Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e2093baf-9227-4159-b7ff-180369fe3bda.roa
File:                     e2093baf-9227-4159-b7ff-180369fe3bda.roa (raw, json)
Hash identifier:          C+Rc5KbJ0e+F9cxfaknWh6PLp8TUd+ng73U+R9ejq8g=
Subject key identifier:   CB:4E:F0:3F:24:A7:86:96:E2:1A:DB:38:76:82:14:AB:7F:A6:0D:59
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5D39107E21AE7D558D73B5952D7A9A1BC04189B2
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e2093baf-9227-4159-b7ff-180369fe3bda.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.88.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:39:10:7e:21:ae:7d:55:8d:73:b5:95:2d:7a:9a:1b:c0:41:89:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=3d44a1605b66fe2f7a07da01b273786de77bf3abdeaf7af587b9982ba24dcf6c, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:ff:33:78:b2:41:e2:7f:2f:09:ea:03:8d:69:
                    58:bd:ee:9f:d4:57:b1:d2:1c:2a:b9:f2:52:50:3b:
                    a7:ac:5e:5b:67:20:74:fc:b6:8c:d7:21:9d:b9:36:
                    2c:fa:da:80:90:96:12:98:b7:6f:18:29:5c:a8:e8:
                    dd:d1:09:41:23:28:d6:96:8d:49:86:20:46:a0:8f:
                    43:8a:cd:bb:6e:04:b9:20:12:4b:73:4a:b6:21:30:
                    85:89:c7:d3:ac:7e:de:2c:87:a9:5b:1c:e9:96:43:
                    ed:95:e7:8d:5b:2d:15:9b:21:c1:48:d9:ed:1f:c1:
                    2c:ba:7a:53:a9:90:9b:54:77:13:ad:0c:f5:58:bb:
                    f8:10:35:ba:bb:57:0f:71:9c:98:d8:3f:a8:3f:da:
                    d6:23:74:17:d8:cd:6a:55:1e:a9:fd:fd:9e:65:03:
                    9e:b3:19:84:c3:f4:b5:93:9a:ea:28:8d:7c:9b:c6:
                    b1:24:7a:6b:cd:99:fe:80:4a:18:3d:0b:39:2c:7e:
                    82:3c:8f:60:39:e7:8a:dd:95:30:fe:0d:e6:a7:54:
                    d9:17:5b:b1:92:42:1e:f4:88:b9:6b:08:12:b5:c1:
                    6e:bf:6f:ec:5e:c0:fe:80:9c:18:66:05:cd:c4:68:
                    09:43:80:40:25:b2:6b:54:6b:0d:ff:41:56:ab:ee:
                    a5:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:4E:F0:3F:24:A7:86:96:E2:1A:DB:38:76:82:14:AB:7F:A6:0D:59
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e2093baf-9227-4159-b7ff-180369fe3bda.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.88.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         56:2e:8d:7b:6b:13:bc:09:ee:41:86:22:9b:77:77:1a:c7:cd:
         07:31:33:41:14:7c:19:d4:52:bb:c7:b5:7d:53:e9:6c:20:70:
         fb:82:b5:a1:d9:1b:a4:9b:19:67:ac:0b:1b:d6:70:5c:78:c5:
         87:8f:01:f3:35:f9:00:a0:0b:c9:c3:a7:5e:49:a9:ac:b8:ef:
         15:63:3e:a1:98:60:c6:ba:44:87:06:28:95:24:c3:9f:2d:9b:
         ab:ef:d6:52:54:ed:75:a1:ae:f7:bc:68:54:49:af:6c:24:b5:
         ff:e7:f1:e3:f7:81:ca:e3:d1:7c:0a:f5:44:5c:8f:f6:7c:9b:
         7b:25:66:d9:4a:fe:58:b5:12:c7:7a:50:96:07:fa:0c:ac:d8:
         fb:35:23:49:7c:22:5d:62:1a:39:5b:8c:ae:1d:5e:08:08:1c:
         ed:40:ee:e3:85:96:29:0c:99:df:a8:aa:d8:2c:3d:ee:68:e8:
         55:0b:cf:0d:86:7f:2b:3f:4a:6e:7e:c6:45:22:f2:d7:ad:7d:
         8c:ce:42:14:44:85:ff:25:8b:d8:6d:3b:42:a7:52:b8:ed:b1:
         54:fa:c0:e2:18:87:f0:23:c1:9b:92:c2:78:07:4f:8c:43:00:
         6d:00:1a:1c:74:6b:c7:c5:73:33:26:a4:40:ae:4f:25:82:37:
         2c:3b:9f:ab
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXTkQfiGufVWNc7WVLXqaG8BBibIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDNkNDRhMTYwNWI2NmZlMmY3YTA3ZGEwMWIyNzM3ODZkZTc3YmYzYWJkZWFm
N2FmNTg3Yjk5ODJiYTI0ZGNmNmMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOL/M3iyQeJ/LwnqA41pWL3un9RXsdIcKrnyUlA7p6xeW2cgdPy2jNchnbk2
LPragJCWEpi3bxgpXKjo3dEJQSMo1paNSYYgRqCPQ4rNu24EuSASS3NKtiEwhYnH
06x+3iyHqVsc6ZZD7ZXnjVstFZshwUjZ7R/BLLp6U6mQm1R3E60M9Vi7+BA1urtX
D3GcmNg/qD/a1iN0F9jNalUeqf39nmUDnrMZhMP0tZOa6iiNfJvGsSR6a82Z/oBK
GD0LOSx+gjyPYDnnit2VMP4N5qdU2RdbsZJCHvSIuWsIErXBbr9v7F7A/oCcGGYF
zcRoCUOAQCWya1RrDf9BVqvupbsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTLTvA/
JKeGluIa2zh2ghSrf6YNWTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZTIwOTNiYWYtOTIyNy00MTU5LWI3ZmYtMTgwMzY5ZmUzYmRhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNYMA0G
CSqGSIb3DQEBCwUAA4IBAQBWLo17axO8Ce5BhiKbd3cax80HMTNBFHwZ1FK7x7V9
U+lsIHD7grWh2RukmxlnrAsb1nBceMWHjwHzNfkAoAvJw6deSamsuO8VYz6hmGDG
ukSHBiiVJMOfLZur79ZSVO11oa73vGhUSa9sJLX/5/Hj94HK49F8CvVEXI/2fJt7
JWbZSv5YtRLHelCWB/oMrNj7NSNJfCJdYho5W4yuHV4ICBztQO7jhZYpDJnfqKrY
LD3uaOhVC88Nhn8rP0pufsZFIvLXrX2MzkIURIX/JYvYbTtCp1K47bFU+sDiGIfw
I8GbksJ4B0+MQwBtABocdGvHxXMzJqRArk8lgjcsO5+r
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:21 2024 by rpki-client on console-fra.rpki-client.org