Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/49b2b5d5-46a7-42a3-9900-bcb7e3edffdb.roa
File:                     49b2b5d5-46a7-42a3-9900-bcb7e3edffdb.roa (raw, json)
Hash identifier:          a2oaH7WBGT9Bu3+BobSvRDN96U//+IDT8Q0rzVcovAA=
Subject key identifier:   23:5F:14:F0:57:3E:FF:88:22:B2:04:82:F1:0D:56:37:44:41:08:58
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       73F04BCC19D1DA9AB734181B4C3A9F3D36EA7ECA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/49b2b5d5-46a7-42a3-9900-bcb7e3edffdb.roa
Signing time:             Mon 17 Jun 2024 00:00:00 +0000
ROA not before:           Mon 17 Jun 2024 00:00:00 +0000
ROA not after:            Mon 22 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.192.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:f0:4b:cc:19:d1:da:9a:b7:34:18:1b:4c:3a:9f:3d:36:ea:7e:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 17 00:00:00 2024 GMT
            Not After : Jul 22 23:59:59 2024 GMT
        Subject: serialNumber=f8e647ea0b51316d0008d15c00e4e814b41fbc34baf74c20f866091f63141131, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:db:a3:a5:9a:df:6c:88:41:12:8f:61:1d:76:
                    35:17:f4:07:8a:a7:1b:13:44:4c:2d:b4:7d:29:24:
                    bb:b5:eb:50:57:d0:02:b6:ab:59:4b:a9:95:51:6f:
                    ad:e8:9f:ea:b7:d7:69:03:bb:42:e6:bb:b7:79:b3:
                    68:d8:b0:3d:8b:d6:f5:05:e1:22:d2:94:ac:f1:20:
                    e3:12:0e:93:e9:cb:22:e1:cf:6f:7c:1f:60:c3:36:
                    f2:9f:60:fd:cb:10:37:c6:d4:c2:2a:66:09:70:c7:
                    bf:2b:e6:1a:2e:4a:d2:4c:85:db:fa:f9:e6:71:97:
                    84:ee:17:c0:46:e7:be:05:ca:77:cd:71:d7:31:80:
                    10:08:3f:4c:af:03:ad:a1:f7:7c:21:ba:45:25:40:
                    73:b8:11:1f:38:36:25:3b:34:33:39:54:cb:ac:44:
                    4a:bc:2f:08:12:fa:cc:79:67:a9:3a:bc:9e:24:24:
                    35:83:7c:e0:c4:de:b1:2c:9d:b4:2b:d7:ed:a9:51:
                    5f:44:42:d0:2b:ec:fb:c7:e9:ef:d1:f3:c0:e2:cd:
                    b8:69:4f:60:56:f7:21:20:71:14:b9:39:d3:07:c7:
                    02:9d:82:33:14:94:8b:5b:a1:1f:ff:91:34:18:9d:
                    2e:f4:81:6c:70:8b:cb:d9:0d:b5:ad:06:55:c9:a9:
                    7b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:5F:14:F0:57:3E:FF:88:22:B2:04:82:F1:0D:56:37:44:41:08:58
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/49b2b5d5-46a7-42a3-9900-bcb7e3edffdb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.192.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         90:aa:ad:09:de:6a:ae:3d:67:83:97:f3:d1:3d:3e:c0:b6:2a:
         06:85:dc:ec:29:63:b5:9b:ba:8f:70:fd:34:5b:25:75:12:a5:
         c2:6f:33:5a:7d:12:aa:97:ab:e0:18:66:3e:c3:49:5a:d0:72:
         b5:9a:d5:de:d1:06:58:d4:18:27:e8:9d:8d:75:6c:21:8f:c1:
         20:92:03:22:15:0e:28:0d:89:92:81:55:ff:ce:dd:31:ca:bd:
         21:01:6c:96:44:df:42:ce:2e:0e:c7:4f:05:c4:9f:da:35:07:
         cd:49:0c:cf:8a:de:71:69:18:f5:bd:c8:f5:a2:6b:a9:35:96:
         c1:83:77:ab:11:f2:42:84:f6:aa:f4:e7:9e:4a:cf:18:43:07:
         04:ad:a6:e0:02:bf:57:18:10:e2:20:2d:cc:b8:e2:fb:14:95:
         eb:9a:2f:0a:9a:06:41:cb:cd:53:6a:7a:29:7c:3b:2e:ce:be:
         fe:2b:24:b9:2e:ac:76:da:39:e2:ed:7f:40:24:e0:38:1d:ee:
         5c:05:b1:e0:cc:fe:1e:cc:8e:c7:f8:f0:e9:d8:41:ae:09:d8:
         26:a7:96:e5:2d:ac:c8:91:2b:26:bc:da:46:32:fd:7a:36:60:
         ed:26:ab:87:09:04:5e:d8:82:01:b7:0f:87:48:9a:74:f1:c3:
         0f:63:26:af
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUc/BLzBnR2pq3NBgbTDqfPTbqfsowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MTcwMDAwMDBaFw0yNDA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQGY4ZTY0N2VhMGI1MTMxNmQwMDA4ZDE1YzAwZTRlODE0YjQxZmJjMzRiYWY3
NGMyMGY4NjYwOTFmNjMxNDExMzExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMrbo6Wa32yIQRKPYR12NRf0B4qnGxNETC20fSkku7XrUFfQArarWUuplVFv
reif6rfXaQO7Qua7t3mzaNiwPYvW9QXhItKUrPEg4xIOk+nLIuHPb3wfYMM28p9g
/csQN8bUwipmCXDHvyvmGi5K0kyF2/r55nGXhO4XwEbnvgXKd81x1zGAEAg/TK8D
raH3fCG6RSVAc7gRHzg2JTs0MzlUy6xESrwvCBL6zHlnqTq8niQkNYN84MTesSyd
tCvX7alRX0RC0Cvs+8fp79HzwOLNuGlPYFb3ISBxFLk50wfHAp2CMxSUi1uhH/+R
NBidLvSBbHCLy9kNta0GVcmpe/MCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQjXxTw
Vz7/iCKyBILxDVY3REEIWDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDliMmI1ZDUtNDZhNy00MmEzLTk5MDAtYmNiN2UzZWRmZmRiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPAMA0G
CSqGSIb3DQEBCwUAA4IBAQCQqq0J3mquPWeDl/PRPT7AtioGhdzsKWO1m7qPcP00
WyV1EqXCbzNafRKql6vgGGY+w0la0HK1mtXe0QZY1Bgn6J2NdWwhj8EgkgMiFQ4o
DYmSgVX/zt0xyr0hAWyWRN9Czi4Ox08FxJ/aNQfNSQzPit5xaRj1vcj1omupNZbB
g3erEfJChPaq9OeeSs8YQwcErabgAr9XGBDiIC3MuOL7FJXrmi8KmgZBy81Tanop
fDsuzr7+KyS5Lqx22jni7X9AJOA4He5cBbHgzP4ezI7H+PDp2EGuCdgmp5blLazI
kSsmvNpGMv16NmDtJquHCQRe2IIBtw+HSJp08cMPYyav
-----END CERTIFICATE-----
Generated at Wed Jun 26 02:09:55 2024 by rpki-client on console-ams.rpki-client.org