Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e680ffe7-d77c-4433-81f9-ffbf76a45a6d.roa
File:                     e680ffe7-d77c-4433-81f9-ffbf76a45a6d.roa (raw, json)
Hash identifier:          5n2d1hPA2XfBYbI6ILVL15iYMWRKeZC7AASodwORspk=
Subject key identifier:   77:43:3D:CF:8D:74:43:B0:66:16:B9:4F:B1:EE:A6:07:1E:AD:03:86
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       230910E9D0EDF2296EFC3B554394208B133B1BD7
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e680ffe7-d77c-4433-81f9-ffbf76a45a6d.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        193.57.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:09:10:e9:d0:ed:f2:29:6e:fc:3b:55:43:94:20:8b:13:3b:1b:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=529b09265457be9574ccc6cffbb578bf478e27e580fb6041ad186b02b5e5c5c4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d6:42:97:de:61:82:a3:76:82:8c:c3:92:e7:
                    c6:e4:76:24:0d:3c:eb:54:c0:a6:c5:35:93:91:85:
                    1b:0f:aa:51:67:13:b1:96:fd:a9:f4:e4:94:c6:dd:
                    76:af:98:52:6f:79:86:f2:86:51:55:da:1d:af:c0:
                    e6:1e:20:a3:c5:43:33:37:38:f2:43:42:d8:d8:38:
                    8e:f0:96:0c:eb:93:a7:02:93:00:79:7f:d9:bb:de:
                    f3:72:a6:c9:00:96:1e:e5:be:a2:fe:20:02:ca:3f:
                    f2:5c:d0:f4:4b:b7:af:62:61:02:f8:ee:cc:8d:dc:
                    37:60:fd:07:f0:30:b8:fa:e7:03:12:40:a5:1a:81:
                    2b:9a:e0:53:3c:06:dc:63:b6:63:da:e7:b4:8c:5f:
                    ce:17:98:21:74:6f:83:95:e7:a8:26:4f:8d:6e:ea:
                    82:71:08:5e:bf:15:aa:4e:b8:76:3f:83:7a:a7:df:
                    9f:80:67:f8:8f:7e:69:01:45:a0:66:ca:33:ca:96:
                    73:83:a1:a7:37:bc:7b:2a:2e:1b:2a:63:86:eb:c1:
                    bc:4c:89:07:7a:ae:28:80:d0:be:7b:fe:1a:3e:41:
                    e1:2f:7e:f5:b9:f9:47:dd:7f:38:e8:1c:bf:97:60:
                    ac:7d:fd:21:3f:3f:a5:54:20:84:09:62:c3:b2:3d:
                    44:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:43:3D:CF:8D:74:43:B0:66:16:B9:4F:B1:EE:A6:07:1E:AD:03:86
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e680ffe7-d77c-4433-81f9-ffbf76a45a6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:40:40:94:46:47:ab:76:bd:56:6c:b4:ab:7d:93:55:16:06:
         44:0a:31:38:b6:17:c1:b1:85:50:17:05:44:6d:71:bf:1e:2b:
         62:36:26:9d:fd:c6:e9:ec:8a:48:70:fb:a1:48:22:b9:5a:43:
         42:4a:1b:78:a7:c3:28:6c:60:dc:0e:18:45:9b:bf:ec:3b:5d:
         2a:30:77:a5:89:88:47:78:ce:33:b0:ef:e9:af:36:26:48:0c:
         8d:25:04:29:20:78:65:7e:32:1e:13:5c:ad:ea:4f:0d:8b:73:
         ff:d6:28:cd:5d:9c:bf:b5:e2:09:6e:02:c8:ca:40:44:1d:a7:
         ae:41:a4:17:f5:2e:46:55:71:dd:e6:5d:e3:2f:ab:75:e5:90:
         95:6b:82:ec:6c:5b:3a:ea:08:7a:39:0c:71:92:64:7b:1a:f1:
         6d:ca:8a:27:4e:1f:05:92:b6:9e:5a:e6:ad:ea:ba:88:f2:ab:
         41:46:a6:25:9b:1b:73:90:9e:48:97:b7:2d:d5:e1:e1:d1:20:
         b5:36:78:0a:b1:45:82:22:48:27:e0:ac:99:73:64:08:b9:03:
         97:04:68:76:0f:ff:7c:14:70:1b:3f:5c:00:1f:05:33:11:88:
         f1:fe:eb:58:75:e8:1f:09:a8:b0:1f:ba:c2:d3:da:f6:7f:3d:
         77:df:02:f3
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUIwkQ6dDt8ilu/DtVQ5QgixM7G9cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDUyOWIwOTI2NTQ1N2JlOTU3NGNjYzZjZmZiYjU3OGJmNDc4ZTI3ZTU4MGZi
NjA0MWFkMTg2YjAyYjVlNWM1YzQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIrWQpfeYYKjdoKMw5LnxuR2JA0861TApsU1k5GFGw+qUWcTsZb9qfTklMbd
dq+YUm95hvKGUVXaHa/A5h4go8VDMzc48kNC2Ng4jvCWDOuTpwKTAHl/2bve83Km
yQCWHuW+ov4gAso/8lzQ9Eu3r2JhAvjuzI3cN2D9B/AwuPrnAxJApRqBK5rgUzwG
3GO2Y9rntIxfzheYIXRvg5XnqCZPjW7qgnEIXr8Vqk64dj+Deqffn4Bn+I9+aQFF
oGbKM8qWc4Ohpze8eyouGypjhuvBvEyJB3quKIDQvnv+Gj5B4S9+9bn5R91/OOgc
v5dgrH39IT8/pVQghAliw7I9REMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBR3Qz3P
jXRDsGYWuU+x7qYHHq0DhjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZTY4MGZmZTctZDc3Yy00NDMzLTgxZjktZmZiZjc2YTQ1YTZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAME5tTAN
BgkqhkiG9w0BAQsFAAOCAQEAUUBAlEZHq3a9Vmy0q32TVRYGRAoxOLYXwbGFUBcF
RG1xvx4rYjYmnf3G6eyKSHD7oUgiuVpDQkobeKfDKGxg3A4YRZu/7DtdKjB3pYmI
R3jOM7Dv6a82JkgMjSUEKSB4ZX4yHhNcrepPDYtz/9YozV2cv7XiCW4CyMpARB2n
rkGkF/UuRlVx3eZd4y+rdeWQlWuC7GxbOuoIejkMcZJkexrxbcqKJ04fBZK2nlrm
req6iPKrQUamJZsbc5CeSJe3LdXh4dEgtTZ4CrFFgiJIJ+CsmXNkCLkDlwRodg//
fBRwGz9cAB8FMxGI8f7rWHXoHwmosB+6wtPa9n89d98C8w==
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:42 2024 by rpki-client on console-ams.rpki-client.org