Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/89aac802-59d0-4631-a004-2a1c6311b27f.roa
File:                     89aac802-59d0-4631-a004-2a1c6311b27f.roa (raw, json)
Hash identifier:          zwtrxFS0KsBzQ+VDI2MAW6r1nFkwo6hDD0RkpFrmuYs=
Subject key identifier:   60:F8:D6:F8:07:3B:44:F3:9D:89:F3:C4:0A:96:A9:2F:41:6F:AE:D4
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       7ACF528DBB7321C9415155E9BE622353AD6C9703
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/89aac802-59d0-4631-a004-2a1c6311b27f.roa
Signing time:             Mon 17 Jun 2024 00:00:00 +0000
ROA not before:           Mon 17 Jun 2024 00:00:00 +0000
ROA not after:            Mon 22 Jul 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.196.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:cf:52:8d:bb:73:21:c9:41:51:55:e9:be:62:23:53:ad:6c:97:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 17 00:00:00 2024 GMT
            Not After : Jul 22 23:59:59 2024 GMT
        Subject: serialNumber=7f1db4de787f06bdbea815b3ebbada67a725c2ab669ae2bf5598bbd57398b08b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:39:ac:f3:b4:90:7b:3a:77:58:8a:59:71:22:
                    4c:f0:e3:82:e7:eb:9f:e4:46:eb:db:45:39:89:bb:
                    57:26:1f:c0:a6:ba:a1:2b:84:4b:04:29:89:d8:ca:
                    04:0c:a4:e1:6d:57:89:61:a8:f1:6d:8f:13:ba:4b:
                    24:8a:91:5f:c6:3f:1a:df:4d:5e:b5:0e:0e:d5:ca:
                    6a:68:a8:d9:88:f9:87:a2:58:09:41:45:04:11:75:
                    7c:7d:d3:ed:8b:18:99:26:65:c1:3b:b2:3b:43:a2:
                    ab:a6:aa:1b:f8:25:9c:18:a9:45:bb:c5:11:9b:4e:
                    cb:0a:9e:f6:ce:00:bb:79:a1:52:fa:8b:72:4a:de:
                    4d:62:ff:03:11:b2:b3:53:68:90:f9:08:6e:b1:58:
                    a1:55:3d:cf:64:0c:e6:21:c5:af:bc:51:24:a1:41:
                    50:b2:9f:d6:00:ff:2c:47:4f:2e:53:14:36:c8:35:
                    7a:f0:9e:88:30:0a:b0:f2:5a:1b:5d:c5:19:85:7f:
                    0c:a7:ed:d5:df:bd:97:92:cc:d0:8b:9d:a7:cc:bb:
                    4d:4a:63:52:8d:d2:24:53:c5:0d:1f:6f:98:c2:13:
                    a6:ea:1f:e5:89:0b:6a:dd:7b:05:53:7d:95:e3:55:
                    58:44:e5:27:fd:ad:95:81:fd:79:c5:93:f3:76:52:
                    c9:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:F8:D6:F8:07:3B:44:F3:9D:89:F3:C4:0A:96:A9:2F:41:6F:AE:D4
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/89aac802-59d0-4631-a004-2a1c6311b27f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.196.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         54:a8:93:15:79:9b:59:56:f5:c1:49:78:50:ef:02:7b:52:35:
         91:76:f5:59:9f:78:41:fa:0f:0f:c8:a3:76:8f:6f:63:ec:15:
         54:2a:98:ae:01:a0:62:be:34:56:2f:5a:9f:22:f9:6a:bc:eb:
         8f:d2:d3:12:04:5e:1d:40:df:ba:4c:23:69:61:74:b1:fd:85:
         ac:cb:18:fc:8d:3d:62:f7:de:25:00:ab:50:fb:34:c4:fa:1d:
         1c:28:47:bf:d9:16:bb:49:c2:f1:28:f4:d2:67:df:03:55:2e:
         69:b7:ce:b1:16:9c:70:02:f2:3f:01:0b:4e:1b:8d:5d:89:42:
         60:e6:ca:1c:db:22:54:0e:17:a2:93:b6:ef:42:c1:6a:7b:f6:
         36:ea:cc:5a:6f:47:e8:ff:6c:4b:2b:a5:70:9a:35:32:53:6d:
         57:d5:35:92:f4:c1:a7:8a:8e:74:0b:3f:99:dc:18:33:24:f8:
         f4:91:85:2b:51:8d:65:ad:28:e6:e1:d8:79:50:29:97:80:92:
         07:45:9a:f0:dc:83:f9:1f:b2:c8:92:b7:e5:31:33:d1:35:a9:
         05:51:91:fc:48:0f:d6:d7:12:ed:e5:d7:1c:f9:4f:3d:bd:73:
         1e:b4:4e:5f:d4:fb:91:29:f2:93:ec:a3:b7:c1:16:96:d2:61:
         e3:fb:98:4b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUes9SjbtzIclBUVXpvmIjU61slwMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MTcwMDAwMDBaFw0yNDA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDdmMWRiNGRlNzg3ZjA2YmRiZWE4MTViM2ViYmFkYTY3YTcyNWMyYWI2Njlh
ZTJiZjU1OThiYmQ1NzM5OGIwOGIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANI5rPO0kHs6d1iKWXEiTPDjgufrn+RG69tFOYm7VyYfwKa6oSuESwQpidjK
BAyk4W1XiWGo8W2PE7pLJIqRX8Y/Gt9NXrUODtXKamio2Yj5h6JYCUFFBBF1fH3T
7YsYmSZlwTuyO0Oiq6aqG/glnBipRbvFEZtOywqe9s4Au3mhUvqLckreTWL/AxGy
s1NokPkIbrFYoVU9z2QM5iHFr7xRJKFBULKf1gD/LEdPLlMUNsg1evCeiDAKsPJa
G13FGYV/DKft1d+9l5LM0Iudp8y7TUpjUo3SJFPFDR9vmMITpuof5YkLat17BVN9
leNVWETlJ/2tlYH9ecWT83ZSybcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRg+Nb4
BztE852J88QKlqkvQW+u1DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODlhYWM4MDItNTlkMC00NjMxLWEwMDQtMmExYzYzMTFiMjdmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPEMA0G
CSqGSIb3DQEBCwUAA4IBAQBUqJMVeZtZVvXBSXhQ7wJ7UjWRdvVZn3hB+g8PyKN2
j29j7BVUKpiuAaBivjRWL1qfIvlqvOuP0tMSBF4dQN+6TCNpYXSx/YWsyxj8jT1i
994lAKtQ+zTE+h0cKEe/2Ra7ScLxKPTSZ98DVS5pt86xFpxwAvI/AQtOG41diUJg
5soc2yJUDheik7bvQsFqe/Y26sxab0fo/2xLK6VwmjUyU21X1TWS9MGnio50Cz+Z
3BgzJPj0kYUrUY1lrSjm4dh5UCmXgJIHRZrw3IP5H7LIkrflMTPRNakFUZH8SA/W
1xLt5dcc+U89vXMetE5f1PuRKfKT7KO3wRaW0mHj+5hL
-----END CERTIFICATE-----
Generated at Wed Jun 26 02:44:40 2024 by rpki-client on console-fra.rpki-client.org