Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e1d9282c-1734-4426-ab04-111f2637372c.roa
File:                     e1d9282c-1734-4426-ab04-111f2637372c.roa (raw, json)
Hash identifier:          hlQYc0PJaCMGBHVZmgydrJG5T5vAbOrT2zbEmlblGBE=
Subject key identifier:   E0:3E:44:E1:38:7A:7B:2B:C6:69:3A:1A:61:41:EE:A1:78:C7:A3:6D
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5470BB101A935DCDB1028C79C3986ADB677F1973
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e1d9282c-1734-4426-ab04-111f2637372c.roa
Signing time:             Wed 13 Mar 2024 00:00:00 +0000
ROA not before:           Wed 13 Mar 2024 00:00:00 +0000
ROA not after:            Wed 17 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        212.173.128.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:70:bb:10:1a:93:5d:cd:b1:02:8c:79:c3:98:6a:db:67:7f:19:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 13 00:00:00 2024 GMT
            Not After : Apr 17 23:59:59 2024 GMT
        Subject: serialNumber=5937339323cc343896519f29a6bb87ce3fee7016da2709cd6e05041436aef448, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:86:74:43:0f:7a:33:40:6a:b3:2b:02:29:f9:
                    3a:54:e4:0d:cf:a4:6e:f8:3c:48:37:d3:d4:0c:fc:
                    e6:9c:6d:52:2d:8f:a6:f6:7e:bf:2a:86:0c:58:2b:
                    18:14:ba:10:fb:f7:91:f5:c7:eb:d4:3d:2b:24:da:
                    87:dd:07:f9:08:c8:fb:3a:12:5f:f5:84:96:e5:e8:
                    97:42:ca:37:45:d2:d0:66:31:4c:85:b1:c3:fa:2b:
                    3e:95:99:fe:af:b1:14:6a:aa:08:1b:5f:6e:75:2d:
                    26:67:a1:10:07:e3:c0:5b:73:85:25:54:b1:81:b1:
                    5c:50:cd:cc:ef:33:22:bc:df:34:77:fe:1b:67:66:
                    67:f5:97:c5:35:46:36:f2:eb:69:0c:e5:cd:be:88:
                    cc:85:ad:34:e9:af:11:6d:55:3d:7b:a4:2b:df:e9:
                    35:59:b5:fd:09:a2:97:78:91:f9:c2:f9:03:99:98:
                    c8:8e:89:f8:45:15:b4:ba:b6:8b:47:5b:df:e8:50:
                    46:2f:ad:15:02:72:90:79:1e:33:3c:cc:4b:9d:9a:
                    60:b6:5e:f8:fa:49:62:1e:5c:89:a9:68:e7:8a:dd:
                    02:20:de:45:5e:32:c5:8d:d5:80:1f:0f:ec:a3:29:
                    5d:45:4d:10:6b:ab:8e:d6:ec:8c:26:c4:85:fa:b0:
                    7a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:3E:44:E1:38:7A:7B:2B:C6:69:3A:1A:61:41:EE:A1:78:C7:A3:6D
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e1d9282c-1734-4426-ab04-111f2637372c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.173.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         4c:d1:26:ee:e1:85:30:ef:b1:5f:08:45:19:64:a9:ca:3e:d9:
         9d:0e:6d:99:03:6b:c6:9e:f6:e7:4c:7a:62:82:0d:02:81:c5:
         37:eb:ee:62:62:2d:f7:e4:d0:77:a8:dd:20:9e:e3:35:23:7d:
         8a:ce:e1:a1:a7:68:a3:43:a9:45:c3:5b:c3:3f:6a:3e:b1:36:
         df:01:5f:e9:b9:ab:29:cb:0e:c7:02:f5:f8:03:18:25:3d:a7:
         79:54:a2:43:1f:2f:08:65:6e:92:2b:cd:6c:b4:a8:5a:44:b9:
         83:ed:2e:03:84:88:2a:d0:e3:b1:39:b5:bf:48:e7:a1:a8:6c:
         25:9e:15:f6:34:e9:97:68:cf:56:67:bf:ce:34:5c:1a:87:4e:
         7e:5d:7e:83:7c:fa:84:ef:58:9c:4d:38:f9:c0:da:e3:ed:2f:
         61:f2:55:d4:51:5e:61:a9:9e:9e:b4:4e:dd:bc:3c:0d:fb:34:
         ba:50:1e:93:d4:b6:bd:e9:47:9f:2a:a0:7c:2a:8d:3c:24:96:
         b0:ad:d8:fb:82:3f:ce:a8:ae:53:32:96:0f:d3:0f:9b:22:6f:
         43:53:79:58:99:65:a5:44:97:8a:e9:3e:86:75:b8:b2:cc:92:
         ff:f4:e7:15:07:c2:17:7e:3c:3a:da:33:23:df:ff:e2:af:d9:
         7f:6c:14:4c
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUVHC7EBqTXc2xAox5w5hq22d/GXMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMTMwMDAwMDBaFw0yNDA0MTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDU5MzczMzkzMjNjYzM0Mzg5NjUxOWYyOWE2YmI4N2NlM2ZlZTcwMTZkYTI3
MDljZDZlMDUwNDE0MzZhZWY0NDgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKeGdEMPejNAarMrAin5OlTkDc+kbvg8SDfT1Az85pxtUi2PpvZ+vyqGDFgr
GBS6EPv3kfXH69Q9KyTah90H+QjI+zoSX/WEluXol0LKN0XS0GYxTIWxw/orPpWZ
/q+xFGqqCBtfbnUtJmehEAfjwFtzhSVUsYGxXFDNzO8zIrzfNHf+G2dmZ/WXxTVG
NvLraQzlzb6IzIWtNOmvEW1VPXukK9/pNVm1/Qmil3iR+cL5A5mYyI6J+EUVtLq2
i0db3+hQRi+tFQJykHkeMzzMS52aYLZe+PpJYh5cialo54rdAiDeRV4yxY3VgB8P
7KMpXUVNEGurjtbsjCbEhfqwetkCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTgPkTh
OHp7K8ZpOhphQe6heMejbTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZTFkOTI4MmMtMTczNC00NDI2LWFiMDQtMTExZjI2MzczNzJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB9StgDAN
BgkqhkiG9w0BAQsFAAOCAQEATNEm7uGFMO+xXwhFGWSpyj7ZnQ5tmQNrxp7250x6
YoINAoHFN+vuYmIt9+TQd6jdIJ7jNSN9is7hoadoo0OpRcNbwz9qPrE23wFf6bmr
KcsOxwL1+AMYJT2neVSiQx8vCGVukivNbLSoWkS5g+0uA4SIKtDjsTm1v0jnoahs
JZ4V9jTpl2jPVme/zjRcGodOfl1+g3z6hO9YnE04+cDa4+0vYfJV1FFeYamenrRO
3bw8Dfs0ulAek9S2velHnyqgfCqNPCSWsK3Y+4I/zqiuUzKWD9MPmyJvQ1N5WJll
pUSXiuk+hnW4ssyS//TnFQfCF348OtozI9//4q/Zf2wUTA==
-----END CERTIFICATE-----
Generated at Thu Mar 28 01:01:24 2024 by rpki-client on console-fra.rpki-client.org