Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f2663f97-3b6a-42cf-aecf-39cdbb344d60.roa
File:                     f2663f97-3b6a-42cf-aecf-39cdbb344d60.roa (raw, json)
Hash identifier:          OTtmG8KvFiFJYPq5li21iRkYhDljHGyzIJ7TewDM/yY=
Subject key identifier:   03:FA:C9:07:6C:AE:0D:65:15:98:25:2A:87:DE:C0:DB:C0:5B:85:AC
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       27E60226CAF944BC72D747F7C91F635BE7201606
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f2663f97-3b6a-42cf-aecf-39cdbb344d60.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        143.65.128.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:e6:02:26:ca:f9:44:bc:72:d7:47:f7:c9:1f:63:5b:e7:20:16:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=07055b04e5ae00ff418c2c6559b3b0996f23d046f27307fa9c2e81c75c8e239e, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:7e:89:af:4c:86:d4:dc:d9:9d:f4:eb:85:ec:
                    d4:4a:47:8e:81:77:61:06:44:5f:47:00:0c:87:a2:
                    a5:a8:d7:6a:84:04:5b:0d:c2:d5:a4:97:4c:fb:e9:
                    66:7e:7c:58:84:2e:99:6d:ab:0e:74:0c:f0:9c:2c:
                    8b:09:cf:63:eb:49:72:bb:e3:c5:bd:1b:0d:17:0e:
                    6c:e2:1a:72:fe:2b:5e:30:f3:da:be:c8:bb:61:89:
                    74:9d:c6:c0:fd:12:62:87:da:bb:4a:e7:28:2d:53:
                    5c:62:9f:ad:c5:34:53:c9:34:cb:fd:7b:14:db:5f:
                    82:96:18:1e:bc:55:dd:7d:84:a5:5b:4d:c4:a2:a6:
                    a5:2d:5b:cb:ac:eb:e1:51:7a:2b:de:56:8e:e4:26:
                    19:95:24:7e:ac:b4:53:d2:bf:44:ea:5d:ad:2c:3c:
                    4f:ea:ea:ac:ab:78:33:7b:e7:e3:37:c7:5e:10:bb:
                    98:ac:82:71:1d:d2:2e:d9:f0:5b:10:50:67:60:e2:
                    d7:dc:c4:ab:00:02:41:8a:25:d5:ef:1a:a4:5d:13:
                    a0:2d:ac:27:2c:fe:83:ad:46:d8:42:63:c3:c4:4c:
                    08:e6:1c:93:4a:b0:44:32:16:da:d8:ce:28:28:0d:
                    80:b0:e0:78:29:3a:7a:84:68:96:f5:7d:ff:1c:28:
                    fc:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:FA:C9:07:6C:AE:0D:65:15:98:25:2A:87:DE:C0:DB:C0:5B:85:AC
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f2663f97-3b6a-42cf-aecf-39cdbb344d60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.65.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         ad:60:ab:df:f1:ce:9e:fb:2f:5b:ef:ea:87:77:7b:97:99:33:
         62:dc:19:6b:97:64:f9:e8:36:80:73:50:d1:d2:73:a5:c0:99:
         04:05:67:f9:7b:15:3c:60:03:a0:79:69:39:4f:85:b7:18:d8:
         be:fc:3c:bf:1a:eb:3b:e9:db:b0:f3:31:51:2d:17:f5:8b:52:
         9f:c4:4f:7b:99:d2:1d:d9:7c:74:cc:0e:b9:f5:f1:92:ef:70:
         00:d0:f9:5e:cb:49:41:42:2e:78:ea:15:d0:9f:6b:53:16:c2:
         e0:78:35:72:4d:a6:1a:3a:dd:2c:d1:fc:3b:3d:38:14:50:ee:
         49:d8:d1:25:15:32:7b:8f:38:96:4e:55:aa:80:8d:64:16:14:
         09:51:9d:36:01:5a:13:96:53:ea:7b:1b:f3:12:ba:30:81:76:
         30:1a:1a:1a:31:05:09:af:4d:11:1e:17:43:04:c5:df:00:d7:
         5d:59:7e:ca:d0:eb:4e:a5:0e:7c:d2:ce:3d:05:e6:7d:3a:f9:
         52:37:a8:d1:c9:ae:a1:39:7c:ba:8a:eb:3c:b5:a0:9d:e9:f6:
         7d:41:94:6d:09:f8:45:2b:6e:ad:e7:d0:f2:b9:20:ae:43:7d:
         3c:f4:28:c3:e5:0e:17:87:f8:25:0e:5a:5a:3b:1d:50:0c:c7:
         d6:c4:35:44
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUJ+YCJsr5RLxy10f3yR9jW+cgFgYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDA3MDU1YjA0ZTVhZTAwZmY0MThjMmM2NTU5YjNiMDk5NmYyM2QwNDZmMjcz
MDdmYTljMmU4MWM3NWM4ZTIzOWUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIJ+ia9MhtTc2Z3064Xs1EpHjoF3YQZEX0cADIeipajXaoQEWw3C1aSXTPvp
Zn58WIQumW2rDnQM8JwsiwnPY+tJcrvjxb0bDRcObOIacv4rXjDz2r7Iu2GJdJ3G
wP0SYofau0rnKC1TXGKfrcU0U8k0y/17FNtfgpYYHrxV3X2EpVtNxKKmpS1by6zr
4VF6K95WjuQmGZUkfqy0U9K/ROpdrSw8T+rqrKt4M3vn4zfHXhC7mKyCcR3SLtnw
WxBQZ2Di19zEqwACQYol1e8apF0ToC2sJyz+g61G2EJjw8RMCOYck0qwRDIW2tjO
KCgNgLDgeCk6eoRolvV9/xwo/OkCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQD+skH
bK4NZRWYJSqH3sDbwFuFrDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZjI2NjNmOTctM2I2YS00MmNmLWFlY2YtMzljZGJiMzQ0ZDYwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBo9BgDAN
BgkqhkiG9w0BAQsFAAOCAQEArWCr3/HOnvsvW+/qh3d7l5kzYtwZa5dk+eg2gHNQ
0dJzpcCZBAVn+XsVPGADoHlpOU+FtxjYvvw8vxrrO+nbsPMxUS0X9YtSn8RPe5nS
Hdl8dMwOufXxku9wAND5XstJQUIueOoV0J9rUxbC4Hg1ck2mGjrdLNH8Oz04FFDu
SdjRJRUye484lk5VqoCNZBYUCVGdNgFaE5ZT6nsb8xK6MIF2MBoaGjEFCa9NER4X
QwTF3wDXXVl+ytDrTqUOfNLOPQXmfTr5Ujeo0cmuoTl8uorrPLWgnen2fUGUbQn4
RSturefQ8rkgrkN9PPQow+UOF4f4JQ5aWjsdUAzH1sQ1RA==
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:21 2024 by rpki-client on console-fra.rpki-client.org