Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/018d1278-2c0d-467a-ae97-a69101b9f274.roa
File:                     018d1278-2c0d-467a-ae97-a69101b9f274.roa (raw, json)
Hash identifier:          zrImCmhmgLcUeVfvSMp2FgTYSjKJXBNKnzX/JaHn0sw=
Subject key identifier:   71:52:22:B1:B0:2C:C6:DA:97:15:4D:A2:F8:B8:31:39:FF:DC:09:4A
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       35DE4ACDA661C2AD24C62FA8316198D415A0886A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/018d1278-2c0d-467a-ae97-a69101b9f274.roa
Signing time:             Mon 17 Jun 2024 00:00:00 +0000
ROA not before:           Mon 17 Jun 2024 00:00:00 +0000
ROA not after:            Mon 22 Jul 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.60.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:de:4a:cd:a6:61:c2:ad:24:c6:2f:a8:31:61:98:d4:15:a0:88:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 17 00:00:00 2024 GMT
            Not After : Jul 22 23:59:59 2024 GMT
        Subject: serialNumber=7a2a5efe4010ca4b6728f6e41c9702456f8c33835e94abf3e4598a6c48fed354, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:78:6c:ed:cb:1e:1f:80:69:d3:da:1f:e5:9e:
                    38:ae:8f:24:e3:dd:7e:1a:0a:17:96:6a:74:01:c3:
                    50:d3:51:6b:a9:6a:c6:7a:4a:8d:0c:96:b9:d1:12:
                    9d:66:2b:bc:85:09:9a:65:49:23:ee:19:6a:ba:d2:
                    90:4b:22:a1:a0:7d:9f:36:47:75:bf:10:d2:f5:b6:
                    b1:44:ca:ac:76:cc:10:b8:9d:0b:02:7c:04:52:e8:
                    c5:8c:e1:7f:f5:38:dd:0c:15:c4:43:fe:ec:d6:3e:
                    23:db:78:f8:fe:fc:9e:46:13:6b:8a:d7:01:2f:3f:
                    8b:f0:b2:9f:7f:91:42:2d:fe:a0:4e:f0:37:69:a8:
                    8c:13:4c:d8:06:00:d5:ec:d7:5c:73:08:60:b4:d9:
                    cd:0c:fb:7b:82:51:e2:89:d0:24:e3:fa:b8:7c:44:
                    4c:33:2d:7f:a3:3e:34:7a:d3:a1:e8:41:9c:df:06:
                    3a:2a:02:58:0e:3e:71:0f:12:9d:c3:9e:a0:7a:23:
                    34:11:66:48:fc:96:bd:9f:27:6b:95:67:62:d2:53:
                    fe:8e:f7:96:82:6f:25:fa:6e:bd:98:3c:1c:2d:d8:
                    02:34:d3:70:f6:35:c1:0a:81:be:9b:dd:f6:2d:a1:
                    a5:d5:af:f6:25:72:77:20:8e:86:d1:a4:7e:21:30:
                    66:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:52:22:B1:B0:2C:C6:DA:97:15:4D:A2:F8:B8:31:39:FF:DC:09:4A
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/018d1278-2c0d-467a-ae97-a69101b9f274.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.60.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b0:1e:d8:d9:36:e9:5f:44:38:a2:04:92:c2:73:aa:57:be:4d:
         ac:ee:45:12:82:08:5e:51:6c:f3:c0:1e:d3:bf:3a:7c:2d:75:
         c8:c2:d2:d0:79:2f:ef:ed:46:2e:a3:b5:51:4f:75:b3:18:36:
         31:ea:e2:8c:73:7c:c3:a1:73:31:a7:75:7c:fc:a5:86:bc:d5:
         ea:61:07:90:e7:12:1e:c1:d4:9f:9f:f8:78:e8:3f:60:32:0d:
         c0:49:f9:2b:9e:95:38:12:17:50:54:14:1a:0e:8c:b4:5e:d4:
         2e:d6:4b:b3:bb:d4:ac:e8:f1:ff:ec:37:c4:0a:58:97:98:b4:
         b3:37:0a:ef:3e:3d:97:19:dd:d6:a8:6e:79:14:e3:5f:a0:a4:
         6c:9b:3f:8f:06:b1:b9:4e:ab:8c:92:19:83:70:70:d8:a2:da:
         f5:3a:2e:93:5e:22:9e:75:10:6c:30:a8:c6:17:b0:97:12:f4:
         e8:54:1b:29:29:96:56:44:d4:3b:18:54:cf:ad:71:0a:09:fb:
         45:c9:44:58:56:e2:b0:57:2f:dc:a7:11:4c:52:1d:0b:83:b1:
         89:b7:3a:59:c1:0f:b7:a5:55:b7:e7:20:45:82:9c:25:48:a4:
         dc:aa:96:7b:49:b0:77:d3:c8:91:74:e8:db:85:59:12:ee:91:
         b6:22:29:55
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUNd5KzaZhwq0kxi+oMWGY1BWgiGowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MTcwMDAwMDBaFw0yNDA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDdhMmE1ZWZlNDAxMGNhNGI2NzI4ZjZlNDFjOTcwMjQ1NmY4YzMzODM1ZTk0
YWJmM2U0NTk4YTZjNDhmZWQzNTQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALZ4bO3LHh+AadPaH+WeOK6PJOPdfhoKF5ZqdAHDUNNRa6lqxnpKjQyWudES
nWYrvIUJmmVJI+4ZarrSkEsioaB9nzZHdb8Q0vW2sUTKrHbMELidCwJ8BFLoxYzh
f/U43QwVxEP+7NY+I9t4+P78nkYTa4rXAS8/i/Cyn3+RQi3+oE7wN2mojBNM2AYA
1ezXXHMIYLTZzQz7e4JR4onQJOP6uHxETDMtf6M+NHrToehBnN8GOioCWA4+cQ8S
ncOeoHojNBFmSPyWvZ8na5VnYtJT/o73loJvJfpuvZg8HC3YAjTTcPY1wQqBvpvd
9i2hpdWv9iVydyCOhtGkfiEwZrECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRxUiKx
sCzG2pcVTaL4uDE5/9wJSjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MDE4ZDEyNzgtMmMwZC00NjdhLWFlOTctYTY5MTAxYjlmMjc0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADM8MA0G
CSqGSIb3DQEBCwUAA4IBAQCwHtjZNulfRDiiBJLCc6pXvk2s7kUSggheUWzzwB7T
vzp8LXXIwtLQeS/v7UYuo7VRT3WzGDYx6uKMc3zDoXMxp3V8/KWGvNXqYQeQ5xIe
wdSfn/h46D9gMg3ASfkrnpU4EhdQVBQaDoy0XtQu1kuzu9Ss6PH/7DfECliXmLSz
NwrvPj2XGd3WqG55FONfoKRsmz+PBrG5TquMkhmDcHDYotr1Oi6TXiKedRBsMKjG
F7CXEvToVBspKZZWRNQ7GFTPrXEKCftFyURYVuKwVy/cpxFMUh0Lg7GJtzpZwQ+3
pVW35yBFgpwlSKTcqpZ7SbB308iRdOjbhVkS7pG2IilV
-----END CERTIFICATE-----
Generated at Wed Jun 26 02:09:55 2024 by rpki-client on console-ams.rpki-client.org