Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1f695b88-30e9-49f2-9e00-4f3fa3d354b5.roa
File:                     1f695b88-30e9-49f2-9e00-4f3fa3d354b5.roa (raw, json)
Hash identifier:          BCyuOISV8kKFs+hffkD8tuqo0UDNPsaOsucHzNC0GGQ=
Subject key identifier:   CD:FB:A9:B1:6A:F0:A7:52:06:59:FB:0F:F3:E2:6C:D1:2A:2B:A3:F3
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       06B8A3ABF6BD5D0A0C8D8ACB565E3CED6431A651
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1f695b88-30e9-49f2-9e00-4f3fa3d354b5.roa
Signing time:             Mon 17 Jun 2024 00:00:00 +0000
ROA not before:           Mon 17 Jun 2024 00:00:00 +0000
ROA not after:            Mon 22 Jul 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.82.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:b8:a3:ab:f6:bd:5d:0a:0c:8d:8a:cb:56:5e:3c:ed:64:31:a6:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 17 00:00:00 2024 GMT
            Not After : Jul 22 23:59:59 2024 GMT
        Subject: serialNumber=12f8f24aea6ed6522379de07357bb45b5d7cd2948d55cf71789dda90cb68278d, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ea:13:84:77:29:83:c2:ff:32:ab:b1:e0:3e:
                    02:9d:eb:ed:4f:be:bb:6b:8d:bf:ac:d8:51:da:75:
                    7a:9b:bd:7f:e8:2b:73:86:00:52:d3:a8:e5:5a:eb:
                    56:fa:72:d4:db:e8:52:0b:c3:26:8e:56:83:b4:a4:
                    48:66:71:98:b8:82:5d:cf:13:d9:d4:bc:94:64:82:
                    b1:b4:c9:e6:f4:c8:5a:22:12:01:81:b8:98:a7:14:
                    42:ec:f2:9f:68:f1:6a:93:11:56:ca:a8:89:1f:e8:
                    c0:d7:2a:6f:fb:4e:d2:06:c5:24:0e:71:53:d0:5b:
                    a8:bd:3c:b1:49:73:23:6c:58:ca:17:68:4b:c3:3d:
                    02:db:88:c9:92:f3:bd:11:b7:1c:0d:68:46:39:99:
                    b1:02:25:fe:53:c6:fd:81:d0:2d:cc:e8:b3:87:77:
                    a4:c5:49:d2:e0:06:95:8b:2a:ca:5e:29:55:db:15:
                    42:09:b6:d4:b9:05:01:8a:d4:66:dc:12:00:7f:4a:
                    c8:72:98:b9:8d:e1:8b:d7:6d:bd:59:c3:52:5a:63:
                    03:ca:06:3b:e7:b8:8b:15:d9:f0:a4:c7:4b:84:97:
                    46:f0:b2:89:21:67:97:33:1b:66:26:2b:c1:3f:0b:
                    7a:7e:90:83:27:8e:f3:4d:14:84:e6:1c:90:e3:8d:
                    c2:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:FB:A9:B1:6A:F0:A7:52:06:59:FB:0F:F3:E2:6C:D1:2A:2B:A3:F3
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1f695b88-30e9-49f2-9e00-4f3fa3d354b5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.82.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         43:81:b8:03:4c:76:6c:c2:e5:8f:34:14:eb:83:7f:9b:ac:c4:
         93:54:13:f4:03:7e:3e:51:06:00:f8:b9:cf:c8:6b:42:58:d2:
         2b:8d:dc:00:3d:63:8f:0a:5a:77:d7:1f:18:fb:e5:18:4b:87:
         80:fd:c3:87:4c:ae:74:e2:8f:8e:ef:f2:25:82:cb:5d:72:2a:
         6f:cb:ad:c1:cd:26:3f:e8:a0:25:67:d0:23:e4:5c:e1:86:50:
         d9:3f:b1:42:56:a6:0d:d6:66:c6:a1:2b:60:62:2e:f6:24:5a:
         3d:6c:bd:f4:1f:76:5e:25:8f:26:6b:b8:94:7e:12:a8:e2:d5:
         eb:36:b6:c2:38:a9:e4:b2:b3:d6:eb:b9:86:20:1b:55:b0:63:
         71:ed:ea:c7:11:be:3d:07:58:a6:02:6f:0c:00:95:90:be:bb:
         fb:b7:3b:ad:0a:27:c2:ba:71:e6:5c:3a:ba:65:8e:11:68:61:
         00:d9:2e:06:04:73:d0:bc:3d:01:88:b0:96:3c:36:2c:cb:86:
         d2:d0:3e:cd:da:95:9f:4b:92:ed:69:9c:48:bd:25:d8:21:fe:
         fd:07:70:11:59:e3:8f:ea:d0:23:39:05:29:ae:9e:2d:91:e7:
         25:80:c4:4a:1b:ab:c9:f3:f0:67:6f:24:83:70:83:f6:30:03:
         c7:ad:a1:9f
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUBrijq/a9XQoMjYrLVl487WQxplEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MTcwMDAwMDBaFw0yNDA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDEyZjhmMjRhZWE2ZWQ2NTIyMzc5ZGUwNzM1N2JiNDViNWQ3Y2QyOTQ4ZDU1
Y2Y3MTc4OWRkYTkwY2I2ODI3OGQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKjqE4R3KYPC/zKrseA+Ap3r7U++u2uNv6zYUdp1epu9f+grc4YAUtOo5Vrr
Vvpy1NvoUgvDJo5Wg7SkSGZxmLiCXc8T2dS8lGSCsbTJ5vTIWiISAYG4mKcUQuzy
n2jxapMRVsqoiR/owNcqb/tO0gbFJA5xU9BbqL08sUlzI2xYyhdoS8M9AtuIyZLz
vRG3HA1oRjmZsQIl/lPG/YHQLczos4d3pMVJ0uAGlYsqyl4pVdsVQgm21LkFAYrU
ZtwSAH9KyHKYuY3hi9dtvVnDUlpjA8oGO+e4ixXZ8KTHS4SXRvCyiSFnlzMbZiYr
wT8Len6QgyeO800UhOYckOONwgkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTN+6mx
avCnUgZZ+w/z4mzRKiuj8zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MWY2OTViODgtMzBlOS00OWYyLTllMDAtNGYzZmEzZDM1NGI1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNSMA0G
CSqGSIb3DQEBCwUAA4IBAQBDgbgDTHZswuWPNBTrg3+brMSTVBP0A34+UQYA+LnP
yGtCWNIrjdwAPWOPClp31x8Y++UYS4eA/cOHTK504o+O7/Ilgstdcipvy63BzSY/
6KAlZ9Aj5FzhhlDZP7FCVqYN1mbGoStgYi72JFo9bL30H3ZeJY8ma7iUfhKo4tXr
NrbCOKnksrPW67mGIBtVsGNx7erHEb49B1imAm8MAJWQvrv7tzutCifCunHmXDq6
ZY4RaGEA2S4GBHPQvD0BiLCWPDYsy4bS0D7N2pWfS5LtaZxIvSXYIf79B3ARWeOP
6tAjOQUprp4tkeclgMRKG6vJ8/BnbySDcIP2MAPHraGf
-----END CERTIFICATE-----
Generated at Wed Jun 26 02:09:55 2024 by rpki-client on console-ams.rpki-client.org