Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1daf6597-c039-470d-a015-f42507e1afef.roa
File:                     1daf6597-c039-470d-a015-f42507e1afef.roa (raw, json)
Hash identifier:          QFPhQ7qSeZ3UyctBDebaNVQLTTDFVzoLY/rSw5rptYc=
Subject key identifier:   C3:14:F0:A9:50:78:71:A4:5C:31:02:45:37:36:D1:43:D1:37:3D:82
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       4AB95C28C7A7249B9A0A60FF5BF2DA234212D90F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1daf6597-c039-470d-a015-f42507e1afef.roa
Signing time:             Mon 17 Jun 2024 00:00:00 +0000
ROA not before:           Mon 17 Jun 2024 00:00:00 +0000
ROA not after:            Mon 22 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.172.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:b9:5c:28:c7:a7:24:9b:9a:0a:60:ff:5b:f2:da:23:42:12:d9:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 17 00:00:00 2024 GMT
            Not After : Jul 22 23:59:59 2024 GMT
        Subject: serialNumber=d15fef0ac395f9b8aa2c114230b1e724d59640d437b9040d39e048229369ece1, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:7b:f5:5f:4d:23:6d:59:34:4d:c7:cc:f1:af:
                    f5:61:b7:a6:44:00:8e:f3:56:7f:09:ad:ef:82:f1:
                    25:0c:24:15:6c:cb:dd:a3:8a:90:73:de:78:b6:ed:
                    7a:c5:21:e4:94:32:2b:07:9e:e9:3f:a2:27:16:f6:
                    b7:5a:5b:91:6e:48:b0:f9:65:85:22:eb:cc:16:78:
                    93:39:e8:7c:87:67:a7:d2:d1:99:fe:65:c4:60:53:
                    be:c9:1a:1d:86:53:2c:99:90:04:f8:c7:f3:6d:04:
                    14:53:ea:2a:c2:50:1f:99:cc:61:43:9d:69:13:31:
                    4d:27:08:5d:e3:94:1c:b0:ca:b1:4f:d0:cd:85:a2:
                    b0:85:0f:2b:99:c2:bd:f0:9e:13:1b:ed:ed:00:30:
                    23:4c:68:a1:d2:c1:df:a3:0e:24:ee:b8:bf:ff:5f:
                    45:6c:19:f9:b1:0d:76:66:25:1d:a9:81:76:d8:78:
                    b2:ea:13:94:76:8d:47:40:49:17:a7:b0:e1:9e:22:
                    96:1e:ab:31:0a:84:fd:75:4c:e5:1d:45:07:c8:4e:
                    37:14:cc:33:01:bc:35:b0:53:7e:ef:8e:55:1e:93:
                    de:6a:58:c2:8b:21:41:ab:5e:de:82:00:d0:bd:f9:
                    ef:10:c1:97:46:03:e6:68:c1:4e:8f:70:b0:ef:33:
                    80:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:14:F0:A9:50:78:71:A4:5C:31:02:45:37:36:D1:43:D1:37:3D:82
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1daf6597-c039-470d-a015-f42507e1afef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.172.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         bf:d8:bf:27:36:2f:1d:39:ee:fa:47:6c:c7:f1:62:e9:17:6b:
         58:48:30:ec:fc:27:3f:2f:5b:70:67:58:ed:55:d3:06:dd:a9:
         d8:2b:b5:45:cf:e3:6d:8b:2c:db:ae:16:a2:b7:67:b7:b4:91:
         84:72:de:8f:28:a6:bc:c7:13:d7:7e:f6:a8:3a:7f:be:2e:c0:
         ed:44:80:27:cc:2f:f8:04:a5:03:33:e5:cf:71:25:b9:04:04:
         7e:18:9e:c6:10:6a:1e:f7:98:dc:23:b8:78:d8:16:4f:dd:c8:
         86:83:02:93:c7:e3:2c:67:4c:5e:83:84:d1:2b:8f:a2:0f:99:
         12:e8:3c:02:0f:83:73:9b:c6:0e:81:a3:36:07:68:d9:6d:2f:
         09:87:d2:8c:a3:45:21:d9:73:6b:93:45:84:e6:92:0c:8e:9a:
         32:02:76:a4:27:61:5e:ee:3c:2d:58:2a:24:1d:53:ec:bc:1f:
         a1:1e:96:8c:86:29:24:53:78:ec:91:6c:6e:77:6c:bb:0f:2f:
         0a:63:c3:b5:78:67:03:25:b3:90:5b:82:35:c2:f2:3d:c2:4a:
         5e:76:ae:1d:69:2f:b3:f3:df:4d:e1:e6:b1:c6:02:05:80:ad:
         79:3d:16:7b:79:65:17:7f:44:cb:7b:ac:e8:27:58:5d:64:8f:
         87:d6:9f:32
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUSrlcKMenJJuaCmD/W/LaI0IS2Q8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MTcwMDAwMDBaFw0yNDA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQGQxNWZlZjBhYzM5NWY5YjhhYTJjMTE0MjMwYjFlNzI0ZDU5NjQwZDQzN2I5
MDQwZDM5ZTA0ODIyOTM2OWVjZTExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMx79V9NI21ZNE3HzPGv9WG3pkQAjvNWfwmt74LxJQwkFWzL3aOKkHPeeLbt
esUh5JQyKwee6T+iJxb2t1pbkW5IsPllhSLrzBZ4kznofIdnp9LRmf5lxGBTvska
HYZTLJmQBPjH820EFFPqKsJQH5nMYUOdaRMxTScIXeOUHLDKsU/QzYWisIUPK5nC
vfCeExvt7QAwI0xoodLB36MOJO64v/9fRWwZ+bENdmYlHamBdth4suoTlHaNR0BJ
F6ew4Z4ilh6rMQqE/XVM5R1FB8hONxTMMwG8NbBTfu+OVR6T3mpYwoshQate3oIA
0L357xDBl0YD5mjBTo9wsO8zgNECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTDFPCp
UHhxpFwxAkU3NtFD0Tc9gjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MWRhZjY1OTctYzAzOS00NzBkLWEwMTUtZjQyNTA3ZTFhZmVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOsMA0G
CSqGSIb3DQEBCwUAA4IBAQC/2L8nNi8dOe76R2zH8WLpF2tYSDDs/Cc/L1twZ1jt
VdMG3anYK7VFz+Ntiyzbrhait2e3tJGEct6PKKa8xxPXfvaoOn++LsDtRIAnzC/4
BKUDM+XPcSW5BAR+GJ7GEGoe95jcI7h42BZP3ciGgwKTx+MsZ0xeg4TRK4+iD5kS
6DwCD4Nzm8YOgaM2B2jZbS8Jh9KMo0Uh2XNrk0WE5pIMjpoyAnakJ2Fe7jwtWCok
HVPsvB+hHpaMhikkU3jskWxud2y7Dy8KY8O1eGcDJbOQW4I1wvI9wkpedq4daS+z
899N4eaxxgIFgK15PRZ7eWUXf0TLe6zoJ1hdZI+H1p8y
-----END CERTIFICATE-----
Generated at Wed Jun 26 02:09:55 2024 by rpki-client on console-ams.rpki-client.org