Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d4b4aa1a-385e-428a-9444-c44b9dd07114.roa
File:                     d4b4aa1a-385e-428a-9444-c44b9dd07114.roa (raw, json)
Hash identifier:          sxvnosKJFTOcqBrCFk84L03Ma9jVUgvQs0q40fT6aO8=
Subject key identifier:   17:96:A7:CE:DE:ED:4C:8F:AA:18:DE:3B:6F:0F:CB:D4:D9:C8:5C:A8
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5E973DA947E6D7E7352965E38642DFE0F5AF68FE
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d4b4aa1a-385e-428a-9444-c44b9dd07114.roa
Signing time:             Wed 27 Mar 2024 00:00:00 +0000
ROA not before:           Wed 27 Mar 2024 00:00:00 +0000
ROA not after:            Wed 01 May 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.44.0.0/14 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:97:3d:a9:47:e6:d7:e7:35:29:65:e3:86:42:df:e0:f5:af:68:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 27 00:00:00 2024 GMT
            Not After : May  1 23:59:59 2024 GMT
        Subject: serialNumber=2a01e8bf7744d63d3b7e1a298b3812023f14997b0cc465d388626b55ff7cb963, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:d2:fc:e5:97:d9:69:9a:57:51:9d:44:d9:6c:
                    8a:0a:0a:dd:f3:ee:2f:51:96:e3:01:bc:0c:2f:40:
                    b9:ee:44:73:65:e5:f2:b6:4f:a0:46:4f:29:7e:23:
                    ad:fc:2b:1d:62:73:df:c6:4e:77:d6:9b:e4:91:f4:
                    03:15:dd:aa:58:aa:56:36:ee:b0:72:8c:44:88:13:
                    84:91:2b:dc:1c:cd:cc:d7:ba:d0:a3:5a:8d:e5:fb:
                    6c:3c:47:17:d3:27:12:08:b5:f5:d5:66:38:92:9b:
                    78:9b:1d:93:db:87:d5:76:bf:9c:80:59:b3:c0:c8:
                    92:c9:8e:43:2c:c6:d2:8a:ac:7d:e3:f4:31:bb:f9:
                    d4:e6:a6:7d:d1:ef:15:e2:ea:f7:0f:65:27:4b:ac:
                    c4:a5:30:7a:2b:bf:61:10:79:2d:05:ce:6a:4f:5b:
                    dd:e9:34:d8:7e:65:11:48:93:29:49:ad:8c:bb:fd:
                    06:50:17:ce:e4:85:12:5e:2f:2f:77:4f:2d:8b:ca:
                    bc:a0:60:37:7a:9a:4d:26:2d:06:96:90:d5:27:83:
                    25:95:e1:25:f2:eb:0b:6a:94:60:b9:71:5c:96:d1:
                    42:93:97:e3:eb:6c:6c:fc:ca:9a:6c:e4:c6:90:37:
                    9b:9d:f6:be:48:e1:61:7b:80:7c:2b:6f:a5:80:5b:
                    de:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:96:A7:CE:DE:ED:4C:8F:AA:18:DE:3B:6F:0F:CB:D4:D9:C8:5C:A8
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d4b4aa1a-385e-428a-9444-c44b9dd07114.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.44.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         be:6e:ec:e4:f3:02:7e:25:ea:1c:94:2c:9b:60:e9:84:e3:42:
         cf:06:59:e6:f0:08:b3:12:13:58:f5:bc:c4:68:8c:57:fa:1a:
         6b:94:ed:e0:38:84:02:a8:73:2c:24:20:50:d1:b5:9a:79:27:
         33:56:ff:60:04:72:48:ac:7e:45:a7:bd:22:b3:c7:36:87:d9:
         92:64:93:f2:93:96:e7:0f:a4:ca:0b:d5:94:a2:3a:92:69:8a:
         19:37:ba:be:05:65:93:81:ba:c7:fc:dc:ad:67:1b:5c:6f:1b:
         3f:5e:ef:c2:56:e3:bd:70:36:b8:22:e3:d3:49:a5:cd:e3:5d:
         e5:52:3c:17:2b:98:30:9d:9e:87:33:2b:0d:02:e3:1d:c9:c5:
         85:c5:2c:e7:a4:bb:85:d5:9c:99:7d:38:a6:0e:dc:56:75:04:
         03:70:25:4c:d1:e7:0a:f8:79:01:f3:6c:20:78:dd:6e:59:4f:
         a4:ce:57:82:56:14:2b:e8:3a:13:a7:cb:3d:56:01:91:5a:b8:
         56:a5:cc:1e:99:92:f9:1e:64:88:f2:88:ee:74:6b:c4:3b:bb:
         fa:87:fd:3e:2e:52:db:ef:09:94:2a:02:0d:c1:61:4b:b3:7b:
         7f:23:72:af:b3:67:b8:32:51:3b:0c:9e:c9:20:d6:ef:70:d1:
         95:7f:b2:70
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXpc9qUfm1+c1KWXjhkLf4PWvaP4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMjcwMDAwMDBaFw0yNDA1MDEyMzU5NTlaMHoxSTBHBgNV
BAUTQDJhMDFlOGJmNzc0NGQ2M2QzYjdlMWEyOThiMzgxMjAyM2YxNDk5N2IwY2M0
NjVkMzg4NjI2YjU1ZmY3Y2I5NjMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANjS/OWX2WmaV1GdRNlsigoK3fPuL1GW4wG8DC9Aue5Ec2Xl8rZPoEZPKX4j
rfwrHWJz38ZOd9ab5JH0AxXdqliqVjbusHKMRIgThJEr3BzNzNe60KNajeX7bDxH
F9MnEgi19dVmOJKbeJsdk9uH1Xa/nIBZs8DIksmOQyzG0oqsfeP0Mbv51OamfdHv
FeLq9w9lJ0usxKUweiu/YRB5LQXOak9b3ek02H5lEUiTKUmtjLv9BlAXzuSFEl4v
L3dPLYvKvKBgN3qaTSYtBpaQ1SeDJZXhJfLrC2qUYLlxXJbRQpOX4+tsbPzKmmzk
xpA3m532vkjhYXuAfCtvpYBb3lsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQXlqfO
3u1Mj6oY3jtvD8vU2chcqDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDRiNGFhMWEtMzg1ZS00MjhhLTk0NDQtYzQ0YjlkZDA3MTE0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAjMsMA0G
CSqGSIb3DQEBCwUAA4IBAQC+buzk8wJ+JeoclCybYOmE40LPBlnm8AizEhNY9bzE
aIxX+hprlO3gOIQCqHMsJCBQ0bWaeSczVv9gBHJIrH5Fp70is8c2h9mSZJPyk5bn
D6TKC9WUojqSaYoZN7q+BWWTgbrH/NytZxtcbxs/Xu/CVuO9cDa4IuPTSaXN413l
UjwXK5gwnZ6HMysNAuMdycWFxSznpLuF1ZyZfTimDtxWdQQDcCVM0ecK+HkB82wg
eN1uWU+kzleCVhQr6DoTp8s9VgGRWrhWpcwemZL5HmSI8ojudGvEO7v6h/0+LlLb
7wmUKgINwWFLs3t/I3Kvs2e4MlE7DJ7JINbvcNGVf7Jw
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:21 2024 by rpki-client on console-fra.rpki-client.org