Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa
File:                     dc5d2309-ce0f-4816-b8d0-260ce079f694.roa (raw, json)
Hash identifier:          boRyOd1+tx5m9e9qxruVruyjzD3vttHbyjOSmujUPko=
Subject key identifier:   00:7E:A6:DB:DF:1E:5F:CB:E5:1C:66:BA:34:2A:23:7C:8A:38:7C:D2
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       1EE9F272C463A86634A92676C5A509227A5DB3DB
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        212.255.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:e9:f2:72:c4:63:a8:66:34:a9:26:76:c5:a5:09:22:7a:5d:b3:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=ff2380873ae3951308aa0b3bd55e679e8562208c1187722734b59c642f1159d2, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c8:7d:9d:fe:f4:3c:8d:73:bd:de:64:a6:a4:
                    28:98:54:d5:16:d7:37:a9:9b:ca:89:aa:45:b8:80:
                    6f:a3:69:70:8e:95:15:0e:75:29:be:8f:1c:40:5b:
                    04:17:eb:37:9f:a6:58:82:dd:d9:46:c1:5e:88:6a:
                    e1:63:95:08:fb:1f:74:5a:66:e2:ff:a4:cf:17:41:
                    28:d5:4c:3f:d5:5f:67:b3:dd:2c:ab:51:c3:3e:64:
                    5b:7a:69:3f:61:e7:af:d5:8e:7e:b6:81:59:1e:2a:
                    6a:16:db:61:0b:bf:6c:b2:6f:f5:c8:79:f0:44:da:
                    35:26:e6:b0:15:39:bf:e0:49:0d:bf:51:a0:57:9b:
                    6d:84:9d:93:d4:4e:3c:10:9b:b5:f6:ad:ae:25:24:
                    a4:6f:79:9e:24:d0:0a:03:c2:ae:bf:37:2d:d7:67:
                    88:8e:76:7f:ce:98:70:3e:96:b6:d0:de:16:89:b9:
                    20:07:fd:37:d5:b2:78:82:b7:0a:83:bb:46:a8:1e:
                    31:f3:94:45:32:bd:04:92:ac:c3:f4:b4:0f:c3:6c:
                    6d:7e:cb:9d:f4:68:14:8a:c7:d7:1c:f3:0a:2e:80:
                    a8:f6:15:80:60:2f:57:fc:f9:f2:ed:97:fd:23:fc:
                    8f:95:d6:08:26:cd:84:69:2b:53:35:8d:a9:f8:5d:
                    21:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:7E:A6:DB:DF:1E:5F:CB:E5:1C:66:BA:34:2A:23:7C:8A:38:7C:D2
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.255.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3a:b2:47:bb:cd:20:90:2a:60:78:be:32:36:b1:c9:dc:ad:e5:
         4c:46:9f:5a:f5:ec:4d:04:4d:df:a9:f6:36:a1:15:93:53:45:
         1f:b4:4b:9e:f8:d7:08:16:42:cd:db:48:e5:12:7c:6a:76:29:
         cb:80:41:bd:1e:2e:d8:c2:8d:70:25:f1:53:16:ed:d5:4d:08:
         c3:ef:d4:88:a9:b2:af:d7:82:fc:33:59:b6:3f:5a:d3:fb:f8:
         08:f2:b4:f1:c3:aa:f7:20:ec:31:02:d0:dd:ad:6d:7a:7c:d2:
         7a:27:d0:07:39:92:2b:4e:4b:68:a9:66:b6:e6:ad:11:61:e8:
         27:36:b0:c1:27:11:d9:e0:56:74:0a:3a:a0:f7:99:24:b5:f9:
         ee:58:8f:28:39:2f:4a:a4:bf:ff:03:5d:b0:73:36:3e:5a:20:
         08:de:71:62:fc:3c:e4:d8:6e:83:07:fe:f3:e9:d4:46:b1:c1:
         35:e5:22:f9:5a:b1:54:49:21:e6:ad:82:4f:5a:f7:41:83:c5:
         f4:e4:80:31:b2:c9:e1:c2:0e:05:bd:d9:5d:82:1d:f9:f3:ef:
         78:02:2c:f7:19:43:01:4b:16:0c:60:d0:4e:01:de:da:46:89:
         17:0a:2e:2d:87:0b:df:74:40:d1:da:2e:41:81:52:37:46:c7:
         8b:45:c5:79
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUHunycsRjqGY0qSZ2xaUJInpds9swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGZmMjM4MDg3M2FlMzk1MTMwOGFhMGIzYmQ1NWU2NzllODU2MjIwOGMxMTg3
NzIyNzM0YjU5YzY0MmYxMTU5ZDIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALjIfZ3+9DyNc73eZKakKJhU1RbXN6mbyomqRbiAb6NpcI6VFQ51Kb6PHEBb
BBfrN5+mWILd2UbBXohq4WOVCPsfdFpm4v+kzxdBKNVMP9VfZ7PdLKtRwz5kW3pp
P2Hnr9WOfraBWR4qahbbYQu/bLJv9ch58ETaNSbmsBU5v+BJDb9RoFebbYSdk9RO
PBCbtfatriUkpG95niTQCgPCrr83LddniI52f86YcD6WttDeFom5IAf9N9WyeIK3
CoO7RqgeMfOURTK9BJKsw/S0D8NsbX7LnfRoFIrH1xzzCi6AqPYVgGAvV/z58u2X
/SP8j5XWCCbNhGkrUzWNqfhdIeUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQAfqbb
3x5fy+UcZro0KiN8ijh80jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGM1ZDIzMDktY2UwZi00ODE2LWI4ZDAtMjYwY2UwNzlmNjk0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDANT/MA0G
CSqGSIb3DQEBCwUAA4IBAQA6ske7zSCQKmB4vjI2scncreVMRp9a9exNBE3fqfY2
oRWTU0UftEue+NcIFkLN20jlEnxqdinLgEG9Hi7Ywo1wJfFTFu3VTQjD79SIqbKv
14L8M1m2P1rT+/gI8rTxw6r3IOwxAtDdrW16fNJ6J9AHOZIrTktoqWa25q0RYegn
NrDBJxHZ4FZ0Cjqg95kktfnuWI8oOS9KpL//A12wczY+WiAI3nFi/Dzk2G6DB/7z
6dRGscE15SL5WrFUSSHmrYJPWvdBg8X05IAxssnhwg4Fvdldgh358+94Aiz3GUMB
SxYMYNBOAd7aRokXCi4thwvfdEDR2i5BgVI3RseLRcV5
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:42 2024 by rpki-client on console-ams.rpki-client.org