Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f09232b8-719a-44e7-87fb-14733ec6c6e8.roa
File:                     f09232b8-719a-44e7-87fb-14733ec6c6e8.roa (raw, json)
Hash identifier:          6jiVB5X20VUVpEt1WsrTarke41EBV3Y22adUstfxLQs=
Subject key identifier:   0F:1E:EF:F5:69:CA:FC:E9:C8:5F:33:62:38:BC:E5:90:3F:4F:8A:44
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6D91ADC079052595BBA229359596771788B6D7CA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f09232b8-719a-44e7-87fb-14733ec6c6e8.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.34.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:91:ad:c0:79:05:25:95:bb:a2:29:35:95:96:77:17:88:b6:d7:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=b1f11ad4746516b1e3ef7698cf99659284f0a7e37363042639abf7af3d4e072e, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5c:c8:7e:88:f5:ff:cd:51:c0:b8:b1:81:00:
                    8b:02:84:7a:76:99:fa:0e:49:85:13:9a:e1:b3:36:
                    54:ad:e4:13:b0:20:be:2f:89:69:f9:ae:22:dd:19:
                    26:d9:64:42:33:f9:20:57:5a:07:4c:d8:a8:82:b3:
                    df:93:de:69:e2:76:a7:d6:e8:19:97:13:39:ea:7c:
                    c4:6f:de:91:22:89:e0:25:d9:66:95:c0:4f:3b:bf:
                    7b:4a:3b:44:36:17:08:83:36:12:3f:bb:c1:06:70:
                    13:95:99:f9:58:c0:df:88:0e:f6:95:09:a4:b7:5c:
                    7c:70:62:8f:31:ee:94:bc:30:e5:2c:95:da:bc:7b:
                    2d:c9:d4:5b:ed:07:8f:b5:bd:29:44:2d:c7:53:e2:
                    f2:a3:34:f5:9e:98:b2:bb:b1:d0:de:16:d0:5d:c2:
                    ac:e5:5c:82:77:54:a8:c2:9f:27:c0:ac:81:d1:41:
                    9f:cc:b7:03:e9:6d:23:03:12:b8:e7:b9:a0:b7:fa:
                    9f:7f:0d:93:38:ad:31:0f:78:5a:2f:63:c7:a5:4c:
                    c1:59:0a:0f:1e:a0:59:37:3d:fc:97:e5:2d:1b:8d:
                    48:f5:48:dd:30:8d:e9:66:3e:ba:83:44:a3:e0:df:
                    b9:9f:52:4d:f4:da:bd:85:7c:d3:62:31:ad:b9:9a:
                    6b:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:1E:EF:F5:69:CA:FC:E9:C8:5F:33:62:38:BC:E5:90:3F:4F:8A:44
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f09232b8-719a-44e7-87fb-14733ec6c6e8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.34.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         a2:ba:85:95:a1:e8:01:54:b3:16:ff:59:38:07:ea:64:06:ce:
         84:b9:e8:60:43:bc:a0:8a:51:d2:4b:5c:93:b3:32:51:71:86:
         3e:df:b3:33:de:5b:5e:83:37:06:f5:a9:d6:92:0a:12:d4:b5:
         56:08:5b:e6:8d:d3:b1:0f:b7:f1:6c:44:1a:8a:fc:93:39:24:
         5b:5d:2b:5b:03:3d:1d:0f:65:6d:8b:4d:9b:0a:17:82:a1:bc:
         63:43:94:ba:63:f0:ef:81:26:7e:52:c1:03:08:eb:1a:76:89:
         3f:72:9b:8d:b9:e0:94:04:d8:7a:16:e3:80:63:b3:cf:a5:9f:
         2b:b5:f2:ed:12:20:9d:c1:26:11:51:ca:99:36:08:a9:99:86:
         da:73:b2:41:33:1e:7f:a8:cd:01:35:a9:8b:19:ae:37:78:55:
         21:e9:a0:59:12:02:f4:da:40:41:e7:82:e5:33:3e:42:4f:e5:
         f5:48:2c:f8:8b:d7:77:f2:52:1f:88:d1:58:86:0c:4d:98:07:
         7b:43:b7:98:07:92:dd:46:48:f8:29:c8:cb:95:81:be:7a:bc:
         ab:24:2b:fb:c8:23:ca:b7:de:e9:ea:53:cf:b0:4e:85:32:bb:
         2a:93:b6:24:31:29:99:27:d8:91:88:21:51:7f:66:61:88:fb:
         11:0d:3a:cb
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUbZGtwHkFJZW7oik1lZZ3F4i218owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGIxZjExYWQ0NzQ2NTE2YjFlM2VmNzY5OGNmOTk2NTkyODRmMGE3ZTM3MzYz
MDQyNjM5YWJmN2FmM2Q0ZTA3MmUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJRcyH6I9f/NUcC4sYEAiwKEenaZ+g5JhROa4bM2VK3kE7Agvi+JafmuIt0Z
JtlkQjP5IFdaB0zYqIKz35PeaeJ2p9boGZcTOep8xG/ekSKJ4CXZZpXATzu/e0o7
RDYXCIM2Ej+7wQZwE5WZ+VjA34gO9pUJpLdcfHBijzHulLww5SyV2rx7LcnUW+0H
j7W9KUQtx1Pi8qM09Z6Ysrux0N4W0F3CrOVcgndUqMKfJ8CsgdFBn8y3A+ltIwMS
uOe5oLf6n38NkzitMQ94Wi9jx6VMwVkKDx6gWTc9/JflLRuNSPVI3TCN6WY+uoNE
o+DfuZ9STfTavYV802Ixrbmaa3MCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQPHu/1
acr86chfM2I4vOWQP0+KRDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZjA5MjMyYjgtNzE5YS00NGU3LTg3ZmItMTQ3MzNlYzZjNmU4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATMiMA0G
CSqGSIb3DQEBCwUAA4IBAQCiuoWVoegBVLMW/1k4B+pkBs6EuehgQ7ygilHSS1yT
szJRcYY+37Mz3ltegzcG9anWkgoS1LVWCFvmjdOxD7fxbEQaivyTOSRbXStbAz0d
D2Vti02bCheCobxjQ5S6Y/DvgSZ+UsEDCOsadok/cpuNueCUBNh6FuOAY7PPpZ8r
tfLtEiCdwSYRUcqZNgipmYbac7JBMx5/qM0BNamLGa43eFUh6aBZEgL02kBB54Ll
Mz5CT+X1SCz4i9d38lIfiNFYhgxNmAd7Q7eYB5LdRkj4KcjLlYG+eryrJCv7yCPK
t97p6lPPsE6FMrsqk7YkMSmZJ9iRiCFRf2ZhiPsRDTrL
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:18:29 2024 by rpki-client on console-ams.rpki-client.org