Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cb77317b-e565-4116-8e1c-6b5a63be2487.roa
File:                     cb77317b-e565-4116-8e1c-6b5a63be2487.roa (raw, json)
Hash identifier:          b8QfgcGCXrKbwG5Eyss28wh7sNLXysNM7CXOxIiUzXs=
Subject key identifier:   3A:85:00:56:FB:22:25:A9:41:1B:14:26:06:E4:01:9B:89:F6:79:A0
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       4B73F25A61366D3D626BB7DFD4CA15E1AA9074C0
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cb77317b-e565-4116-8e1c-6b5a63be2487.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        51.166.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:73:f2:5a:61:36:6d:3d:62:6b:b7:df:d4:ca:15:e1:aa:90:74:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=edbb68c2e52655a86809b2415bd1c9321ca19ccbc61b2b40c62f53c62685a4c7, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:68:bf:65:46:be:67:c9:97:b4:2f:1c:b0:fd:
                    08:7b:b0:b0:c1:b7:24:23:80:e1:bc:08:73:79:4a:
                    22:8f:50:bc:c0:41:4c:31:e8:fb:0b:1c:f0:7c:c1:
                    93:27:89:00:15:ca:f4:02:d4:39:5b:c7:e9:2a:a6:
                    1b:1b:db:38:e8:a8:bb:fc:af:30:42:cf:89:61:4c:
                    36:fd:e5:23:05:10:51:4f:6f:2e:45:31:f7:f3:68:
                    8e:05:e9:1e:0a:52:80:d2:c0:9f:23:38:e6:2b:f9:
                    84:d0:ee:09:d8:39:5c:1b:41:3a:c7:d1:c9:f1:de:
                    79:60:3e:7e:4b:ce:4c:68:98:15:ac:06:0f:18:2a:
                    bb:f0:81:2c:46:b0:57:d4:0b:80:65:ae:42:27:cd:
                    32:2f:a2:b6:e0:66:8a:b3:59:73:e0:1f:80:d5:65:
                    aa:78:bb:d4:de:ca:6e:0f:d0:63:69:41:9e:e4:71:
                    5a:eb:29:16:4e:70:6f:07:a4:6b:3a:5b:2a:19:9e:
                    1e:16:16:0a:f6:ad:79:c7:69:da:a2:29:44:5d:1e:
                    c5:98:d0:4d:0f:73:1f:3c:cc:4e:66:1f:68:4f:ad:
                    3f:43:11:1b:5e:0a:cb:4d:ec:35:ae:b0:92:8d:dc:
                    f7:e0:7f:13:e0:cd:d1:65:34:0b:fd:34:da:de:cd:
                    60:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:85:00:56:FB:22:25:A9:41:1B:14:26:06:E4:01:9B:89:F6:79:A0
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cb77317b-e565-4116-8e1c-6b5a63be2487.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.166.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         a5:cc:1e:11:fd:ff:16:8f:7c:d0:cc:cc:b1:bc:39:aa:ff:44:
         fb:9a:42:a8:89:62:45:95:44:4a:3b:aa:3b:8c:09:1a:d2:ec:
         8e:0a:0b:9f:e0:e3:03:14:de:e9:dc:3f:e5:6e:84:aa:5c:99:
         bf:3b:22:b3:66:00:2a:41:a0:8a:6b:d1:05:56:a5:6c:e1:bc:
         38:73:c5:06:c6:a8:22:73:c3:3a:a6:bd:db:0c:bd:e4:be:a3:
         25:7b:7a:32:7d:12:de:69:de:f9:bf:a5:92:d8:61:b5:89:e3:
         cd:22:f1:e7:c4:22:c4:e4:b3:bd:ea:4d:32:a3:88:ac:5a:dd:
         1d:c1:92:46:a6:dc:1c:f5:98:0c:5c:3c:65:b2:78:fe:b9:c2:
         7c:08:e8:52:10:d7:25:dc:a2:aa:20:e7:d0:c1:0d:4f:1b:1a:
         58:c2:8a:53:d2:da:ea:0e:e1:4f:48:21:50:61:27:fd:80:01:
         e1:dc:06:f9:f1:f8:3c:c1:79:37:be:b4:b2:62:ee:bc:ba:32:
         4a:fc:7b:90:54:96:de:54:e1:72:ff:11:aa:6a:23:12:c8:b1:
         8e:84:83:d1:98:ce:85:0c:21:32:76:db:77:a9:32:d0:c1:31:
         5d:b1:ee:ce:61:f7:d5:b5:48:9b:6f:b2:e6:cb:c3:37:e8:71:
         bd:f3:b1:3b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUS3PyWmE2bT1ia7ff1MoV4aqQdMAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGVkYmI2OGMyZTUyNjU1YTg2ODA5YjI0MTViZDFjOTMyMWNhMTljY2JjNjFi
MmI0MGM2MmY1M2M2MjY4NWE0YzcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMRov2VGvmfJl7QvHLD9CHuwsMG3JCOA4bwIc3lKIo9QvMBBTDHo+wsc8HzB
kyeJABXK9ALUOVvH6SqmGxvbOOiou/yvMELPiWFMNv3lIwUQUU9vLkUx9/NojgXp
HgpSgNLAnyM45iv5hNDuCdg5XBtBOsfRyfHeeWA+fkvOTGiYFawGDxgqu/CBLEaw
V9QLgGWuQifNMi+ituBmirNZc+AfgNVlqni71N7Kbg/QY2lBnuRxWuspFk5wbwek
azpbKhmeHhYWCvatecdp2qIpRF0exZjQTQ9zHzzMTmYfaE+tP0MRG14Ky03sNa6w
ko3c9+B/E+DN0WU0C/002t7NYPECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ6hQBW
+yIlqUEbFCYG5AGbifZ5oDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Y2I3NzMxN2ItZTU2NS00MTE2LThlMWMtNmI1YTYzYmUyNDg3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOmMA0G
CSqGSIb3DQEBCwUAA4IBAQClzB4R/f8Wj3zQzMyxvDmq/0T7mkKoiWJFlURKO6o7
jAka0uyOCguf4OMDFN7p3D/lboSqXJm/OyKzZgAqQaCKa9EFVqVs4bw4c8UGxqgi
c8M6pr3bDL3kvqMle3oyfRLead75v6WS2GG1iePNIvHnxCLE5LO96k0yo4isWt0d
wZJGptwc9ZgMXDxlsnj+ucJ8COhSENcl3KKqIOfQwQ1PGxpYwopT0trqDuFPSCFQ
YSf9gAHh3Ab58fg8wXk3vrSyYu68ujJK/HuQVJbeVOFy/xGqaiMSyLGOhIPRmM6F
DCEydtt3qTLQwTFdse7OYffVtUibb7Lmy8M36HG987E7
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:24 2024 by rpki-client on console-fra.rpki-client.org