Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cc65de9d-dc78-4e7d-96ff-16c3294057be.roa
File:                     cc65de9d-dc78-4e7d-96ff-16c3294057be.roa (raw, json)
Hash identifier:          F3qKd0KKGzgDdqaQIrR4sD7+rolgdKmIArXjRwrnhKQ=
Subject key identifier:   0D:39:51:95:9F:20:81:D6:CE:51:8B:C8:83:AC:48:B2:79:13:A8:5D
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5E9A637B5956F0DB138FEA9537F906E060101EBC
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cc65de9d-dc78-4e7d-96ff-16c3294057be.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        195.17.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:9a:63:7b:59:56:f0:db:13:8f:ea:95:37:f9:06:e0:60:10:1e:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=8cdff4402cb47c7f9cb714077c5f52b5fbf5b2d8ce66778ecb1d3dc36b6702c9, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2a:e1:57:0b:51:70:34:7c:24:c3:43:ed:e5:
                    2e:a3:bf:64:81:bc:c2:37:9e:55:cd:f6:a4:43:56:
                    c5:2a:78:91:6d:a0:03:28:4d:dd:29:40:85:5f:69:
                    31:f9:95:8e:45:2e:b3:06:c8:b0:0c:9b:8c:a5:38:
                    b2:f9:98:c2:ec:cb:59:e9:57:32:3c:ad:a4:b6:25:
                    d2:7f:80:88:98:81:ab:a8:b6:77:4e:49:05:e9:c3:
                    1b:7f:f3:20:d9:ee:8a:0f:4c:19:48:87:9c:a5:5e:
                    42:74:e6:d8:b7:56:a9:e9:d5:a2:91:cb:e5:b6:30:
                    36:71:b3:5d:1c:c8:66:ec:1f:d4:9a:66:ee:64:97:
                    2c:16:6d:a5:56:c3:e9:1f:20:3e:ad:f6:94:d0:7c:
                    44:22:c0:1b:f6:04:fe:d4:08:d4:30:33:7e:23:0b:
                    ae:84:4d:9d:c4:f4:b0:e8:51:f5:97:76:86:9c:02:
                    df:a5:3b:52:75:1e:b6:20:c6:63:01:49:8e:6f:53:
                    47:3a:4d:93:f5:7d:3b:bb:31:5d:0f:dc:a8:c4:71:
                    a6:dd:9a:2a:e0:45:ca:a1:f7:05:51:43:5d:77:89:
                    91:04:86:f4:68:02:34:35:59:52:9c:74:83:10:bd:
                    96:5c:78:c8:be:66:95:41:b4:e2:4a:d9:ec:69:93:
                    62:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:39:51:95:9F:20:81:D6:CE:51:8B:C8:83:AC:48:B2:79:13:A8:5D
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cc65de9d-dc78-4e7d-96ff-16c3294057be.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.17.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         61:0d:c4:98:91:2a:a8:05:68:a8:ec:ca:52:c1:73:53:52:8a:
         67:50:45:ee:23:78:3f:11:6a:53:66:44:34:84:2f:b9:b6:15:
         45:b0:92:d4:b0:be:5f:bd:d8:31:e6:a9:c7:33:ff:90:08:47:
         5f:c0:e3:4d:d0:25:5f:71:7d:2c:c1:a1:a0:6e:04:81:91:b1:
         c4:3e:a8:b3:8b:e4:4f:fc:89:29:d0:87:a8:e6:45:b2:e2:de:
         90:9b:70:ba:c8:72:39:cc:09:ca:39:08:14:a6:39:b1:3f:75:
         d2:93:4d:e5:34:5a:ae:33:5c:07:8e:f3:d5:1d:84:a1:7e:1f:
         17:19:b3:bf:84:10:72:43:cf:b7:91:0c:6c:4f:4f:de:a0:e3:
         35:4d:bd:33:b9:d4:1f:05:6f:93:18:06:5a:21:57:c7:d9:3d:
         92:ae:2a:53:ad:25:4f:68:c0:f2:e0:ae:9d:af:2d:ff:10:bb:
         46:06:7e:f9:e1:48:73:22:d0:e9:40:57:31:4b:0d:e4:36:de:
         90:dd:6b:2d:2d:d2:54:b5:45:0d:20:e3:ff:77:d4:6c:ea:76:
         3f:f3:c3:0a:ef:0b:be:6a:b1:48:b7:32:9b:0e:6b:d6:3f:32:
         e6:39:b5:d9:b8:4f:11:d7:15:96:55:4d:e1:02:07:bd:b0:f1:
         c6:d6:e0:52
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXppje1lW8NsTj+qVN/kG4GAQHrwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDhjZGZmNDQwMmNiNDdjN2Y5Y2I3MTQwNzdjNWY1MmI1ZmJmNWIyZDhjZTY2
Nzc4ZWNiMWQzZGMzNmI2NzAyYzkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKwq4VcLUXA0fCTDQ+3lLqO/ZIG8wjeeVc32pENWxSp4kW2gAyhN3SlAhV9p
MfmVjkUuswbIsAybjKU4svmYwuzLWelXMjytpLYl0n+AiJiBq6i2d05JBenDG3/z
INnuig9MGUiHnKVeQnTm2LdWqenVopHL5bYwNnGzXRzIZuwf1Jpm7mSXLBZtpVbD
6R8gPq32lNB8RCLAG/YE/tQI1DAzfiMLroRNncT0sOhR9Zd2hpwC36U7UnUetiDG
YwFJjm9TRzpNk/V9O7sxXQ/cqMRxpt2aKuBFyqH3BVFDXXeJkQSG9GgCNDVZUpx0
gxC9llx4yL5mlUG04krZ7GmTYrsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQNOVGV
nyCB1s5Ri8iDrEiyeROoXTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Y2M2NWRlOWQtZGM3OC00ZTdkLTk2ZmYtMTZjMzI5NDA1N2JlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMMRMA0G
CSqGSIb3DQEBCwUAA4IBAQBhDcSYkSqoBWio7MpSwXNTUopnUEXuI3g/EWpTZkQ0
hC+5thVFsJLUsL5fvdgx5qnHM/+QCEdfwONN0CVfcX0swaGgbgSBkbHEPqizi+RP
/Ikp0Ieo5kWy4t6Qm3C6yHI5zAnKOQgUpjmxP3XSk03lNFquM1wHjvPVHYShfh8X
GbO/hBByQ8+3kQxsT0/eoOM1Tb0zudQfBW+TGAZaIVfH2T2SripTrSVPaMDy4K6d
ry3/ELtGBn754UhzItDpQFcxSw3kNt6Q3WstLdJUtUUNIOP/d9Rs6nY/88MK7wu+
arFItzKbDmvWPzLmObXZuE8R1xWWVU3hAge9sPHG1uBS
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:29 2024 by rpki-client on console-ams.rpki-client.org