Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/89aac802-59d0-4631-a004-2a1c6311b27f.roa
File:                     89aac802-59d0-4631-a004-2a1c6311b27f.roa (raw, json)
Hash identifier:          vFQFR+g9daxKSk6MqH6LQP65f8ABxQwP/ayWbPUCg4I=
Subject key identifier:   8F:67:07:94:2D:3E:73:CB:21:C9:78:D4:4C:E9:F4:73:F8:A0:3E:4F
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5A9F854C4908D7AD35E0080D0ECA5D258FE5E5CF
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/89aac802-59d0-4631-a004-2a1c6311b27f.roa
Signing time:             Tue 21 May 2024 00:00:00 +0000
ROA not before:           Tue 21 May 2024 00:00:00 +0000
ROA not after:            Tue 25 Jun 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.196.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:9f:85:4c:49:08:d7:ad:35:e0:08:0d:0e:ca:5d:25:8f:e5:e5:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May 21 00:00:00 2024 GMT
            Not After : Jun 25 23:59:59 2024 GMT
        Subject: serialNumber=22e727b9aa1bfe84e41e33c81f55eede9e7059adc7540956e07cffeee64d1081, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:28:b9:ad:53:68:f9:06:d6:9a:b6:81:64:2f:
                    16:d3:ca:86:0c:89:d0:54:0f:69:79:c0:27:1c:53:
                    a7:34:b5:79:48:c9:73:b4:79:15:79:5e:80:81:cc:
                    a4:d3:a6:59:d7:07:3a:3c:c6:ae:96:60:4d:90:f1:
                    10:b7:2b:5f:25:c8:98:2b:8f:2a:6c:2b:cf:eb:81:
                    33:7c:26:02:d5:39:1a:8b:3a:d3:13:a4:c4:00:83:
                    33:8c:5e:6b:70:1f:44:a5:52:bf:a1:16:21:0e:2b:
                    0d:eb:43:2c:8e:ea:01:b2:75:60:5d:d9:a7:b7:04:
                    c4:2e:45:7d:80:71:03:34:95:dc:11:7b:30:a7:15:
                    35:0b:85:23:78:a2:ee:31:84:fb:1c:ca:4b:41:95:
                    f5:3b:85:28:cf:ec:81:33:fa:b8:8b:3a:91:b3:b9:
                    4e:8f:07:1b:95:c7:03:72:df:69:b4:80:80:a3:10:
                    82:82:86:53:53:32:c4:0c:b4:9c:ea:bb:93:ad:ca:
                    c0:e0:6a:e7:74:0f:b6:06:a6:d7:ec:3d:0a:f5:ca:
                    f1:4a:04:3d:e8:bb:30:b8:c4:98:41:da:95:05:1e:
                    12:a5:57:2e:bf:11:fd:98:7f:57:fd:9b:d7:5a:7e:
                    d9:ef:83:00:a9:2c:54:aa:90:5a:71:8a:84:15:4e:
                    f3:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:67:07:94:2D:3E:73:CB:21:C9:78:D4:4C:E9:F4:73:F8:A0:3E:4F
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/89aac802-59d0-4631-a004-2a1c6311b27f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.196.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         5e:fc:f3:dc:37:fb:76:3e:50:86:af:b7:80:81:38:4a:bd:f0:
         3a:10:39:49:ac:b3:26:ab:8b:2b:1e:3c:70:93:69:58:ff:25:
         b9:bb:73:25:e6:e6:4a:30:43:ea:60:bc:a8:c9:65:50:07:00:
         77:97:ec:3b:86:b4:9a:52:b4:2c:d7:7b:9c:d6:f5:45:73:c2:
         15:9d:2a:e3:2c:02:11:bc:bc:25:ff:38:94:e9:8c:08:36:2c:
         03:2b:48:bd:d4:de:eb:7b:18:09:26:59:43:85:2a:f9:0a:c3:
         37:da:d5:e3:e8:66:83:61:e7:8f:42:b4:55:66:4a:33:98:af:
         b7:e8:eb:81:de:42:5d:e7:5f:f2:27:ef:33:45:b0:0a:65:4a:
         bd:9a:47:93:23:ac:b0:ea:2a:7e:db:d5:ab:84:33:9f:70:14:
         e2:59:b2:5b:71:20:e9:66:d3:86:35:d1:63:43:ab:9a:8c:61:
         69:ff:39:38:6c:e4:83:c9:00:4c:66:37:4d:b2:90:d9:d4:60:
         dd:05:f3:7d:ed:c8:07:dd:d2:32:c9:58:34:96:72:30:af:73:
         c3:8f:37:a3:17:79:03:9a:15:b8:55:17:d7:45:42:f7:19:cd:
         89:4f:f2:9a:13:b3:0c:99:e6:7a:e5:13:ee:72:e5:2d:d8:14:
         5c:9c:8c:dd
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUWp+FTEkI16014AgNDspdJY/l5c8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA1MjEwMDAwMDBaFw0yNDA2MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDIyZTcyN2I5YWExYmZlODRlNDFlMzNjODFmNTVlZWRlOWU3MDU5YWRjNzU0
MDk1NmUwN2NmZmVlZTY0ZDEwODExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ0oua1TaPkG1pq2gWQvFtPKhgyJ0FQPaXnAJxxTpzS1eUjJc7R5FXlegIHM
pNOmWdcHOjzGrpZgTZDxELcrXyXImCuPKmwrz+uBM3wmAtU5Gos60xOkxACDM4xe
a3AfRKVSv6EWIQ4rDetDLI7qAbJ1YF3Zp7cExC5FfYBxAzSV3BF7MKcVNQuFI3ii
7jGE+xzKS0GV9TuFKM/sgTP6uIs6kbO5To8HG5XHA3LfabSAgKMQgoKGU1MyxAy0
nOq7k63KwOBq53QPtgam1+w9CvXK8UoEPei7MLjEmEHalQUeEqVXLr8R/Zh/V/2b
11p+2e+DAKksVKqQWnGKhBVO85ECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSPZweU
LT5zyyHJeNRM6fRz+KA+TzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODlhYWM4MDItNTlkMC00NjMxLWEwMDQtMmExYzYzMTFiMjdmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPEMA0G
CSqGSIb3DQEBCwUAA4IBAQBe/PPcN/t2PlCGr7eAgThKvfA6EDlJrLMmq4srHjxw
k2lY/yW5u3Ml5uZKMEPqYLyoyWVQBwB3l+w7hrSaUrQs13uc1vVFc8IVnSrjLAIR
vLwl/ziU6YwINiwDK0i91N7rexgJJllDhSr5CsM32tXj6GaDYeePQrRVZkozmK+3
6OuB3kJd51/yJ+8zRbAKZUq9mkeTI6yw6ip+29WrhDOfcBTiWbJbcSDpZtOGNdFj
Q6uajGFp/zk4bOSDyQBMZjdNspDZ1GDdBfN97cgH3dIyyVg0lnIwr3PDjzejF3kD
mhW4VRfXRUL3Gc2JT/KaE7MMmeZ65RPucuUt2BRcnIzd
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:39 2024 by rpki-client on console-ams.rpki-client.org