Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/018d1278-2c0d-467a-ae97-a69101b9f274.roa
File:                     018d1278-2c0d-467a-ae97-a69101b9f274.roa (raw, json)
Hash identifier:          HVX+97mlW49+OgDkl1qhzwNgXSTclFoNIbZdomJKXTY=
Subject key identifier:   15:69:A9:42:1A:B4:5D:3D:5B:00:C5:17:6F:6E:AF:56:7C:79:45:E8
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       2E20D60A3E9C3CF21E8FEA7D451FE97809384EB8
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/018d1278-2c0d-467a-ae97-a69101b9f274.roa
Signing time:             Tue 21 May 2024 00:00:00 +0000
ROA not before:           Tue 21 May 2024 00:00:00 +0000
ROA not after:            Tue 25 Jun 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.60.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:20:d6:0a:3e:9c:3c:f2:1e:8f:ea:7d:45:1f:e9:78:09:38:4e:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May 21 00:00:00 2024 GMT
            Not After : Jun 25 23:59:59 2024 GMT
        Subject: serialNumber=e4f83a44ded8d4ada8c73871faadb91d98a2f085c32af2138e60595238e820cb, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:cc:ab:03:3e:80:f9:36:3d:dc:42:1f:ab:c2:
                    65:ea:e3:5f:85:73:93:5a:b5:2e:15:23:d1:15:ea:
                    78:8f:ea:be:a4:31:19:3c:e4:d0:2a:06:a2:6a:c1:
                    9d:5e:be:f8:4c:4a:f2:58:99:c0:1b:64:c7:ab:4f:
                    2d:c8:e0:9a:10:17:18:3e:36:32:08:b1:13:6a:0e:
                    4f:af:63:04:e7:3f:43:da:36:d4:44:41:77:25:a8:
                    8d:33:8d:65:e0:0a:dd:6b:dc:67:a0:9c:25:f2:7e:
                    24:4a:f5:0e:91:ca:6d:ac:3d:d8:d0:90:fd:47:0a:
                    5f:16:6e:c8:d3:41:0a:40:42:7d:7e:38:89:db:8e:
                    fa:d0:04:60:75:ce:1b:c8:61:de:b1:65:56:51:70:
                    59:9b:7d:9a:2e:e5:5e:52:9f:5e:71:14:a0:bd:27:
                    92:87:11:de:bc:22:c6:9c:0e:72:61:5b:56:e4:a3:
                    b4:11:db:89:72:05:f8:48:93:78:b4:f2:f3:48:67:
                    30:3b:5c:e1:ae:f8:18:36:33:ed:de:99:25:0c:55:
                    a0:bf:3b:cf:2e:75:40:17:43:7c:6d:8a:4f:1e:b8:
                    12:35:67:40:41:85:db:f9:18:23:44:97:6d:43:49:
                    8e:ae:49:4a:97:e8:ee:da:7b:43:fb:64:cd:ac:4a:
                    52:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:69:A9:42:1A:B4:5D:3D:5B:00:C5:17:6F:6E:AF:56:7C:79:45:E8
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/018d1278-2c0d-467a-ae97-a69101b9f274.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.60.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4f:cf:2d:cf:a7:e9:3e:e9:7a:3c:ab:af:90:6f:e5:8c:aa:09:
         d4:d6:1e:52:25:35:7b:de:7c:f4:f3:e3:57:75:da:02:7d:7d:
         75:24:05:57:2c:fe:f9:f9:32:1f:7b:ac:4f:13:a1:9a:9f:cc:
         32:47:34:0f:66:ba:00:5e:e2:7d:6b:7d:d6:cf:8d:0d:24:ff:
         bd:2c:33:1a:45:50:2c:0c:2e:94:a2:af:bb:1c:97:9f:56:cb:
         bf:99:d4:d9:43:09:ac:c5:c3:a7:4a:43:75:2c:49:06:d7:c7:
         3c:b3:6a:ae:07:b0:32:47:dc:c9:a8:d8:fb:fa:d0:bd:60:15:
         8d:90:11:74:4b:76:8f:a8:73:aa:40:19:5d:f4:b8:69:7f:57:
         9b:74:bb:e2:8b:53:46:ce:01:17:d6:a8:aa:62:44:94:4d:35:
         87:ba:9e:6f:f4:0b:05:8f:61:89:44:ca:e3:7c:b4:96:0c:54:
         49:36:e8:f2:6c:49:23:43:4b:84:1a:83:81:32:45:a2:a8:09:
         bd:29:c9:f4:ce:64:e6:cf:b1:29:21:de:0e:99:a1:93:2c:6c:
         aa:e4:ef:36:1c:d7:e2:a2:c5:25:5f:a3:1a:a7:d9:a7:dd:1f:
         68:d3:1e:2b:74:4e:55:71:ad:8f:16:be:7a:29:3e:60:90:61:
         9c:9f:8c:eb
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIULiDWCj6cPPIej+p9RR/peAk4TrgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA1MjEwMDAwMDBaFw0yNDA2MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGU0ZjgzYTQ0ZGVkOGQ0YWRhOGM3Mzg3MWZhYWRiOTFkOThhMmYwODVjMzJh
ZjIxMzhlNjA1OTUyMzhlODIwY2IxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALrMqwM+gPk2PdxCH6vCZerjX4Vzk1q1LhUj0RXqeI/qvqQxGTzk0CoGomrB
nV6++ExK8liZwBtkx6tPLcjgmhAXGD42MgixE2oOT69jBOc/Q9o21ERBdyWojTON
ZeAK3WvcZ6CcJfJ+JEr1DpHKbaw92NCQ/UcKXxZuyNNBCkBCfX44iduO+tAEYHXO
G8hh3rFlVlFwWZt9mi7lXlKfXnEUoL0nkocR3rwixpwOcmFbVuSjtBHbiXIF+EiT
eLTy80hnMDtc4a74GDYz7d6ZJQxVoL87zy51QBdDfG2KTx64EjVnQEGF2/kYI0SX
bUNJjq5JSpfo7tp7Q/tkzaxKUisCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQVaalC
GrRdPVsAxRdvbq9WfHlF6DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MDE4ZDEyNzgtMmMwZC00NjdhLWFlOTctYTY5MTAxYjlmMjc0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADM8MA0G
CSqGSIb3DQEBCwUAA4IBAQBPzy3Pp+k+6Xo8q6+Qb+WMqgnU1h5SJTV73nz08+NX
ddoCfX11JAVXLP75+TIfe6xPE6Gan8wyRzQPZroAXuJ9a33Wz40NJP+9LDMaRVAs
DC6Uoq+7HJefVsu/mdTZQwmsxcOnSkN1LEkG18c8s2quB7AyR9zJqNj7+tC9YBWN
kBF0S3aPqHOqQBld9Lhpf1ebdLvii1NGzgEX1qiqYkSUTTWHup5v9AsFj2GJRMrj
fLSWDFRJNujybEkjQ0uEGoOBMkWiqAm9Kcn0zmTmz7EpId4OmaGTLGyq5O82HNfi
osUlX6Map9mn3R9o0x4rdE5Vca2PFr56KT5gkGGcn4zr
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:42 2024 by rpki-client on console-fra.rpki-client.org