Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa
File:                     c2c395e2-491c-4141-ba1e-1b3717841063.roa (raw, json)
Hash identifier:          Nk4Tc5KiZU2fP/Kc+pZxCM3BYA91nYkCEkweIPMl0vo=
Subject key identifier:   CC:33:D3:A2:22:91:53:5C:12:AF:18:94:62:EB:DF:1C:3D:03:16:2B
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       177AF97DB204599066AE146D35F66AC5F589386B
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.152.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:7a:f9:7d:b2:04:59:90:66:ae:14:6d:35:f6:6a:c5:f5:89:38:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=11815889c43a385c61172b9d78be061ab1ee60dd60b3f3145fd76a16296e48a4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:33:51:1f:ea:1d:88:74:d1:dd:24:c6:f5:93:
                    23:8b:5a:74:bf:03:1e:20:1f:a2:4e:e3:0d:12:87:
                    f3:3e:69:0b:bf:e6:23:9c:98:9b:7d:d6:a5:24:fd:
                    70:a9:bd:69:15:0a:1d:0f:f7:2d:37:c5:89:e3:b2:
                    74:f2:37:73:1e:23:25:38:0c:e4:29:b5:f5:8e:3b:
                    92:d3:c3:86:27:d9:51:4b:0e:9f:2e:0a:42:1c:69:
                    32:81:91:6a:fb:70:fa:fb:71:ab:ee:8c:c4:b8:52:
                    4c:9d:0f:db:4e:61:38:20:28:07:b0:48:9c:2f:ff:
                    7d:fb:8c:00:cb:0e:d3:bc:65:3c:15:35:0a:7c:10:
                    0f:8b:1d:66:4a:cd:f6:8a:fb:72:fa:29:d9:a9:6d:
                    41:b8:92:2a:eb:62:f8:00:f0:7d:5d:b9:42:4c:a6:
                    0f:d0:0c:8b:bb:70:50:7b:66:e0:7c:2d:36:86:0f:
                    84:33:f7:b3:a2:14:6c:de:55:c9:da:7c:2c:22:b4:
                    a8:24:1d:24:37:d8:22:65:9f:73:5b:f2:46:c9:f5:
                    c3:30:92:46:63:46:46:86:73:93:75:47:85:f8:cf:
                    00:68:38:23:5b:15:9f:68:bd:0e:05:2a:7f:ec:55:
                    96:81:7d:f1:f9:d6:b0:fc:e9:ae:b1:f6:7c:de:b2:
                    6b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:33:D3:A2:22:91:53:5C:12:AF:18:94:62:EB:DF:1C:3D:03:16:2B
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.152.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         0e:ab:6d:4d:86:e8:ca:21:2e:e6:b2:1c:9c:2f:86:da:fa:50:
         80:86:ed:8a:7d:d7:68:87:be:ca:4b:35:b6:55:6a:8c:6a:17:
         42:87:f9:b8:e2:b7:d6:fa:2d:c4:a2:9f:d1:5a:24:cd:99:9e:
         a5:c2:07:59:0b:08:c1:04:76:08:60:3b:87:5f:74:73:5b:ad:
         3c:42:a1:49:db:cb:a4:37:36:b9:94:16:e1:22:15:c8:11:a1:
         10:40:0c:d1:9b:9b:78:a4:87:b5:73:17:3d:5e:42:9a:57:8d:
         de:3d:d3:ac:d7:f6:0d:37:3f:4a:cc:c1:82:bf:5d:65:8d:8b:
         01:69:6b:41:27:6c:33:fb:db:5c:83:50:b8:ca:04:aa:5f:a1:
         99:53:72:13:6d:8e:bf:a9:62:b3:f9:a4:31:94:b3:a7:75:9c:
         33:17:64:6d:0f:e2:45:96:b3:b4:07:ec:e1:8c:13:d3:0a:7a:
         80:ff:1a:fd:61:7e:dc:fe:19:a8:f8:3e:b2:36:9a:26:de:3c:
         56:d6:67:b6:95:b1:e9:a6:b0:2e:d4:19:3a:3c:52:91:58:4f:
         51:63:bb:c1:4b:bd:5a:58:cf:23:e2:0e:d8:59:83:5a:1f:9d:
         fe:5c:53:7f:7c:03:b1:1d:86:c3:9e:27:6d:4f:b5:00:f4:59:
         30:96:1c:4f
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUF3r5fbIEWZBmrhRtNfZqxfWJOGswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDExODE1ODg5YzQzYTM4NWM2MTE3MmI5ZDc4YmUwNjFhYjFlZTYwZGQ2MGIz
ZjMxNDVmZDc2YTE2Mjk2ZTQ4YTQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKkzUR/qHYh00d0kxvWTI4tadL8DHiAfok7jDRKH8z5pC7/mI5yYm33WpST9
cKm9aRUKHQ/3LTfFieOydPI3cx4jJTgM5Cm19Y47ktPDhifZUUsOny4KQhxpMoGR
avtw+vtxq+6MxLhSTJ0P205hOCAoB7BInC//ffuMAMsO07xlPBU1CnwQD4sdZkrN
9or7cvop2altQbiSKuti+ADwfV25QkymD9AMi7twUHtm4HwtNoYPhDP3s6IUbN5V
ydp8LCK0qCQdJDfYImWfc1vyRsn1wzCSRmNGRoZzk3VHhfjPAGg4I1sVn2i9DgUq
f+xVloF98fnWsPzprrH2fN6ya68CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTMM9Oi
IpFTXBKvGJRi698cPQMWKzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YzJjMzk1ZTItNDkxYy00MTQxLWJhMWUtMWIzNzE3ODQxMDYzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOYMA0G
CSqGSIb3DQEBCwUAA4IBAQAOq21NhujKIS7mshycL4ba+lCAhu2Kfddoh77KSzW2
VWqMahdCh/m44rfW+i3Eop/RWiTNmZ6lwgdZCwjBBHYIYDuHX3RzW608QqFJ28uk
Nza5lBbhIhXIEaEQQAzRm5t4pIe1cxc9XkKaV43ePdOs1/YNNz9KzMGCv11ljYsB
aWtBJ2wz+9tcg1C4ygSqX6GZU3ITbY6/qWKz+aQxlLOndZwzF2RtD+JFlrO0B+zh
jBPTCnqA/xr9YX7c/hmo+D6yNpom3jxW1me2lbHpprAu1Bk6PFKRWE9RY7vBS71a
WM8j4g7YWYNaH53+XFN/fAOxHYbDnidtT7UA9FkwlhxP
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:28 2024 by rpki-client on console-ams.rpki-client.org