Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/637faf4e-e17d-469d-ba49-65a44716cb68.roa
File:                     637faf4e-e17d-469d-ba49-65a44716cb68.roa (raw, json)
Hash identifier:          QFlhHf+rdF1meNfwEK2hWCAkbgP6SbII2QMNLn8pt3s=
Subject key identifier:   A9:B3:C5:9C:52:BF:1C:CB:FE:B7:8C:BC:85:5F:6C:57:91:4E:10:E8
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       66D7D7D1F9D8C2FA2225B4775F27524CE723ED35
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/637faf4e-e17d-469d-ba49-65a44716cb68.roa
Signing time:             Mon 17 Jun 2024 00:00:00 +0000
ROA not before:           Mon 17 Jun 2024 00:00:00 +0000
ROA not after:            Mon 22 Jul 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.128.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:d7:d7:d1:f9:d8:c2:fa:22:25:b4:77:5f:27:52:4c:e7:23:ed:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 17 00:00:00 2024 GMT
            Not After : Jul 22 23:59:59 2024 GMT
        Subject: serialNumber=7ca6e6fe04f44db5d907ca75e231a1f931401791d98a1de0191a38f83de92599, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7f:be:5b:73:ee:ef:1f:57:d1:0a:99:27:b4:
                    57:ed:0a:94:48:f6:e4:53:2b:9b:57:d6:93:b3:a2:
                    b4:0d:c2:15:27:66:3f:ba:08:99:bc:d1:2c:ac:2e:
                    98:e2:4c:b2:e2:26:7d:ec:6c:96:58:3c:3e:39:40:
                    d8:df:05:8e:f0:8b:59:52:ac:a7:c7:90:b8:8a:4a:
                    66:92:e7:d1:fe:dc:54:94:d4:f1:6c:21:b1:41:00:
                    0e:15:cd:48:c1:02:91:65:17:c6:2e:8e:7e:1e:81:
                    36:2a:6d:d9:19:77:76:56:a2:89:95:04:f0:b1:3d:
                    92:da:06:d2:95:7e:f1:c1:62:7c:fc:30:6b:3c:0c:
                    6e:36:b4:32:a7:b4:ad:8d:41:8a:d7:94:6a:a6:65:
                    38:99:5e:09:b6:4c:ef:31:a3:fc:f9:28:18:f3:55:
                    3d:b4:06:ce:e2:01:e6:26:af:68:48:9e:e5:ff:af:
                    01:c0:1c:8b:40:18:fd:c8:24:ca:34:b6:13:d1:7e:
                    cb:75:5d:1b:28:c6:6a:01:41:09:16:6b:7b:ce:3d:
                    12:a1:8f:c6:0b:c5:ea:2e:95:12:fa:e0:5f:ef:ee:
                    42:be:60:5c:24:f0:8d:22:6c:53:9c:99:2f:48:c2:
                    7c:13:aa:b9:80:47:63:63:90:d2:47:fb:59:a4:f4:
                    26:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:B3:C5:9C:52:BF:1C:CB:FE:B7:8C:BC:85:5F:6C:57:91:4E:10:E8
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/637faf4e-e17d-469d-ba49-65a44716cb68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.128.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c9:7a:00:41:c6:7f:18:61:3f:58:4c:fa:43:c1:7e:81:cb:c1:
         ee:a8:59:f0:4c:b1:9d:45:63:1f:92:df:1c:d6:27:ea:e8:2c:
         71:91:0a:00:96:f9:20:a7:8a:32:16:76:94:fa:7e:82:e4:58:
         c1:95:ec:c9:4a:55:64:42:aa:36:29:2a:bf:df:5c:0d:7d:e6:
         a1:76:10:5f:6a:52:c6:9c:d8:48:dd:6a:01:eb:de:82:21:6c:
         9b:94:d4:35:fc:ed:20:1e:94:d3:f7:dc:87:63:da:ac:db:cb:
         2a:04:94:ae:c9:2b:b8:11:68:31:4d:06:fa:d8:fa:8d:e4:68:
         58:0a:d7:d2:b1:d0:9c:c1:db:65:2a:bb:71:5e:07:9a:36:7d:
         45:2d:d2:53:91:e6:ec:9c:b7:3d:e1:e0:89:81:43:40:c1:59:
         ef:eb:01:5c:61:b4:f9:59:7f:cd:74:cb:9d:31:90:3e:51:28:
         b3:95:2e:93:76:8f:88:4d:d6:5a:3c:f8:cb:8c:39:4e:16:ad:
         d5:0b:a9:23:31:11:b3:64:ef:91:4b:79:78:0a:2d:e1:82:a0:
         70:f0:0c:04:91:a0:4f:d6:29:00:4d:42:2e:28:7d:74:0f:64:
         b2:00:3b:40:c7:14:da:c9:0e:ea:f7:7e:73:c5:6e:69:d9:0b:
         25:56:35:95
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUZtfX0fnYwvoiJbR3XydSTOcj7TUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MTcwMDAwMDBaFw0yNDA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDdjYTZlNmZlMDRmNDRkYjVkOTA3Y2E3NWUyMzFhMWY5MzE0MDE3OTFkOThh
MWRlMDE5MWEzOGY4M2RlOTI1OTkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJZ/vltz7u8fV9EKmSe0V+0KlEj25FMrm1fWk7OitA3CFSdmP7oImbzRLKwu
mOJMsuImfexsllg8PjlA2N8FjvCLWVKsp8eQuIpKZpLn0f7cVJTU8WwhsUEADhXN
SMECkWUXxi6Ofh6BNipt2Rl3dlaiiZUE8LE9ktoG0pV+8cFifPwwazwMbja0Mqe0
rY1BiteUaqZlOJleCbZM7zGj/PkoGPNVPbQGzuIB5iavaEie5f+vAcAci0AY/cgk
yjS2E9F+y3VdGyjGagFBCRZre849EqGPxgvF6i6VEvrgX+/uQr5gXCTwjSJsU5yZ
L0jCfBOquYBHY2OQ0kf7WaT0Jj0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSps8Wc
Ur8cy/63jLyFX2xXkU4Q6DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjM3ZmFmNGUtZTE3ZC00NjlkLWJhNDktNjVhNDQ3MTZjYjY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOAMA0G
CSqGSIb3DQEBCwUAA4IBAQDJegBBxn8YYT9YTPpDwX6By8HuqFnwTLGdRWMfkt8c
1ifq6CxxkQoAlvkgp4oyFnaU+n6C5FjBlezJSlVkQqo2KSq/31wNfeahdhBfalLG
nNhI3WoB696CIWyblNQ1/O0gHpTT99yHY9qs28sqBJSuySu4EWgxTQb62PqN5GhY
CtfSsdCcwdtlKrtxXgeaNn1FLdJTkebsnLc94eCJgUNAwVnv6wFcYbT5WX/NdMud
MZA+USizlS6Tdo+ITdZaPPjLjDlOFq3VC6kjMRGzZO+RS3l4Ci3hgqBw8AwEkaBP
1ikATUIuKH10D2SyADtAxxTayQ7q935zxW5p2QslVjWV
-----END CERTIFICATE-----
Generated at Wed Jun 26 02:09:55 2024 by rpki-client on console-ams.rpki-client.org