Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d51a4935-8601-4ebd-a099-1d61b0a661b3.roa
File:                     d51a4935-8601-4ebd-a099-1d61b0a661b3.roa (raw, json)
Hash identifier:          eqnjHHvUJ8zeIZw3+kVWxqmIBtSrF10SYRdMO3hvRXc=
Subject key identifier:   22:3A:3B:02:2B:72:73:44:DC:9A:A7:4D:B5:26:09:AA:C4:56:03:3E
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       7738284DC23E3625F974A0BB2EE4D46B0F128A24
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d51a4935-8601-4ebd-a099-1d61b0a661b3.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.228.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:38:28:4d:c2:3e:36:25:f9:74:a0:bb:2e:e4:d4:6b:0f:12:8a:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=8d14ff1f1fecef05058d30a5b22f8eea90171e28da85ef5f5c7e2eeec18af1d5, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:53:3d:a6:4e:dc:d7:07:41:17:a5:25:f1:e5:
                    dd:51:e0:ec:fe:38:7a:3a:1a:fd:6f:b5:97:b3:92:
                    a5:9c:c0:4b:7f:b9:9b:bf:b4:4b:4e:fa:49:39:4f:
                    6f:51:1d:ff:85:6d:01:34:ef:6c:73:a4:6b:52:a9:
                    8a:6e:42:bf:56:a1:98:3a:66:91:8d:30:7b:15:ea:
                    ad:0d:59:7f:9f:81:29:03:90:e4:4a:a8:9a:75:f1:
                    ee:c2:38:be:0d:8a:3d:86:53:43:53:31:18:20:39:
                    b1:03:25:76:f5:09:4a:67:b8:c2:22:ab:1f:64:d0:
                    5f:ae:4d:ed:90:e4:e6:f4:bb:58:d2:90:85:e6:ca:
                    27:df:09:72:93:ad:54:76:fd:2a:2f:78:c9:5c:e2:
                    61:45:dd:53:71:21:e5:f2:ba:ed:c5:48:1e:70:f8:
                    8c:fe:fb:71:60:83:b0:f5:74:35:0a:3b:dd:2f:b0:
                    dd:32:6b:12:93:e4:96:0f:f5:b7:df:8b:57:00:4e:
                    c4:09:a6:54:12:d9:30:77:1f:69:8c:e6:94:79:45:
                    3d:5e:73:51:55:4b:72:32:1c:58:bb:fd:c1:7f:c1:
                    5b:b2:63:0d:34:34:d8:67:de:f6:0d:65:48:b4:f1:
                    9a:ca:c4:01:81:7f:94:ae:44:cd:15:33:97:03:c6:
                    9d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:3A:3B:02:2B:72:73:44:DC:9A:A7:4D:B5:26:09:AA:C4:56:03:3E
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d51a4935-8601-4ebd-a099-1d61b0a661b3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.228.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         32:42:4e:09:5d:74:d0:11:d5:6b:83:78:90:87:df:60:c8:cc:
         f2:d4:2d:e3:e7:47:a2:59:d9:3d:e5:3e:8a:c4:dd:61:9e:25:
         e3:83:7e:2f:c5:08:a0:1e:cf:5e:2c:e4:4d:ba:db:e2:99:bb:
         c3:bf:13:c3:e4:fb:0d:d1:54:ab:00:52:70:ac:cd:b5:81:ce:
         2c:8b:5a:5a:ef:06:05:68:cf:a2:9a:2e:df:0d:44:dc:8d:a7:
         b4:62:4e:09:51:e4:ba:10:71:b8:63:e6:b2:a3:6f:54:f4:53:
         64:73:aa:d3:09:cc:97:09:e1:12:4d:09:7f:cd:15:7a:47:03:
         e1:7d:a5:4b:a7:78:5d:46:9e:d0:75:f5:ba:48:88:c7:46:26:
         e4:12:07:2e:21:7f:13:7c:61:a9:91:ca:11:fc:26:41:9c:4b:
         20:c4:3c:12:db:95:65:b9:07:b9:98:26:f3:be:12:d3:51:72:
         b8:b9:cd:b5:22:19:24:2e:29:31:07:34:89:43:18:75:9e:66:
         78:2b:c6:2b:27:cf:39:f0:65:64:22:55:fe:3c:ab:e4:b6:96:
         bf:8c:22:16:93:7b:56:7e:28:1b:e9:d6:42:93:a7:5c:75:04:
         81:d1:a4:3e:dc:e1:f8:e0:59:db:ab:23:c7:76:d7:89:38:98:
         40:84:2c:46
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUdzgoTcI+NiX5dKC7LuTUaw8SiiQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDhkMTRmZjFmMWZlY2VmMDUwNThkMzBhNWIyMmY4ZWVhOTAxNzFlMjhkYTg1
ZWY1ZjVjN2UyZWVlYzE4YWYxZDUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM9TPaZO3NcHQRelJfHl3VHg7P44ejoa/W+1l7OSpZzAS3+5m7+0S076STlP
b1Ed/4VtATTvbHOka1Kpim5Cv1ahmDpmkY0wexXqrQ1Zf5+BKQOQ5EqomnXx7sI4
vg2KPYZTQ1MxGCA5sQMldvUJSme4wiKrH2TQX65N7ZDk5vS7WNKQhebKJ98JcpOt
VHb9Ki94yVziYUXdU3Eh5fK67cVIHnD4jP77cWCDsPV0NQo73S+w3TJrEpPklg/1
t9+LVwBOxAmmVBLZMHcfaYzmlHlFPV5zUVVLcjIcWLv9wX/BW7JjDTQ02Gfe9g1l
SLTxmsrEAYF/lK5EzRUzlwPGnd0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQiOjsC
K3JzRNyap021JgmqxFYDPjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDUxYTQ5MzUtODYwMS00ZWJkLWEwOTktMWQ2MWIwYTY2MWIzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPkMA0G
CSqGSIb3DQEBCwUAA4IBAQAyQk4JXXTQEdVrg3iQh99gyMzy1C3j50eiWdk95T6K
xN1hniXjg34vxQigHs9eLORNutvimbvDvxPD5PsN0VSrAFJwrM21gc4si1pa7wYF
aM+imi7fDUTcjae0Yk4JUeS6EHG4Y+ayo29U9FNkc6rTCcyXCeESTQl/zRV6RwPh
faVLp3hdRp7QdfW6SIjHRibkEgcuIX8TfGGpkcoR/CZBnEsgxDwS25VluQe5mCbz
vhLTUXK4uc21IhkkLikxBzSJQxh1nmZ4K8YrJ8858GVkIlX+PKvktpa/jCIWk3tW
figb6dZCk6dcdQSB0aQ+3OH44FnbqyPHdteJOJhAhCxG
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:41 2024 by rpki-client on console-ams.rpki-client.org