Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1daf6597-c039-470d-a015-f42507e1afef.roa
File:                     1daf6597-c039-470d-a015-f42507e1afef.roa (raw, json)
Hash identifier:          T/NFEoslIQhgvJ1uHyf4qZ6QG7XT8XkCGVmdPPkgZSY=
Subject key identifier:   5E:D0:09:5D:DC:D7:01:7D:FE:DA:58:2F:0A:F1:13:21:F1:AD:80:9D
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       4217A186F8D90670558171A10B8F127E84896F1F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1daf6597-c039-470d-a015-f42507e1afef.roa
Signing time:             Tue 21 May 2024 00:00:00 +0000
ROA not before:           Tue 21 May 2024 00:00:00 +0000
ROA not after:            Tue 25 Jun 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.172.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:17:a1:86:f8:d9:06:70:55:81:71:a1:0b:8f:12:7e:84:89:6f:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May 21 00:00:00 2024 GMT
            Not After : Jun 25 23:59:59 2024 GMT
        Subject: serialNumber=42416d23f1a21a9842bb64bab419cbe58b2c040e12faa1023b65319a221c2541, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a1:51:9a:7c:a7:7e:29:f9:40:87:e2:16:c5:
                    83:de:2b:41:65:8e:5e:7a:e8:b3:0a:57:a5:bb:02:
                    62:52:18:dd:7e:c4:8f:da:21:fd:f8:ed:2d:47:08:
                    fb:ae:e6:0f:4f:7e:b2:4f:07:e2:1e:0b:07:e3:78:
                    52:2a:43:68:4c:18:d7:26:e3:0a:1a:04:85:ac:86:
                    59:e1:c3:27:f4:78:c7:85:2a:f0:55:ac:0a:81:5c:
                    a4:ac:af:79:3b:2a:03:03:c1:53:dd:a5:f0:4d:49:
                    0f:04:97:9b:f6:54:c9:a4:99:29:6f:d2:31:20:34:
                    19:96:45:cd:2a:87:f4:95:66:4d:32:74:cc:0f:6b:
                    ac:57:da:48:ea:50:06:7a:ac:fd:b3:e1:1f:1e:38:
                    f1:7d:f2:9b:b0:5e:c0:3d:ff:0b:ba:bf:86:b3:6f:
                    a8:aa:ab:3d:ef:e4:c6:e1:87:ce:d7:55:a2:8e:8b:
                    88:64:dc:c0:d5:3f:20:b8:49:28:9e:56:36:9a:3b:
                    fd:52:29:ff:82:62:e3:fd:f0:91:53:6d:d6:0b:be:
                    5d:a3:76:22:3c:b7:f1:8e:0d:00:e1:82:54:96:57:
                    b5:25:9f:09:10:4a:d9:48:3f:31:ad:0a:8a:2f:59:
                    bf:79:46:ea:4c:0f:31:38:82:06:0f:40:02:0a:05:
                    6d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:D0:09:5D:DC:D7:01:7D:FE:DA:58:2F:0A:F1:13:21:F1:AD:80:9D
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1daf6597-c039-470d-a015-f42507e1afef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.172.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         97:25:4f:71:30:60:14:3b:5e:7b:1d:ef:80:a2:d6:b7:d6:cb:
         2e:4e:68:0b:6e:07:08:96:f4:7e:76:1b:53:9e:fe:e7:c7:db:
         7c:6f:4c:e2:2a:f7:2c:eb:40:fb:01:5b:91:58:fc:3f:d6:85:
         61:68:b7:cd:bb:64:33:99:79:4c:46:07:79:11:60:0d:4c:22:
         e2:4e:ac:76:06:e6:7e:09:db:dc:e7:8d:38:57:51:18:cb:e8:
         09:4a:b5:56:c2:f9:be:71:63:94:8a:24:07:e8:17:ec:90:5a:
         d7:92:dd:05:78:20:0a:3a:fb:e7:0a:7c:3a:6b:c5:24:96:df:
         6c:f3:07:34:c6:a5:c4:0f:5e:2b:1b:99:4f:2b:91:1d:0f:56:
         a6:ef:cf:53:22:88:60:dd:0c:0b:9d:55:81:b1:41:83:02:23:
         2b:7d:69:37:d9:9a:27:b9:bc:17:38:3e:b9:c2:b3:6e:89:f5:
         df:6c:4e:8d:be:53:f7:be:73:69:dd:e5:74:74:e2:29:b5:6a:
         6f:8d:7e:e6:31:84:c4:7a:29:07:71:41:cf:c2:ca:43:12:e3:
         96:07:23:62:ce:68:f7:c1:4b:b9:1a:f9:b0:db:88:ae:5b:91:
         fd:60:ad:85:b4:f9:65:3f:a5:4f:6e:4e:5f:a1:ac:0a:37:22:
         12:21:b4:df
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUQhehhvjZBnBVgXGhC48SfoSJbx8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA1MjEwMDAwMDBaFw0yNDA2MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDQyNDE2ZDIzZjFhMjFhOTg0MmJiNjRiYWI0MTljYmU1OGIyYzA0MGUxMmZh
YTEwMjNiNjUzMTlhMjIxYzI1NDExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALuhUZp8p34p+UCH4hbFg94rQWWOXnroswpXpbsCYlIY3X7Ej9oh/fjtLUcI
+67mD09+sk8H4h4LB+N4UipDaEwY1ybjChoEhayGWeHDJ/R4x4Uq8FWsCoFcpKyv
eTsqAwPBU92l8E1JDwSXm/ZUyaSZKW/SMSA0GZZFzSqH9JVmTTJ0zA9rrFfaSOpQ
Bnqs/bPhHx448X3ym7BewD3/C7q/hrNvqKqrPe/kxuGHztdVoo6LiGTcwNU/ILhJ
KJ5WNpo7/VIp/4Ji4/3wkVNt1gu+XaN2Ijy38Y4NAOGCVJZXtSWfCRBK2Ug/Ma0K
ii9Zv3lG6kwPMTiCBg9AAgoFbc8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRe0Ald
3NcBff7aWC8K8RMh8a2AnTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MWRhZjY1OTctYzAzOS00NzBkLWEwMTUtZjQyNTA3ZTFhZmVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOsMA0G
CSqGSIb3DQEBCwUAA4IBAQCXJU9xMGAUO157He+Aota31ssuTmgLbgcIlvR+dhtT
nv7nx9t8b0ziKvcs60D7AVuRWPw/1oVhaLfNu2QzmXlMRgd5EWANTCLiTqx2BuZ+
Cdvc5404V1EYy+gJSrVWwvm+cWOUiiQH6BfskFrXkt0FeCAKOvvnCnw6a8Uklt9s
8wc0xqXED14rG5lPK5EdD1am789TIohg3QwLnVWBsUGDAiMrfWk32ZonubwXOD65
wrNuifXfbE6NvlP3vnNp3eV0dOIptWpvjX7mMYTEeikHcUHPwspDEuOWByNizmj3
wUu5Gvmw24iuW5H9YK2FtPllP6VPbk5foawKNyISIbTf
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:38 2024 by rpki-client on console-ams.rpki-client.org