Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ca0f75ca-e966-4e9d-99ae-b78535acfaf7.roa
File:                     ca0f75ca-e966-4e9d-99ae-b78535acfaf7.roa (raw, json)
Hash identifier:          IaXqTJLKTY5HQpZpNk4AhOYYxauU85y4gtNJ+P6VjEc=
Subject key identifier:   35:A3:19:08:6E:41:5F:FC:91:92:87:31:38:09:FF:80:82:E6:0E:E3
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       167F7AADC4878E862841CDDB20BAF48677876274
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ca0f75ca-e966-4e9d-99ae-b78535acfaf7.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.166.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:7f:7a:ad:c4:87:8e:86:28:41:cd:db:20:ba:f4:86:77:87:62:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=df9ed044faafad177e7d5c2868cf31532cee67107f60c9f80c33f24d76616669, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:db:40:48:a5:3a:52:3a:e9:a0:2e:df:ee:10:
                    b9:c0:c9:c9:a2:d7:46:86:bc:0b:16:ad:a7:a0:d7:
                    12:ce:21:9e:a9:3f:7f:bb:93:9f:0e:d7:c6:e4:04:
                    b2:18:51:ac:c7:01:57:a8:67:75:0f:e2:7c:6a:d8:
                    be:6c:c7:de:8f:33:36:91:19:d4:e6:31:16:b8:f1:
                    f0:60:d3:0b:7b:aa:e0:f8:b8:16:cd:5f:26:3d:3f:
                    0b:d2:3d:c7:e0:9b:00:2e:d7:b3:d1:23:a6:a2:2c:
                    00:b6:d8:97:e7:59:18:b8:b8:26:ba:27:97:db:bf:
                    9b:18:9b:a7:da:40:32:21:ec:cb:a6:64:58:a7:7b:
                    da:62:73:7c:bd:10:9e:d9:1d:d6:ad:cd:cf:82:20:
                    13:bc:be:3d:ff:f8:f6:7b:61:02:e9:ca:d1:2a:9c:
                    85:86:48:fd:e3:9f:ca:9b:37:56:fd:61:da:ae:e2:
                    4a:a9:a8:19:20:a1:70:1f:19:51:d7:a1:08:2a:95:
                    29:c5:53:e6:03:be:7c:dd:cf:ab:ea:c9:3e:c9:59:
                    51:6e:83:7f:d2:93:ea:91:c9:92:c4:a8:82:03:1b:
                    a4:ee:1e:d6:f3:af:25:2e:a5:1b:45:eb:53:b7:97:
                    63:71:8f:f8:bd:1f:d7:1e:4e:9a:50:fc:80:bd:9e:
                    17:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:A3:19:08:6E:41:5F:FC:91:92:87:31:38:09:FF:80:82:E6:0E:E3
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ca0f75ca-e966-4e9d-99ae-b78535acfaf7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.166.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         d6:ad:40:ed:3c:e0:e8:80:a5:17:57:dc:9f:5e:7e:1d:71:64:
         3b:f9:53:92:87:e6:09:11:36:ff:52:56:aa:25:3b:a3:2e:c7:
         08:c8:4c:b8:e0:b6:0d:0b:a1:cf:f5:6f:23:71:6e:5d:8f:c0:
         fd:63:8c:36:b1:2b:ba:48:8e:0b:1e:4a:08:a9:11:f1:de:73:
         e0:d2:f9:08:34:24:1f:82:bc:74:53:28:a5:14:db:5f:ba:3f:
         8d:be:06:a6:27:1d:09:7c:77:e4:b0:b3:9a:95:c9:3c:50:28:
         c8:47:f2:ad:3a:d9:6b:04:39:60:17:e2:16:97:6b:0a:8a:af:
         98:35:12:cb:4f:a5:c5:74:f2:6c:97:57:6a:5b:67:f6:b9:fb:
         fd:5d:76:fa:51:39:c0:3a:98:52:39:fe:69:99:65:11:2a:de:
         72:e2:75:34:87:cd:7a:9f:73:77:96:91:fa:77:b4:a0:a6:05:
         b7:f9:c4:e3:7c:46:0b:b0:12:0d:12:91:54:d5:49:cf:56:a6:
         1d:fd:6d:70:15:d7:12:6e:29:c8:9d:17:73:76:ba:c0:82:d7:
         0e:6f:79:c3:69:7b:be:17:b8:8b:e0:0a:d0:b7:fe:ea:c7:99:
         38:28:e0:07:06:ad:1c:49:90:a9:60:6c:83:bd:33:d2:b7:7c:
         62:13:33:1d
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUFn96rcSHjoYoQc3bILr0hneHYnQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGRmOWVkMDQ0ZmFhZmFkMTc3ZTdkNWMyODY4Y2YzMTUzMmNlZTY3MTA3ZjYw
YzlmODBjMzNmMjRkNzY2MTY2NjkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKjbQEilOlI66aAu3+4QucDJyaLXRoa8Cxatp6DXEs4hnqk/f7uTnw7XxuQE
shhRrMcBV6hndQ/ifGrYvmzH3o8zNpEZ1OYxFrjx8GDTC3uq4Pi4Fs1fJj0/C9I9
x+CbAC7Xs9EjpqIsALbYl+dZGLi4Jronl9u/mxibp9pAMiHsy6ZkWKd72mJzfL0Q
ntkd1q3Nz4IgE7y+Pf/49nthAunK0SqchYZI/eOfyps3Vv1h2q7iSqmoGSChcB8Z
UdehCCqVKcVT5gO+fN3Pq+rJPslZUW6Df9KT6pHJksSoggMbpO4e1vOvJS6lG0Xr
U7eXY3GP+L0f1x5OmlD8gL2eF0kCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ1oxkI
bkFf/JGShzE4Cf+AguYO4zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Y2EwZjc1Y2EtZTk2Ni00ZTlkLTk5YWUtYjc4NTM1YWNmYWY3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOmMA0G
CSqGSIb3DQEBCwUAA4IBAQDWrUDtPODogKUXV9yfXn4dcWQ7+VOSh+YJETb/Ulaq
JTujLscIyEy44LYNC6HP9W8jcW5dj8D9Y4w2sSu6SI4LHkoIqRHx3nPg0vkINCQf
grx0UyilFNtfuj+NvgamJx0JfHfksLOalck8UCjIR/KtOtlrBDlgF+IWl2sKiq+Y
NRLLT6XFdPJsl1dqW2f2ufv9XXb6UTnAOphSOf5pmWURKt5y4nU0h816n3N3lpH6
d7SgpgW3+cTjfEYLsBINEpFU1UnPVqYd/W1wFdcSbinInRdzdrrAgtcOb3nDaXu+
F7iL4ArQt/7qx5k4KOAHBq0cSZCpYGyDvTPSt3xiEzMd
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:24 2024 by rpki-client on console-fra.rpki-client.org