Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f77806ea-9955-4b0b-97f2-78a93d7f0c74.roa
File:                     f77806ea-9955-4b0b-97f2-78a93d7f0c74.roa (raw, json)
Hash identifier:          Uq6V/iYVNqNiHQ7YAYKnDl3jE26nZ529rpXD5pDj3qw=
Subject key identifier:   79:9D:03:41:C1:44:32:74:09:DC:74:36:3D:E2:93:00:DA:6C:84:72
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       2F67E02BBCA06D60162F5F221F3FD6FB63D7F36F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f77806ea-9955-4b0b-97f2-78a93d7f0c74.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        51.172.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:67:e0:2b:bc:a0:6d:60:16:2f:5f:22:1f:3f:d6:fb:63:d7:f3:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=7e31d8275f1e5486e9d0432ca40557b5a362d1203b31d387f22720ebca1c363b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:5e:a6:3f:92:62:8d:14:02:0b:ef:7a:03:d2:
                    2f:a4:b6:d4:02:09:0e:65:6f:15:dd:4e:7c:da:e2:
                    b4:9e:81:10:12:a4:82:9b:37:47:4d:c3:6f:1c:70:
                    ac:d0:7a:5e:f8:f6:7c:d3:ed:a7:4d:b4:12:5c:81:
                    24:e4:43:12:27:12:2d:b4:b3:7f:1d:1e:cf:16:8f:
                    ef:c0:93:99:5f:37:68:c4:dd:77:06:48:ca:5b:8c:
                    5b:e5:e4:90:ac:03:55:f2:8f:04:5c:55:3f:9d:73:
                    28:3e:cb:5e:70:c3:5d:fc:cd:83:53:1b:90:1b:92:
                    83:aa:cf:39:55:42:ff:5f:f6:bd:9c:05:83:68:fa:
                    9a:a1:4d:66:64:81:e2:dd:4b:4f:99:a5:87:0a:29:
                    93:92:ac:7a:82:51:dd:f9:ff:f0:69:5d:d9:84:cd:
                    c5:71:4e:79:9d:af:17:5d:ef:7a:6c:ee:8c:f3:f0:
                    46:19:c6:b2:83:2c:16:0a:8b:9e:29:5a:a7:54:e8:
                    97:44:8d:f0:02:66:6a:e1:54:04:1f:fa:a2:e9:20:
                    8c:11:d8:e1:48:7e:80:fb:48:2a:4d:de:9b:33:a8:
                    43:4f:05:26:de:ab:d2:04:63:3e:4c:7c:db:8e:a3:
                    1e:66:03:a1:30:cf:a5:c5:63:1c:65:0b:6c:3b:fc:
                    18:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:9D:03:41:C1:44:32:74:09:DC:74:36:3D:E2:93:00:DA:6C:84:72
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f77806ea-9955-4b0b-97f2-78a93d7f0c74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.172.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         cf:aa:c9:d4:fa:b2:8b:88:9c:7c:83:5e:8a:c7:2a:e7:a7:95:
         c3:82:ba:68:15:c5:73:84:9f:39:71:d6:e2:7e:df:51:2f:54:
         93:55:18:43:a6:fe:35:d4:bb:1a:1d:36:d5:4d:7b:b3:59:79:
         2b:3c:8b:96:01:a7:35:32:6a:46:ec:0d:d1:f7:8c:0f:79:55:
         19:86:b8:97:10:62:07:d3:4f:0f:47:22:88:f6:a0:6c:63:c3:
         17:fb:62:46:ec:56:bc:14:00:c8:bc:de:7d:09:11:3b:d8:78:
         4b:bb:79:0e:8e:c4:53:a9:ac:eb:d3:b1:df:c7:8e:3c:d8:cb:
         b3:80:89:5f:26:67:d9:0a:7e:b3:db:15:be:e6:91:d7:de:3d:
         68:3e:99:97:51:3a:3b:e6:a8:ea:de:ae:49:24:92:fe:82:b0:
         03:fe:99:77:eb:2f:13:dd:15:79:ae:4f:76:c3:65:ba:f8:85:
         57:95:1d:9a:78:d4:91:44:08:61:71:27:19:ed:e7:66:0c:9e:
         4f:25:94:ee:c7:76:f9:a5:09:18:b9:dc:90:49:ac:66:d1:4b:
         54:d7:33:36:67:f6:ff:0f:c0:d8:1b:30:04:4c:7e:0f:84:d9:
         d7:7d:c0:86:79:fe:74:22:b7:24:d0:28:a6:d3:b9:70:2a:08:
         6e:7e:24:3c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUL2fgK7ygbWAWL18iHz/W+2PX828wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDdlMzFkODI3NWYxZTU0ODZlOWQwNDMyY2E0MDU1N2I1YTM2MmQxMjAzYjMx
ZDM4N2YyMjcyMGViY2ExYzM2M2IxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM1epj+SYo0UAgvvegPSL6S21AIJDmVvFd1OfNritJ6BEBKkgps3R03Dbxxw
rNB6Xvj2fNPtp020ElyBJORDEicSLbSzfx0ezxaP78CTmV83aMTddwZIyluMW+Xk
kKwDVfKPBFxVP51zKD7LXnDDXfzNg1MbkBuSg6rPOVVC/1/2vZwFg2j6mqFNZmSB
4t1LT5mlhwopk5KseoJR3fn/8Gld2YTNxXFOeZ2vF13vemzujPPwRhnGsoMsFgqL
nilap1Tol0SN8AJmauFUBB/6oukgjBHY4Uh+gPtIKk3emzOoQ08FJt6r0gRjPkx8
246jHmYDoTDPpcVjHGULbDv8GOcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBR5nQNB
wUQydAncdDY94pMA2myEcjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Zjc3ODA2ZWEtOTk1NS00YjBiLTk3ZjItNzhhOTNkN2YwYzc0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOsMA0G
CSqGSIb3DQEBCwUAA4IBAQDPqsnU+rKLiJx8g16Kxyrnp5XDgrpoFcVzhJ85cdbi
ft9RL1STVRhDpv411LsaHTbVTXuzWXkrPIuWAac1MmpG7A3R94wPeVUZhriXEGIH
008PRyKI9qBsY8MX+2JG7Fa8FADIvN59CRE72HhLu3kOjsRTqazr07Hfx4482Muz
gIlfJmfZCn6z2xW+5pHX3j1oPpmXUTo75qjq3q5JJJL+grAD/pl36y8T3RV5rk92
w2W6+IVXlR2aeNSRRAhhcScZ7edmDJ5PJZTux3b5pQkYudyQSaxm0UtU1zM2Z/b/
D8DYGzAETH4PhNnXfcCGef50Irck0Cim07lwKghufiQ8
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:42 2024 by rpki-client on console-ams.rpki-client.org