Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/637faf4e-e17d-469d-ba49-65a44716cb68.roa
File:                     637faf4e-e17d-469d-ba49-65a44716cb68.roa (raw, json)
Hash identifier:          lJhAIa4WW8BYG40diMq6lhDfudMeG3swWqUPFazrLYs=
Subject key identifier:   6F:9B:6A:37:E5:C4:B0:84:48:CC:D1:B3:A4:D8:D8:4C:16:9B:DB:03
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       15409E5F445E0897C6DEF313FD08608FF77E935D
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/637faf4e-e17d-469d-ba49-65a44716cb68.roa
Signing time:             Tue 21 May 2024 00:00:00 +0000
ROA not before:           Tue 21 May 2024 00:00:00 +0000
ROA not after:            Tue 25 Jun 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.128.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:40:9e:5f:44:5e:08:97:c6:de:f3:13:fd:08:60:8f:f7:7e:93:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May 21 00:00:00 2024 GMT
            Not After : Jun 25 23:59:59 2024 GMT
        Subject: serialNumber=85c540a5d42d3342a0e47cd4a4cc693068664db6a3d019ff6a8c27ba67b86808, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d5:7b:3d:f8:82:82:5e:38:22:54:c1:a7:95:
                    79:75:8c:44:90:24:7e:86:67:ef:bc:ce:41:7e:d4:
                    70:a5:1b:62:ed:d0:aa:66:1a:fa:c8:77:ed:0d:2e:
                    87:db:e3:c2:73:71:f0:4a:6a:6c:0a:e3:49:f3:f7:
                    20:48:aa:cd:a6:ec:12:90:7b:57:fc:b7:a2:c0:58:
                    a7:b5:5a:04:1a:95:78:35:75:fc:82:44:96:2a:1d:
                    b3:97:c8:70:f6:de:bc:e1:45:7f:5f:66:fb:57:08:
                    34:28:41:20:1d:0e:53:2d:08:32:d0:2f:57:6c:c9:
                    31:8d:a5:e9:b9:b3:73:e5:8e:f5:47:ff:af:13:dd:
                    48:95:4e:ae:7b:e2:15:c8:93:04:14:e8:ff:f6:56:
                    97:2c:0e:53:fa:6a:83:c2:f7:e6:61:3b:3a:a3:e8:
                    12:73:04:4c:ba:be:83:4f:f4:75:b3:a7:73:db:99:
                    33:55:e7:f9:af:e3:81:35:7e:a6:2a:bd:12:5b:fa:
                    ce:84:df:36:98:fb:9d:cb:c3:9a:5e:74:57:20:aa:
                    81:30:2f:67:0f:0a:e3:ee:f5:73:59:78:fa:70:78:
                    4b:fb:39:a5:cf:dd:dc:90:64:e7:1e:6a:9b:55:c6:
                    c3:e9:52:ba:f2:a8:78:bb:23:69:5f:0a:1e:5d:83:
                    9c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:9B:6A:37:E5:C4:B0:84:48:CC:D1:B3:A4:D8:D8:4C:16:9B:DB:03
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/637faf4e-e17d-469d-ba49-65a44716cb68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.128.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         15:a0:fd:b6:02:ba:5c:9d:b5:f9:ad:22:fb:bc:a6:fb:30:e4:
         34:39:f9:64:bf:69:eb:1b:6f:6d:8e:c3:1b:4c:b6:e4:ab:41:
         6b:b7:8c:71:0e:a7:f8:83:14:3f:d7:f0:77:ae:15:39:4f:81:
         57:5b:bb:8c:e5:eb:25:8b:3b:c5:a9:24:87:62:c5:18:e0:a4:
         8c:76:9e:7d:21:6b:04:9a:eb:19:a9:31:5f:8f:7b:fa:4b:3b:
         80:c5:18:17:a4:c4:ed:85:61:8d:6d:de:5d:97:04:8e:66:ea:
         9f:1e:91:8f:0e:23:49:28:22:85:98:1b:64:dc:d1:e9:bf:89:
         04:5f:2e:20:92:81:fe:29:3c:e9:09:1c:a6:7c:42:57:e3:29:
         ad:9e:45:4d:ae:1a:2f:d0:e3:ef:d4:09:d8:84:9e:d4:be:d3:
         ee:f5:cb:e1:c7:9f:58:10:dd:ad:dc:50:e6:3c:5b:d6:31:ac:
         28:92:d1:fe:e1:23:31:40:f5:6f:62:dd:54:d6:28:eb:ba:8c:
         a0:1b:78:c7:d7:9a:97:72:0f:e0:c0:c5:b0:8e:1e:c3:af:8a:
         2f:21:76:34:d4:78:5f:3a:b7:b8:97:2e:0f:15:60:34:06:29:
         b5:d4:1b:47:1f:f9:9a:f9:66:a4:97:8b:9f:d7:38:bb:22:ea:
         74:ad:53:d4
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUFUCeX0ReCJfG3vMT/Qhgj/d+k10wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA1MjEwMDAwMDBaFw0yNDA2MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDg1YzU0MGE1ZDQyZDMzNDJhMGU0N2NkNGE0Y2M2OTMwNjg2NjRkYjZhM2Qw
MTlmZjZhOGMyN2JhNjdiODY4MDgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJfVez34goJeOCJUwaeVeXWMRJAkfoZn77zOQX7UcKUbYu3QqmYa+sh37Q0u
h9vjwnNx8EpqbArjSfP3IEiqzabsEpB7V/y3osBYp7VaBBqVeDV1/IJEliods5fI
cPbevOFFf19m+1cINChBIB0OUy0IMtAvV2zJMY2l6bmzc+WO9Uf/rxPdSJVOrnvi
FciTBBTo//ZWlywOU/pqg8L35mE7OqPoEnMETLq+g0/0dbOnc9uZM1Xn+a/jgTV+
piq9Elv6zoTfNpj7ncvDml50VyCqgTAvZw8K4+71c1l4+nB4S/s5pc/d3JBk5x5q
m1XGw+lSuvKoeLsjaV8KHl2DnKcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRvm2o3
5cSwhEjM0bOk2NhMFpvbAzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjM3ZmFmNGUtZTE3ZC00NjlkLWJhNDktNjVhNDQ3MTZjYjY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOAMA0G
CSqGSIb3DQEBCwUAA4IBAQAVoP22ArpcnbX5rSL7vKb7MOQ0Oflkv2nrG29tjsMb
TLbkq0Frt4xxDqf4gxQ/1/B3rhU5T4FXW7uM5eslizvFqSSHYsUY4KSMdp59IWsE
musZqTFfj3v6SzuAxRgXpMTthWGNbd5dlwSOZuqfHpGPDiNJKCKFmBtk3NHpv4kE
Xy4gkoH+KTzpCRymfEJX4ymtnkVNrhov0OPv1AnYhJ7UvtPu9cvhx59YEN2t3FDm
PFvWMawoktH+4SMxQPVvYt1U1ijruoygG3jH15qXcg/gwMWwjh7Dr4ovIXY01Hhf
Ore4ly4PFWA0Bim11BtHH/ma+Wakl4uf1zi7Iup0rVPU
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:39 2024 by rpki-client on console-ams.rpki-client.org