Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c8417d8d-dd59-4c9c-9131-401f49361e96.roa
File:                     c8417d8d-dd59-4c9c-9131-401f49361e96.roa (raw, json)
Hash identifier:          FTLsQBn1qSihdAss2scCljmq1eHgKDZRHLQ2woFEGno=
Subject key identifier:   94:D6:6D:0A:E9:22:05:C7:43:D1:ED:E5:F9:86:20:C8:23:39:DE:B2
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       3268A0D4BF7CE039EBE7E9F31192680EDBBCA7B3
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c8417d8d-dd59-4c9c-9131-401f49361e96.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        83.119.64.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:68:a0:d4:bf:7c:e0:39:eb:e7:e9:f3:11:92:68:0e:db:bc:a7:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=f48a38622c14b54a4141838657f5e5a68e625b970ec7dd48283685285640f778, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:27:41:e1:dc:29:42:bd:5b:95:bd:da:5a:45:
                    63:6f:99:1c:fa:47:d3:f6:06:0f:6e:30:82:8d:f2:
                    da:da:c5:e3:6b:da:5b:c2:31:25:c0:b0:5d:28:5c:
                    12:6c:e6:15:67:80:0f:f0:96:64:08:ed:58:e0:1c:
                    c4:b2:19:40:92:11:c7:1e:1b:9d:7c:b6:a5:26:f8:
                    c0:b8:9b:8d:7d:b2:be:e5:86:df:a0:22:7e:76:d6:
                    5b:24:24:7a:f0:ea:9b:d6:70:34:77:b0:4a:b3:74:
                    14:58:57:8d:f1:13:df:6e:06:22:c7:1b:b0:3c:d2:
                    3d:a9:43:9c:83:0f:d8:64:d8:6e:6c:09:eb:a2:56:
                    a1:a8:f6:f4:26:f4:9e:34:03:e7:58:0a:33:c6:82:
                    90:5d:64:c2:34:46:7a:62:3d:a0:db:a2:55:a2:98:
                    3e:dc:5a:11:24:01:75:f9:e2:5c:b4:67:a4:48:8c:
                    a3:f4:82:d6:6a:d7:5f:12:9b:29:b4:81:88:3e:3d:
                    e2:f6:70:7c:5d:89:5e:66:67:c5:da:07:c5:77:0b:
                    a5:a4:de:91:11:81:f4:23:71:8d:b2:e4:5f:17:ac:
                    4c:ae:67:2c:fd:f9:4f:a1:00:9f:ab:a1:51:93:29:
                    a5:8a:b5:11:ad:b4:b1:39:fa:b2:81:d4:e7:fd:54:
                    66:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:D6:6D:0A:E9:22:05:C7:43:D1:ED:E5:F9:86:20:C8:23:39:DE:B2
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c8417d8d-dd59-4c9c-9131-401f49361e96.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.119.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         b7:1a:46:e1:f7:ec:4d:44:53:9f:57:53:c7:b9:d9:29:c4:02:
         b9:08:fc:4a:fb:38:97:f1:28:43:3a:fd:d7:91:51:e2:46:ad:
         f5:73:26:a1:f2:c2:bd:16:22:48:79:0a:69:aa:3e:cb:19:2f:
         47:d6:69:1c:cf:8b:3f:70:d2:60:e4:6a:98:7d:b7:9c:74:3a:
         78:2c:1f:a7:47:1e:c2:76:d0:c7:0f:02:53:fb:59:32:b7:5d:
         60:90:78:f4:14:30:00:19:ec:8b:80:bd:7e:de:d3:72:8e:85:
         45:58:df:4e:72:a3:36:61:a9:98:d6:1c:75:7a:7f:f7:ff:39:
         d2:a3:a5:0d:29:ae:3b:a5:f3:d9:3a:01:69:4f:1b:f8:19:ad:
         db:31:4d:f9:66:c3:1b:93:6e:3f:49:0e:8d:8c:27:e3:10:53:
         75:8f:4c:56:36:85:8d:93:5e:b3:94:64:ed:d0:15:ff:14:89:
         d1:3a:de:6b:04:7b:93:ef:11:2d:b6:77:b7:57:ee:05:a2:9e:
         9f:73:8d:7e:8b:52:93:2a:2b:f5:f0:bb:87:c7:6c:db:f3:ad:
         8f:c7:17:87:44:2a:ad:36:80:72:9b:4a:84:30:50:d9:2f:2b:
         b5:3f:e0:91:d8:c4:b8:7c:79:b0:7e:83:8c:11:7a:47:e5:4e:
         48:4c:ed:16
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUMmig1L984Dnr5+nzEZJoDtu8p7MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGY0OGEzODYyMmMxNGI1NGE0MTQxODM4NjU3ZjVlNWE2OGU2MjViOTcwZWM3
ZGQ0ODI4MzY4NTI4NTY0MGY3NzgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMcnQeHcKUK9W5W92lpFY2+ZHPpH0/YGD24wgo3y2trF42vaW8IxJcCwXShc
EmzmFWeAD/CWZAjtWOAcxLIZQJIRxx4bnXy2pSb4wLibjX2yvuWG36AifnbWWyQk
evDqm9ZwNHewSrN0FFhXjfET324GIscbsDzSPalDnIMP2GTYbmwJ66JWoaj29Cb0
njQD51gKM8aCkF1kwjRGemI9oNuiVaKYPtxaESQBdfniXLRnpEiMo/SC1mrXXxKb
KbSBiD494vZwfF2JXmZnxdoHxXcLpaTekRGB9CNxjbLkXxesTK5nLP35T6EAn6uh
UZMppYq1Ea20sTn6soHU5/1UZjcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSU1m0K
6SIFx0PR7eX5hiDIIznesjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Yzg0MTdkOGQtZGQ1OS00YzljLTkxMzEtNDAxZjQ5MzYxZTk2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBlN3QDAN
BgkqhkiG9w0BAQsFAAOCAQEAtxpG4ffsTURTn1dTx7nZKcQCuQj8Svs4l/EoQzr9
15FR4kat9XMmofLCvRYiSHkKaao+yxkvR9ZpHM+LP3DSYORqmH23nHQ6eCwfp0ce
wnbQxw8CU/tZMrddYJB49BQwABnsi4C9ft7Tco6FRVjfTnKjNmGpmNYcdXp/9/85
0qOlDSmuO6Xz2ToBaU8b+Bmt2zFN+WbDG5NuP0kOjYwn4xBTdY9MVjaFjZNes5Rk
7dAV/xSJ0TreawR7k+8RLbZ3t1fuBaKen3ONfotSkyor9fC7h8ds2/Otj8cXh0Qq
rTaAcptKhDBQ2S8rtT/gkdjEuHx5sH6DjBF6R+VOSEztFg==
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:41 2024 by rpki-client on console-ams.rpki-client.org