fe:14:30:9a:
         74:cc:f8:3a:84:04:a6:69:42:35:b2:7a:c1:54:a0:6d:69:cd:
         9a:10:f5:cc:de:78:b5:1e:65:1e:04:3e:eb:20:59:5b:2b:68:
         7b:f1:96:7b:b1:61:c8:87:d3:7e:6a:60:d4:54:20:5b:ad:85:
         ed:17:d6:0f:67:d6:f6:e2:70:60:ab:bb:d2:69:a0:49:6c:18:
         b8:f5:e9:85:ac:1f:3b:b2:58:e9:46:a3:91:37:9f:83:56:85:
         54:22:13:3a:11:24:42:db:94:ad:03:76:2d:3d:ac:c5:9f:64:
         a2:69:36:d2:78:99:2d:3d:96:9f:c3:57:07:a6:63:30:41:61:
         6b:36:57:ba:59:4c:44:ff:1d:79:86:61:de:4c:8a:7b:5b:74:
         bd:33:71:60
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUPRnXo4PycwWrH8LO6aIu9ffopKowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMjcwMDAwMDBaFw0yNDA1MDEyMzU5NTlaMHoxSTBHBgNV
BAUTQGRkNmI3ZjU5Yzg3NDYwMDYzOTA2Mjg5Y2I4YWI2NTU2YzU0ZmY5YTM1ZWM3
ZmU3ZDk0NmEzMmFmMGZmYmQ1ZWQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKCm9zUWvS62PDdYmUbAGsRpyo7xOZC5VUlTb6Q6GHVHWxaAF60MbWiShhEr
6w+l7UsMfh0bxzeeWbzD9CkA8Jd7QpEG7SfCDdEIqNdtozH4UhLekw1HPIF6Zf2v
uil771vZEgaZyc+3FTx0xB65uyVLk5KdvfcRNLb4Elj1xQA6BfdB5TdBgCVWpcbs
slE5Q9JbiJj2JQA1xr9aOdGxU5byINMKrOgEaoJBfXx4Oh3f2sz/3WfQnA9FWw9P
J0CTWMCT7duAENmneJIFntCuJzo97ePUxPTuxzWn1FUvDeh1lMMtFYYDCrbR33PM
7QdUDvNyjgmnNBwzAfO9yNkOEUkCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTvKnRI
DKO0tGbRuDnHuzaV4C4grTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YmYzYzE5Y2MtN2U3NC00ZDQ3LTllMmQtNWJjZWU2MzA0MWFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVN26jAN
BgkqhkiG9w0BAQsFAAOCAQEABQBR6ZUcPeggwEiUEO03B0DT5zb8De3tu+h4BjYM
RMOcENNyiH0SZjn44rnGPzZznNRZKc8aJDVefjSRgE194Ju+irhNZ+4gx6V/fWz2
aA4QTQmQLr8Hgr1FAVvLSKL5a+dG9BWZ/Ln+FDCadMz4OoQEpmlCNbJ6wVSgbWnN
mhD1zN54tR5lHgQ+6yBZWytoe/GWe7FhyIfTfmpg1FQgW62F7RfWD2fW9uJwYKu7
0mmgSWwYuPXphawfO7JY6UajkTefg1aFVCITOhEkQtuUrQN2LT2sxZ9komk20niZ
LT2Wn8NXB6ZjMEFhazZXullMRP8deYZh3kyKe1t0vTNxYA==
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:21 2024 by rpki-client on console-fra.rpki-client.org