Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0ad4a04d-fea6-4341-bc93-2743f2493a1e.roa
File:                     0ad4a04d-fea6-4341-bc93-2743f2493a1e.roa (raw, json)
Hash identifier:          m2T8vD3Mewo1W6whPc2l04ffq6GTx+NdVgIJn/n+QAo=
Subject key identifier:   8A:7F:22:58:D0:35:36:EC:51:B9:EC:86:5B:6E:11:4E:FF:13:00:8B
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       3121575FDD897EA0794277DC3C7A28953640CC04
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0ad4a04d-fea6-4341-bc93-2743f2493a1e.roa
Signing time:             Tue 21 May 2024 00:00:00 +0000
ROA not before:           Tue 21 May 2024 00:00:00 +0000
ROA not after:            Tue 25 Jun 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.92.0.0/14 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:21:57:5f:dd:89:7e:a0:79:42:77:dc:3c:7a:28:95:36:40:cc:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May 21 00:00:00 2024 GMT
            Not After : Jun 25 23:59:59 2024 GMT
        Subject: serialNumber=125012c46c8d798b5ff93f12e34ae3aab9cadcd6bbf0491d114332b00a4e61bd, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:de:2e:10:6b:4c:81:d7:65:e7:74:65:53:d8:
                    46:5d:b1:06:82:28:ea:1a:e0:bb:9f:ff:eb:5d:b6:
                    68:87:91:db:07:5c:86:6c:98:ae:9a:b5:37:ba:18:
                    f6:26:c6:d2:36:48:5f:98:ea:ea:4e:1b:c8:ef:b3:
                    b3:42:e3:c5:8b:9a:05:d3:e4:66:d8:85:1b:fb:fb:
                    3c:58:53:df:d6:32:1f:e3:62:4a:47:c2:f6:a7:b9:
                    bc:e1:58:55:91:36:33:39:1a:29:06:9a:98:df:44:
                    ab:7e:6c:57:27:5c:4f:6c:0f:4a:e2:66:2c:3c:06:
                    c5:00:0c:47:ea:26:78:48:93:d8:de:4c:54:7b:98:
                    bd:43:ce:95:e8:df:6a:34:1a:20:bc:85:cb:db:6e:
                    35:c9:d9:b6:c3:17:51:80:72:36:86:56:e7:35:1b:
                    62:38:01:9e:35:2e:db:e6:08:b4:6d:b2:6f:77:5c:
                    08:03:8a:95:44:aa:8b:a0:96:e8:e5:3c:56:7c:87:
                    1f:9a:be:98:51:7e:d5:6a:90:a6:ed:63:82:80:82:
                    94:fd:d6:1d:05:57:3d:92:fc:3e:2a:8b:05:8a:3c:
                    53:01:a2:4c:ea:a7:3a:ec:8b:f9:a2:62:fd:76:dd:
                    f9:73:23:73:3b:fe:f5:e0:46:e9:ae:49:05:da:d2:
                    d3:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:7F:22:58:D0:35:36:EC:51:B9:EC:86:5B:6E:11:4E:FF:13:00:8B
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0ad4a04d-fea6-4341-bc93-2743f2493a1e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.92.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         5c:f1:8d:8e:53:c9:24:7c:47:5b:c7:f1:e1:00:fa:ce:4b:b6:
         73:64:cd:97:d7:39:96:1a:0a:c0:14:40:a9:e5:c2:20:95:4b:
         c7:b2:2c:a7:46:21:39:60:ec:38:b4:2c:94:60:98:42:eb:76:
         fe:72:7c:bf:2e:74:a1:a7:ad:50:c0:5a:f9:98:b4:bf:9c:be:
         bd:37:af:b9:f9:61:cc:36:49:cc:99:b1:38:c8:44:47:da:ab:
         33:63:8a:87:4c:95:ed:3a:52:77:8b:5f:76:00:bd:17:fc:c3:
         f7:d3:70:12:1b:d0:8c:7f:ec:e6:66:fb:ce:d4:ca:96:aa:9d:
         05:e3:16:0f:39:09:b2:fe:26:00:71:33:ac:27:72:85:e2:ff:
         0f:70:07:3a:42:18:fd:68:d9:5e:ff:93:8e:b5:8b:58:0b:1b:
         29:21:d6:bb:d6:f8:ff:c9:23:29:7b:8a:fa:64:ec:65:58:46:
         6f:0e:5b:00:84:71:f6:a0:bc:ca:19:be:d8:80:61:6a:3c:a8:
         2e:be:78:67:6e:a0:36:df:d4:51:2b:bf:63:e3:0a:7d:d3:fb:
         4d:16:88:ac:37:d0:d7:2c:c9:7b:73:ef:9f:9b:9a:2b:d7:ee:
         56:3a:ba:eb:77:da:05:78:d3:d3:e9:eb:50:84:cf:cf:57:9e:
         0b:59:32:e6
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUMSFXX92JfqB5QnfcPHoolTZAzAQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA1MjEwMDAwMDBaFw0yNDA2MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDEyNTAxMmM0NmM4ZDc5OGI1ZmY5M2YxMmUzNGFlM2FhYjljYWRjZDZiYmYw
NDkxZDExNDMzMmIwMGE0ZTYxYmQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKXeLhBrTIHXZed0ZVPYRl2xBoIo6hrgu5//6122aIeR2wdchmyYrpq1N7oY
9ibG0jZIX5jq6k4byO+zs0LjxYuaBdPkZtiFG/v7PFhT39YyH+NiSkfC9qe5vOFY
VZE2MzkaKQaamN9Eq35sVydcT2wPSuJmLDwGxQAMR+omeEiT2N5MVHuYvUPOlejf
ajQaILyFy9tuNcnZtsMXUYByNoZW5zUbYjgBnjUu2+YItG2yb3dcCAOKlUSqi6CW
6OU8VnyHH5q+mFF+1WqQpu1jgoCClP3WHQVXPZL8PiqLBYo8UwGiTOqnOuyL+aJi
/Xbd+XMjczv+9eBG6a5JBdrS05UCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSKfyJY
0DU27FG57IZbbhFO/xMAizAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MGFkNGEwNGQtZmVhNi00MzQxLWJjOTMtMjc0M2YyNDkzYTFlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAjNcMA0G
CSqGSIb3DQEBCwUAA4IBAQBc8Y2OU8kkfEdbx/HhAPrOS7ZzZM2X1zmWGgrAFECp
5cIglUvHsiynRiE5YOw4tCyUYJhC63b+cny/LnShp61QwFr5mLS/nL69N6+5+WHM
NknMmbE4yERH2qszY4qHTJXtOlJ3i192AL0X/MP303ASG9CMf+zmZvvO1MqWqp0F
4xYPOQmy/iYAcTOsJ3KF4v8PcAc6Qhj9aNle/5OOtYtYCxspIda71vj/ySMpe4r6
ZOxlWEZvDlsAhHH2oLzKGb7YgGFqPKguvnhnbqA239RRK79j4wp90/tNFoisN9DX
LMl7c++fm5or1+5WOrrrd9oFeNPT6etQhM/PV54LWTLm
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:38 2024 by rpki-client on console-ams.rpki-client.org