Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/49b2b5d5-46a7-42a3-9900-bcb7e3edffdb.roa
File:                     49b2b5d5-46a7-42a3-9900-bcb7e3edffdb.roa (raw, json)
Hash identifier:          lBOoZwOwc/vuijUq0ddcEdKz1TBii7TA4mQ86miuFR4=
Subject key identifier:   88:DF:08:23:EF:34:2A:28:FE:0F:22:0A:72:50:3F:16:F8:31:F2:8C
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       793C4B7A232519D241D9E3C655FBF9703900BCA0
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/49b2b5d5-46a7-42a3-9900-bcb7e3edffdb.roa
Signing time:             Tue 21 May 2024 00:00:00 +0000
ROA not before:           Tue 21 May 2024 00:00:00 +0000
ROA not after:            Tue 25 Jun 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.192.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:3c:4b:7a:23:25:19:d2:41:d9:e3:c6:55:fb:f9:70:39:00:bc:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May 21 00:00:00 2024 GMT
            Not After : Jun 25 23:59:59 2024 GMT
        Subject: serialNumber=4f0edec3af8c8b5f51e8d966d599c56985cd39b29a2ee4d6915329cf948909be, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:62:86:23:41:11:5d:c0:33:da:42:51:b6:2b:
                    62:4d:39:e3:4a:84:3e:42:c2:3b:2f:28:26:ba:47:
                    05:55:37:8f:f2:71:45:93:64:70:93:18:cb:1a:ab:
                    ca:f8:29:df:26:67:23:b0:32:e1:a4:52:23:29:5d:
                    ed:28:83:9b:73:e8:d3:9f:34:e0:72:1d:61:20:79:
                    95:62:7c:1e:fa:2f:e4:1e:09:16:eb:1a:14:08:cb:
                    82:58:44:b5:2c:fb:02:ec:97:7b:e5:d7:ba:00:7b:
                    a3:93:ab:74:53:de:3c:48:a7:cc:bb:c0:39:0f:12:
                    26:1f:07:59:64:63:7c:af:1b:d4:81:8c:6c:49:8c:
                    2a:f0:ce:09:cc:5e:f0:d7:2d:5c:2c:be:27:c6:aa:
                    7b:b4:c2:c4:de:fb:7e:25:ef:cd:72:69:60:eb:1c:
                    cc:6d:3c:3b:94:19:a8:73:30:c9:db:8b:0b:71:88:
                    03:ec:54:a3:8a:25:6a:69:f4:f6:50:64:2c:5c:42:
                    56:62:4e:a6:22:22:e7:35:9b:77:ea:2b:45:de:a8:
                    c0:24:07:4a:c5:47:d3:d6:2c:15:c4:61:e6:f4:ed:
                    3c:07:2c:67:1e:59:b5:33:eb:03:db:20:37:3d:c9:
                    0a:28:ab:cf:32:dc:59:da:ee:9a:29:91:ae:de:2e:
                    8f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:DF:08:23:EF:34:2A:28:FE:0F:22:0A:72:50:3F:16:F8:31:F2:8C
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/49b2b5d5-46a7-42a3-9900-bcb7e3edffdb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.192.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         39:37:ae:01:d7:b1:7e:88:ec:e2:e4:69:33:fe:95:99:3c:80:
         f1:92:ed:75:b6:42:1b:f3:a1:ca:d1:dd:19:64:d0:28:c6:ce:
         78:61:22:87:37:d6:75:bc:c3:27:a3:72:87:22:90:c2:38:f9:
         6f:d2:e7:35:2c:ea:33:55:1d:ee:0e:58:5b:90:9b:89:89:5a:
         8b:58:e0:cd:de:a2:dd:04:b5:a6:41:cc:53:14:98:72:ea:5e:
         86:57:40:a9:20:f0:6e:b7:f0:f0:67:51:92:07:88:f6:5b:d0:
         5c:70:83:95:6b:09:27:a7:48:17:8c:3e:9a:2f:6f:7f:de:0d:
         bf:26:26:0d:fa:61:64:8a:70:30:e0:ee:e2:08:3f:e0:ab:28:
         5c:6c:4b:47:6c:40:09:90:9d:7a:82:73:54:c7:88:b7:d1:ed:
         9f:29:86:49:ed:3f:38:df:98:af:24:64:1e:cb:37:2d:40:07:
         af:41:fe:6f:f3:1f:9f:14:e6:e3:1f:14:ae:37:58:47:4b:6f:
         f1:96:fd:64:6f:72:1a:c8:fa:c2:fa:aa:01:73:27:0e:27:3f:
         f8:f8:e8:42:2c:c3:84:c3:eb:2a:ea:4a:f2:ed:a3:d3:7c:60:
         47:c0:ea:09:4c:c4:2b:d7:b2:15:44:72:4b:09:86:41:07:ac:
         d5:89:f8:4b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUeTxLeiMlGdJB2ePGVfv5cDkAvKAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA1MjEwMDAwMDBaFw0yNDA2MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDRmMGVkZWMzYWY4YzhiNWY1MWU4ZDk2NmQ1OTljNTY5ODVjZDM5YjI5YTJl
ZTRkNjkxNTMyOWNmOTQ4OTA5YmUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK1ihiNBEV3AM9pCUbYrYk0540qEPkLCOy8oJrpHBVU3j/JxRZNkcJMYyxqr
yvgp3yZnI7Ay4aRSIyld7SiDm3Po05804HIdYSB5lWJ8Hvov5B4JFusaFAjLglhE
tSz7AuyXe+XXugB7o5OrdFPePEinzLvAOQ8SJh8HWWRjfK8b1IGMbEmMKvDOCcxe
8NctXCy+J8aqe7TCxN77fiXvzXJpYOsczG08O5QZqHMwyduLC3GIA+xUo4olamn0
9lBkLFxCVmJOpiIi5zWbd+orRd6owCQHSsVH09YsFcRh5vTtPAcsZx5ZtTPrA9sg
Nz3JCiirzzLcWdrumimRrt4ujwMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSI3wgj
7zQqKP4PIgpyUD8W+DHyjDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDliMmI1ZDUtNDZhNy00MmEzLTk5MDAtYmNiN2UzZWRmZmRiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPAMA0G
CSqGSIb3DQEBCwUAA4IBAQA5N64B17F+iOzi5Gkz/pWZPIDxku11tkIb86HK0d0Z
ZNAoxs54YSKHN9Z1vMMno3KHIpDCOPlv0uc1LOozVR3uDlhbkJuJiVqLWODN3qLd
BLWmQcxTFJhy6l6GV0CpIPBut/DwZ1GSB4j2W9BccIOVawknp0gXjD6aL29/3g2/
JiYN+mFkinAw4O7iCD/gqyhcbEtHbEAJkJ16gnNUx4i30e2fKYZJ7T8435ivJGQe
yzctQAevQf5v8x+fFObjHxSuN1hHS2/xlv1kb3IayPrC+qoBcycOJz/4+OhCLMOE
w+sq6kry7aPTfGBHwOoJTMQr17IVRHJLCYZBB6zVifhL
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:42 2024 by rpki-client on console-fra.rpki-client.org