Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5a7af8cb-5cfa-4914-965e-5e6a4b8c16f5.roa
File:                     5a7af8cb-5cfa-4914-965e-5e6a4b8c16f5.roa (raw, json)
Hash identifier:          Vzbw8sEiajMbbdP8e4e2TMw5E6hjgjesZq27OTHSSSw=
Subject key identifier:   E2:74:D2:87:6C:0F:75:E3:02:05:36:70:9B:09:CD:30:69:74:46:FC
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5927C737C0E76FD4EC455C3C01FB5C0A649A6690
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5a7af8cb-5cfa-4914-965e-5e6a4b8c16f5.roa
Signing time:             Sat 08 Jun 2024 00:00:00 +0000
ROA not before:           Sat 08 Jun 2024 00:00:00 +0000
ROA not after:            Sat 13 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.112.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:27:c7:37:c0:e7:6f:d4:ec:45:5c:3c:01:fb:5c:0a:64:9a:66:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun  8 00:00:00 2024 GMT
            Not After : Jul 13 23:59:59 2024 GMT
        Subject: serialNumber=03ab4841cbc5c63bcbdca5597fc1e4f1d9d1ba1c65640145e7ee4e237c8442a1, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:78:0d:e9:34:76:68:e2:f9:b4:30:d6:da:41:
                    6b:69:be:77:97:85:ed:9a:d9:c9:b8:9a:98:06:d2:
                    50:06:83:53:60:02:d2:2a:fb:81:16:a1:62:d2:f8:
                    c6:ac:70:95:5d:ab:7e:fd:85:d7:36:59:e4:8f:55:
                    78:58:af:bd:b7:dd:d7:52:9f:b1:11:7b:8a:7f:11:
                    d5:40:1a:4e:73:46:a0:eb:dc:35:2a:49:06:d4:2b:
                    42:a1:33:0b:53:6f:d5:8a:f9:37:c4:c8:96:5d:aa:
                    55:ba:4d:87:84:a9:37:36:06:2f:ab:89:fa:1e:11:
                    62:3b:41:2a:bc:f3:8f:c9:e3:12:f1:6a:34:62:a5:
                    57:5a:18:a7:bc:c2:0b:ab:4c:fc:a9:c0:9a:20:14:
                    b3:b5:80:bf:9c:13:fe:df:b4:e2:6e:72:d9:62:8a:
                    0d:ff:82:22:c4:42:31:b8:9b:eb:dc:a8:d1:a8:72:
                    24:66:7b:6b:e6:f1:07:43:00:12:44:a4:95:52:3c:
                    74:69:c1:33:4f:5b:15:c4:bc:72:b4:3e:6f:db:3f:
                    dd:25:d7:01:6f:ae:51:84:0e:dd:f3:ed:59:57:95:
                    8f:1b:ee:56:da:34:d1:f9:b8:d6:8a:35:cf:2c:a0:
                    3a:a6:98:62:2f:13:5e:1b:1a:b5:26:d4:23:51:9b:
                    4c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:74:D2:87:6C:0F:75:E3:02:05:36:70:9B:09:CD:30:69:74:46:FC
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5a7af8cb-5cfa-4914-965e-5e6a4b8c16f5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.112.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         65:e0:a0:c5:23:ed:bb:d0:9f:8c:50:74:43:30:a6:fc:c2:21:
         3a:52:b2:f4:38:13:2c:04:29:0d:bd:3f:90:4a:74:f7:72:96:
         38:13:5e:e0:99:1d:cc:6a:56:23:7a:a1:79:8b:7e:c9:8d:ca:
         94:15:88:f8:96:5a:62:0c:f9:aa:3b:af:43:0b:1b:b9:5e:7e:
         26:5e:3d:1c:30:bd:41:42:98:bf:5c:73:c8:cf:e9:a8:42:07:
         77:87:4c:2a:54:65:83:df:86:09:8e:6e:20:c2:75:eb:15:67:
         b1:fe:44:03:bd:24:c1:6a:1a:ec:a3:82:77:b2:df:36:6f:c5:
         3a:56:5f:72:e1:dd:64:65:d5:ba:d2:1e:3b:f9:6c:d7:3e:8b:
         4c:5b:55:61:f3:75:e3:d8:fc:5e:c1:de:0b:60:f3:94:d4:59:
         ae:e8:aa:49:5f:d2:bb:18:44:66:99:6b:5f:94:2a:f3:9c:43:
         a9:ed:b0:11:d7:07:2c:7a:b7:45:92:f6:71:20:8f:4d:e6:31:
         7b:97:12:db:76:33:40:3c:51:29:89:a9:72:df:3a:40:5e:8d:
         0c:d1:dd:70:d1:93:33:76:82:2a:83:66:79:d8:8b:81:4b:95:
         15:c0:59:a1:47:f1:1b:6f:49:a4:df:78:d4:dd:a8:8f:dd:95:
         8d:22:f8:95
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUWSfHN8Dnb9TsRVw8AftcCmSaZpAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MDgwMDAwMDBaFw0yNDA3MTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDAzYWI0ODQxY2JjNWM2M2JjYmRjYTU1OTdmYzFlNGYxZDlkMWJhMWM2NTY0
MDE0NWU3ZWU0ZTIzN2M4NDQyYTExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALR4Dek0dmji+bQw1tpBa2m+d5eF7ZrZybiamAbSUAaDU2AC0ir7gRahYtL4
xqxwlV2rfv2F1zZZ5I9VeFivvbfd11KfsRF7in8R1UAaTnNGoOvcNSpJBtQrQqEz
C1Nv1Yr5N8TIll2qVbpNh4SpNzYGL6uJ+h4RYjtBKrzzj8njEvFqNGKlV1oYp7zC
C6tM/KnAmiAUs7WAv5wT/t+04m5y2WKKDf+CIsRCMbib69yo0ahyJGZ7a+bxB0MA
EkSklVI8dGnBM09bFcS8crQ+b9s/3SXXAW+uUYQO3fPtWVeVjxvuVto00fm41oo1
zyygOqaYYi8TXhsatSbUI1GbTCsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTidNKH
bA914wIFNnCbCc0waXRG/DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NWE3YWY4Y2ItNWNmYS00OTE0LTk2NWUtNWU2YTRiOGMxNmY1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNwMA0G
CSqGSIb3DQEBCwUAA4IBAQBl4KDFI+270J+MUHRDMKb8wiE6UrL0OBMsBCkNvT+Q
SnT3cpY4E17gmR3MalYjeqF5i37JjcqUFYj4llpiDPmqO69DCxu5Xn4mXj0cML1B
Qpi/XHPIz+moQgd3h0wqVGWD34YJjm4gwnXrFWex/kQDvSTBahrso4J3st82b8U6
Vl9y4d1kZdW60h47+WzXPotMW1Vh83Xj2Pxewd4LYPOU1Fmu6KpJX9K7GERmmWtf
lCrznEOp7bAR1wcserdFkvZxII9N5jF7lxLbdjNAPFEpialy3zpAXo0M0d1w0ZMz
doIqg2Z52IuBS5UVwFmhR/Ebb0mk33jU3aiP3ZWNIviV
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:42 2024 by rpki-client on console-fra.rpki-client.org