Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d411eca7-95af-41dd-a2fc-fdaa162ad2e7.roa
File:                     d411eca7-95af-41dd-a2fc-fdaa162ad2e7.roa (raw, json)
Hash identifier:          xfax68dohELUSn88fRHlmTNy4r3yW1Zr9xGgyYzTpPc=
Subject key identifier:   0A:9E:EA:FD:02:46:F0:3E:59:61:C1:41:51:1B:3B:BB:62:CC:5A:D4
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       0D70AF1E667595D4D582CF26C99B27C6A77A34D5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d411eca7-95af-41dd-a2fc-fdaa162ad2e7.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        83.118.240.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:70:af:1e:66:75:95:d4:d5:82:cf:26:c9:9b:27:c6:a7:7a:34:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=d187550ce0de5ac034f579a741b1c56afa000f027b96125a36034aa64c59b239, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:24:3b:ec:96:e0:04:5b:ae:41:87:aa:64:0d:
                    5e:d3:75:1d:ce:8f:bd:36:37:1b:0c:37:28:19:70:
                    ab:48:5b:83:bf:38:03:3c:3a:25:2f:c9:f4:09:1c:
                    7a:32:92:84:a2:26:c4:62:a5:04:8a:7e:ba:b6:c0:
                    e7:6d:1f:23:c4:4d:81:cf:a0:64:06:0d:2a:54:71:
                    9b:88:40:18:6f:1d:68:e2:3c:b7:bd:9f:12:50:48:
                    d2:99:39:16:32:ba:40:5e:59:86:de:5a:c1:88:b2:
                    9f:f2:55:33:60:23:5e:b7:5c:b5:93:40:67:d4:6a:
                    d6:3a:72:de:e2:f9:17:24:bf:cd:b2:1e:13:5a:fe:
                    69:27:2e:9d:c4:51:a5:15:a0:49:b1:9b:15:98:ec:
                    34:ed:00:f8:77:45:f3:da:85:23:05:af:72:e1:e1:
                    e4:83:a5:14:0c:17:09:6b:73:12:2b:26:4d:a8:ed:
                    89:23:09:9b:f4:87:58:8b:1d:1d:de:55:56:8a:98:
                    b8:ae:27:36:1a:a0:eb:a0:bc:aa:08:88:7d:e4:ac:
                    6c:bb:d6:38:92:69:e7:79:32:fe:a3:4f:d7:8a:ce:
                    b5:b1:6b:50:38:25:6a:50:74:19:d4:8f:5e:bd:ee:
                    0a:e3:98:59:0f:57:73:fe:ec:95:fb:a5:89:4c:6d:
                    2b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:9E:EA:FD:02:46:F0:3E:59:61:C1:41:51:1B:3B:BB:62:CC:5A:D4
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d411eca7-95af-41dd-a2fc-fdaa162ad2e7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.118.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         37:c5:8f:9f:66:4f:43:8a:21:da:67:ac:74:82:78:f9:c4:d3:
         55:66:1d:6b:f6:76:f2:a8:ee:32:11:8c:12:a7:eb:f6:16:ff:
         52:b7:46:52:7a:a9:34:4f:f7:1d:fa:4a:de:f2:2f:7e:b4:36:
         59:02:59:1e:0b:83:f5:8e:02:1c:7d:1a:57:3a:3f:b6:97:30:
         5b:6e:ba:a2:43:e4:fb:fd:9b:f1:0c:9c:aa:d7:00:9e:c6:02:
         5e:d5:fc:5a:66:d7:6a:b4:a2:f6:ca:41:93:73:03:40:bb:cd:
         92:e9:ef:ab:bb:39:e6:82:71:8b:2e:92:62:63:30:a7:f1:90:
         ef:d0:b1:f8:67:d7:94:4e:f1:c9:52:ba:6c:a4:69:73:4c:61:
         17:36:4e:55:db:21:95:dd:f2:d9:98:6c:17:4f:5d:62:1a:73:
         16:c7:8e:23:95:a0:30:1a:39:31:37:4a:ca:a1:e8:62:e4:f5:
         7d:8f:8e:06:7b:69:7c:ed:b8:e4:5a:83:ab:54:1a:5a:74:13:
         1b:d5:3e:1a:cb:74:64:6c:c3:f0:2c:9a:46:de:9a:51:23:34:
         b1:a4:78:59:ab:b4:61:70:e6:d5:ff:b4:72:48:6f:13:40:9a:
         29:8f:96:79:98:f6:70:ad:e2:70:7b:49:4e:61:58:13:e9:1c:
         ba:b0:89:7a
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUDXCvHmZ1ldTVgs8myZsnxqd6NNUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGQxODc1NTBjZTBkZTVhYzAzNGY1NzlhNzQxYjFjNTZhZmEwMDBmMDI3Yjk2
MTI1YTM2MDM0YWE2NGM1OWIyMzkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMAkO+yW4ARbrkGHqmQNXtN1Hc6PvTY3Gww3KBlwq0hbg784Azw6JS/J9Akc
ejKShKImxGKlBIp+urbA520fI8RNgc+gZAYNKlRxm4hAGG8daOI8t72fElBI0pk5
FjK6QF5Zht5awYiyn/JVM2AjXrdctZNAZ9Rq1jpy3uL5FyS/zbIeE1r+aScuncRR
pRWgSbGbFZjsNO0A+HdF89qFIwWvcuHh5IOlFAwXCWtzEismTajtiSMJm/SHWIsd
Hd5VVoqYuK4nNhqg66C8qgiIfeSsbLvWOJJp53ky/qNP14rOtbFrUDglalB0GdSP
Xr3uCuOYWQ9Xc/7slfuliUxtK9UCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQKnur9
AkbwPllhwUFRGzu7Ysxa1DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDQxMWVjYTctOTVhZi00MWRkLWEyZmMtZmRhYTE2MmFkMmU3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBFN28DAN
BgkqhkiG9w0BAQsFAAOCAQEAN8WPn2ZPQ4oh2mesdIJ4+cTTVWYda/Z28qjuMhGM
Eqfr9hb/UrdGUnqpNE/3HfpK3vIvfrQ2WQJZHguD9Y4CHH0aVzo/tpcwW266okPk
+/2b8QycqtcAnsYCXtX8WmbXarSi9spBk3MDQLvNkunvq7s55oJxiy6SYmMwp/GQ
79Cx+GfXlE7xyVK6bKRpc0xhFzZOVdshld3y2ZhsF09dYhpzFseOI5WgMBo5MTdK
yqHoYuT1fY+OBntpfO245FqDq1QaWnQTG9U+Gst0ZGzD8CyaRt6aUSM0saR4Wau0
YXDm1f+0ckhvE0CaKY+WeZj2cK3icHtJTmFYE+kcurCJeg==
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:24 2024 by rpki-client on console-fra.rpki-client.org