Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1f695b88-30e9-49f2-9e00-4f3fa3d354b5.roa
File:                     1f695b88-30e9-49f2-9e00-4f3fa3d354b5.roa (raw, json)
Hash identifier:          AiBG9WuOZWvT1kz5L/QgEHJalpCuUXngVP1Gb8oQq3w=
Subject key identifier:   64:03:4B:1A:C4:41:F0:0E:2B:82:12:0E:D4:BC:AD:FE:74:5C:E6:E5
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       67895153C20A183C4290199D54A09FCFC316DFEC
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1f695b88-30e9-49f2-9e00-4f3fa3d354b5.roa
Signing time:             Tue 21 May 2024 00:00:00 +0000
ROA not before:           Tue 21 May 2024 00:00:00 +0000
ROA not after:            Tue 25 Jun 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.82.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:89:51:53:c2:0a:18:3c:42:90:19:9d:54:a0:9f:cf:c3:16:df:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May 21 00:00:00 2024 GMT
            Not After : Jun 25 23:59:59 2024 GMT
        Subject: serialNumber=02d031f663bfc271fef500e3a7cb24fc5f8010cc881602a1d55b3a0632f822b5, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:2c:7f:fa:9a:cf:6a:f4:05:a1:fd:4f:90:e9:
                    c4:7a:3f:53:d8:30:89:14:01:c3:cf:7f:da:ab:bf:
                    37:1c:d6:92:30:d9:d5:53:c0:c4:ed:d5:e5:db:54:
                    d1:b3:70:d7:6d:5a:ca:10:1f:59:0c:4c:f9:2f:0a:
                    8f:bd:ab:34:88:c9:3a:6b:ed:7d:4a:b1:6d:c3:51:
                    5d:8e:3b:01:2a:e5:14:6a:21:40:ad:07:09:4b:68:
                    62:f1:b4:d4:12:47:20:29:fe:7b:9a:35:c6:ad:85:
                    f7:8e:d8:7b:3a:93:45:ce:e4:9a:22:fb:19:8f:b0:
                    b4:13:00:8b:91:f7:82:ac:0b:31:29:0a:5e:35:c4:
                    73:1a:b5:9e:9f:7b:8b:ce:19:24:da:a5:2e:65:cb:
                    ce:d3:27:1f:25:39:7a:71:4c:d0:ee:b4:fa:1b:3e:
                    f9:98:6c:30:6e:29:e3:65:39:6a:c4:8a:9f:b7:e1:
                    18:1c:45:85:6d:4e:cb:f6:a5:78:97:57:f2:e4:90:
                    13:a7:54:7c:e5:77:ab:43:ce:50:ee:ac:51:9c:58:
                    84:ae:a8:2a:55:26:46:49:d4:91:68:a7:cf:1b:f2:
                    67:56:47:be:dd:4e:57:d2:b1:08:76:bd:34:91:e5:
                    f3:7c:fe:c5:ef:0e:ba:47:6d:9f:70:4f:8b:38:4a:
                    aa:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:03:4B:1A:C4:41:F0:0E:2B:82:12:0E:D4:BC:AD:FE:74:5C:E6:E5
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1f695b88-30e9-49f2-9e00-4f3fa3d354b5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.82.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b9:6b:bd:6f:64:f5:a7:7e:ae:eb:f4:db:13:cb:5d:ae:6c:eb:
         17:9d:0b:59:86:90:6d:0e:e7:52:f4:0b:3c:97:a4:91:88:c0:
         8d:17:11:b4:4f:f6:9e:74:8b:11:98:9a:0f:fa:e0:86:d1:18:
         35:d3:d5:5c:ef:e9:1f:4b:ba:c0:31:25:ee:88:e3:31:67:31:
         49:cc:3c:80:5a:72:b8:1c:01:f6:ae:93:c2:ad:e3:59:31:c3:
         a5:88:8e:15:24:05:9a:20:1f:66:11:66:e3:20:c5:46:f1:4f:
         a3:11:19:8b:1d:1c:36:d2:a1:89:c4:de:23:7b:a2:d2:23:f6:
         13:47:c1:55:1b:40:86:a7:7e:76:8a:a3:a5:30:99:bf:a3:a1:
         7b:36:ab:ef:c9:6a:90:5f:ed:d8:e7:ea:ce:b4:44:92:0a:cc:
         8f:5b:fb:6b:85:f6:ca:bb:77:d8:d5:c8:61:d5:79:69:15:4a:
         a7:19:18:94:a3:41:d8:57:e9:ff:1c:e9:d4:55:34:10:7f:fa:
         90:4e:ea:64:57:9c:31:12:a9:e3:d7:dd:73:81:4a:06:54:1e:
         ce:2f:e5:71:6c:01:d8:ee:9f:06:0e:a5:af:2b:84:80:fc:1e:
         41:69:5a:04:d6:fa:34:83:96:35:73:d6:5d:c1:e4:72:cf:14:
         e6:dc:44:e0
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUZ4lRU8IKGDxCkBmdVKCfz8MW3+wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA1MjEwMDAwMDBaFw0yNDA2MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDAyZDAzMWY2NjNiZmMyNzFmZWY1MDBlM2E3Y2IyNGZjNWY4MDEwY2M4ODE2
MDJhMWQ1NWIzYTA2MzJmODIyYjUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJMsf/qaz2r0BaH9T5DpxHo/U9gwiRQBw89/2qu/NxzWkjDZ1VPAxO3V5dtU
0bNw121ayhAfWQxM+S8Kj72rNIjJOmvtfUqxbcNRXY47ASrlFGohQK0HCUtoYvG0
1BJHICn+e5o1xq2F947YezqTRc7kmiL7GY+wtBMAi5H3gqwLMSkKXjXEcxq1np97
i84ZJNqlLmXLztMnHyU5enFM0O60+hs++ZhsMG4p42U5asSKn7fhGBxFhW1Oy/al
eJdX8uSQE6dUfOV3q0POUO6sUZxYhK6oKlUmRknUkWinzxvyZ1ZHvt1OV9KxCHa9
NJHl83z+xe8Oukdtn3BPizhKqmsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRkA0sa
xEHwDiuCEg7UvK3+dFzm5TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MWY2OTViODgtMzBlOS00OWYyLTllMDAtNGYzZmEzZDM1NGI1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNSMA0G
CSqGSIb3DQEBCwUAA4IBAQC5a71vZPWnfq7r9NsTy12ubOsXnQtZhpBtDudS9As8
l6SRiMCNFxG0T/aedIsRmJoP+uCG0Rg109Vc7+kfS7rAMSXuiOMxZzFJzDyAWnK4
HAH2rpPCreNZMcOliI4VJAWaIB9mEWbjIMVG8U+jERmLHRw20qGJxN4je6LSI/YT
R8FVG0CGp352iqOlMJm/o6F7NqvvyWqQX+3Y5+rOtESSCsyPW/trhfbKu3fY1chh
1XlpFUqnGRiUo0HYV+n/HOnUVTQQf/qQTupkV5wxEqnj191zgUoGVB7OL+VxbAHY
7p8GDqWvK4SA/B5BaVoE1vo0g5Y1c9ZdweRyzxTm3ETg
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:42 2024 by rpki-client on console-fra.rpki-client.org