Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0ad4a04d-fea6-4341-bc93-2743f2493a1e.roa
File:                     0ad4a04d-fea6-4341-bc93-2743f2493a1e.roa (raw, json)
Hash identifier:          CmbtpbzAb95Klzr7wLAxXvnnan3xU+PWKHk3MTkJKlg=
Subject key identifier:   A2:BF:1D:68:62:40:BB:BA:96:B4:BC:E0:8E:B4:22:7C:C7:30:43:EF
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       15A72D6C49D0FC639E2DF71ED5BAC593DF7AE169
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0ad4a04d-fea6-4341-bc93-2743f2493a1e.roa
Signing time:             Mon 17 Jun 2024 00:00:00 +0000
ROA not before:           Mon 17 Jun 2024 00:00:00 +0000
ROA not after:            Mon 22 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.92.0.0/14 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:a7:2d:6c:49:d0:fc:63:9e:2d:f7:1e:d5:ba:c5:93:df:7a:e1:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 17 00:00:00 2024 GMT
            Not After : Jul 22 23:59:59 2024 GMT
        Subject: serialNumber=2c473b5f122c2a6025dc03aa68a93ce8e7dea928273efa81feba853ee7bf4288, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:67:30:d6:f8:e1:f2:c6:ee:bd:6a:57:de:a6:
                    9e:56:88:e6:44:69:d7:a8:8d:34:a7:93:16:e4:9e:
                    4c:67:6a:fd:02:f3:21:7d:a6:e4:5d:66:1f:9b:3c:
                    a6:84:0f:99:2e:be:bd:c8:cd:69:0f:30:d2:7f:f5:
                    1c:a4:e0:db:bc:39:64:4f:20:f8:9b:c9:60:a0:e4:
                    2e:17:69:a6:45:2e:56:5d:90:95:39:7c:8e:df:77:
                    8c:d4:48:b3:19:e9:eb:bb:c1:03:67:59:8e:d0:f7:
                    b4:91:79:05:09:12:ba:3b:9f:67:be:05:aa:b0:1a:
                    f0:39:9f:5c:58:1e:0a:0b:43:a7:a3:b5:e1:78:6a:
                    41:28:fd:85:5b:0c:93:c6:2e:7b:2a:14:04:fd:09:
                    7e:43:c1:9f:e2:a7:5c:9e:4a:c0:81:12:a5:4f:21:
                    8d:22:87:25:d1:72:38:8f:42:9e:f2:65:f0:1f:fd:
                    be:c9:80:3c:c5:71:fc:f5:bc:57:6e:55:ff:63:94:
                    0a:2d:41:50:f8:18:0e:19:2a:f4:00:aa:ce:31:15:
                    c6:a0:84:f2:e8:aa:40:8b:e0:43:22:07:d4:6c:7b:
                    15:61:84:09:80:8f:ed:aa:6c:9f:07:95:d7:c3:51:
                    2d:74:f5:46:d6:50:80:40:a2:d0:82:a1:4a:8e:87:
                    1b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:BF:1D:68:62:40:BB:BA:96:B4:BC:E0:8E:B4:22:7C:C7:30:43:EF
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0ad4a04d-fea6-4341-bc93-2743f2493a1e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.92.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         d3:52:a0:90:f3:ac:c0:ee:31:0c:a0:f6:df:e0:57:28:d5:71:
         f2:35:ff:7e:ce:7a:3c:3b:7f:e0:a1:25:b1:2e:76:cb:d8:56:
         bc:3a:44:de:59:0e:80:82:19:fa:fb:b6:29:d8:d3:77:70:79:
         aa:e6:6f:dd:ea:30:be:f7:bb:5d:26:bf:00:ba:3e:51:af:68:
         d2:35:28:4f:2f:7f:fc:57:72:6d:67:6d:98:e7:c4:5f:30:be:
         90:ea:89:c4:2a:d7:2c:d8:8c:18:a6:cc:46:c8:db:44:5f:f4:
         73:04:6a:a6:60:2b:fb:c0:00:0a:ab:a3:2c:10:f8:b5:91:e6:
         bc:02:b8:cf:a0:c4:bf:9f:d5:98:1f:cf:4a:8d:b2:75:b1:11:
         bf:84:13:dc:06:20:04:d2:db:92:fe:ff:04:64:02:b8:a2:81:
         c4:84:3b:5e:d1:83:92:78:13:d5:90:b6:12:39:5f:52:ee:c9:
         da:c0:eb:43:66:fb:9a:f7:a6:b9:6e:4a:06:d4:72:88:8a:73:
         4c:20:ec:48:2d:96:7b:d9:73:f9:79:44:3b:d2:9a:52:02:ae:
         f8:b6:e6:f4:e6:d9:56:36:1d:db:a1:7d:20:36:dc:1f:c0:a6:
         04:73:c6:c7:b2:7e:c9:14:b3:74:18:f7:d9:de:ff:d4:96:70:
         b6:49:8d:4c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUFactbEnQ/GOeLfce1brFk9964WkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MTcwMDAwMDBaFw0yNDA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDJjNDczYjVmMTIyYzJhNjAyNWRjMDNhYTY4YTkzY2U4ZTdkZWE5MjgyNzNl
ZmE4MWZlYmE4NTNlZTdiZjQyODgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANRnMNb44fLG7r1qV96mnlaI5kRp16iNNKeTFuSeTGdq/QLzIX2m5F1mH5s8
poQPmS6+vcjNaQ8w0n/1HKTg27w5ZE8g+JvJYKDkLhdppkUuVl2QlTl8jt93jNRI
sxnp67vBA2dZjtD3tJF5BQkSujufZ74FqrAa8DmfXFgeCgtDp6O14XhqQSj9hVsM
k8YueyoUBP0JfkPBn+KnXJ5KwIESpU8hjSKHJdFyOI9CnvJl8B/9vsmAPMVx/PW8
V25V/2OUCi1BUPgYDhkq9ACqzjEVxqCE8uiqQIvgQyIH1Gx7FWGECYCP7apsnweV
18NRLXT1RtZQgECi0IKhSo6HGzECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSivx1o
YkC7upa0vOCOtCJ8xzBD7zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MGFkNGEwNGQtZmVhNi00MzQxLWJjOTMtMjc0M2YyNDkzYTFlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAjNcMA0G
CSqGSIb3DQEBCwUAA4IBAQDTUqCQ86zA7jEMoPbf4Fco1XHyNf9+zno8O3/goSWx
LnbL2Fa8OkTeWQ6Aghn6+7Yp2NN3cHmq5m/d6jC+97tdJr8Auj5Rr2jSNShPL3/8
V3JtZ22Y58RfML6Q6onEKtcs2IwYpsxGyNtEX/RzBGqmYCv7wAAKq6MsEPi1kea8
ArjPoMS/n9WYH89KjbJ1sRG/hBPcBiAE0tuS/v8EZAK4ooHEhDte0YOSeBPVkLYS
OV9S7snawOtDZvua96a5bkoG1HKIinNMIOxILZZ72XP5eUQ70ppSAq74tub05tlW
Nh3boX0gNtwfwKYEc8bHsn7JFLN0GPfZ3v/UlnC2SY1M
-----END CERTIFICATE-----
Generated at Wed Jun 26 02:44:39 2024 by rpki-client on console-fra.rpki-client.org