Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/90e43ec0-92f9-420a-8158-7b97f7f32b51.roa
File:                     90e43ec0-92f9-420a-8158-7b97f7f32b51.roa (raw, json)
Hash identifier:          XbV9glQUXZV+c/b0rT4FTof8ppLmjZgVvcrekbeL9yw=
Subject key identifier:   09:88:6A:AB:EB:49:63:56:5B:E0:E2:A0:B6:96:E5:33:81:D6:6E:F9
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       1C30ED9ABBEB9CBB2E43989D7C00AD732F5A2D88
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/90e43ec0-92f9-420a-8158-7b97f7f32b51.roa
Signing time:             Mon 17 Jun 2024 00:00:00 +0000
ROA not before:           Mon 17 Jun 2024 00:00:00 +0000
ROA not after:            Mon 22 Jul 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        143.65.128.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:30:ed:9a:bb:eb:9c:bb:2e:43:98:9d:7c:00:ad:73:2f:5a:2d:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 17 00:00:00 2024 GMT
            Not After : Jul 22 23:59:59 2024 GMT
        Subject: serialNumber=9e7bef638f7fea6ff5d4bff3672f1a249505e6b702b4565a03b2548f57725be2, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e5:c0:96:59:83:fc:d0:5c:b7:e2:9e:4c:01:
                    01:0f:28:5c:48:d9:62:7b:36:03:a7:15:0e:7d:68:
                    5f:3b:ba:38:ba:04:e6:8e:f9:13:bc:db:63:3c:82:
                    4a:fb:a2:25:3f:9f:7a:a7:f5:51:e5:70:29:1f:b2:
                    12:4b:a5:bc:d0:ce:9c:fe:28:1d:29:71:4f:d8:69:
                    47:a9:d7:ad:05:8f:b3:0d:e0:35:be:f1:1e:74:38:
                    e9:c5:cc:61:33:88:7e:ce:3b:89:c0:f7:d9:77:20:
                    32:b2:71:10:b2:0e:e5:9f:0c:37:22:61:cf:7f:cb:
                    83:ce:a8:a3:72:34:3b:3c:6c:ce:98:a7:9a:78:95:
                    95:bd:9b:f1:04:5a:96:8e:6f:06:9f:da:c0:92:60:
                    a0:d1:fd:b3:7e:88:ec:ab:40:23:19:30:3d:c1:50:
                    97:d1:7a:24:b2:d5:3c:09:25:38:70:5a:d4:ff:ea:
                    dd:28:3a:10:b3:0d:70:23:d9:2c:c4:56:aa:c3:d4:
                    31:a5:b1:80:46:98:9e:b7:a4:ed:ff:75:18:e7:2f:
                    d1:42:cb:7e:bc:ee:5f:c2:7a:ec:29:1f:8f:40:d3:
                    76:8c:ae:74:47:0f:bb:d7:0e:b4:33:4e:08:66:b9:
                    ba:cf:3f:7e:e6:a8:b2:b6:1f:20:33:74:14:33:06:
                    3f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:88:6A:AB:EB:49:63:56:5B:E0:E2:A0:B6:96:E5:33:81:D6:6E:F9
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/90e43ec0-92f9-420a-8158-7b97f7f32b51.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.65.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         7f:71:d2:16:a0:88:01:ca:0e:4f:3e:2e:35:eb:1c:19:c3:a5:
         83:7f:7c:c7:41:c0:5a:21:70:1c:ef:75:af:76:3d:72:0f:29:
         69:a9:9c:9d:c3:b1:a9:37:41:af:ac:e7:15:7d:21:cf:91:f7:
         20:92:34:79:1c:bf:60:3c:62:d2:6e:1a:20:4d:67:fa:fb:bc:
         82:27:63:15:0e:a8:a4:1c:1e:bf:01:8b:1e:b3:0e:5c:48:ec:
         e7:1d:d2:4b:9c:84:aa:15:a0:0e:10:46:d1:92:bd:88:b1:ef:
         da:e3:09:3e:ff:5f:57:96:01:d6:3e:3c:7d:9c:29:28:aa:93:
         fa:e7:ef:81:d7:b8:d8:e6:b7:cc:af:7a:84:97:99:31:a4:42:
         09:3b:90:25:25:59:99:f1:bf:87:0c:a2:18:6d:74:b7:0b:20:
         d5:ea:7d:50:40:d0:ba:74:50:1b:bd:db:a1:ee:2b:f3:3e:85:
         90:c6:a7:b0:a7:6b:35:09:5e:e0:03:66:b2:f6:62:e4:e1:67:
         cd:fe:43:cd:7b:01:31:75:16:99:37:ce:ae:53:c4:27:16:4d:
         4e:71:fc:84:12:80:c7:22:4b:38:e4:a7:35:09:da:10:17:42:
         49:ac:8a:5a:a5:8b:a6:99:ca:15:a6:3b:c0:01:97:7c:72:80:
         9c:7c:e3:60
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUHDDtmrvrnLsuQ5idfACtcy9aLYgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MTcwMDAwMDBaFw0yNDA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDllN2JlZjYzOGY3ZmVhNmZmNWQ0YmZmMzY3MmYxYTI0OTUwNWU2YjcwMmI0
NTY1YTAzYjI1NDhmNTc3MjViZTIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK7lwJZZg/zQXLfinkwBAQ8oXEjZYns2A6cVDn1oXzu6OLoE5o75E7zbYzyC
SvuiJT+feqf1UeVwKR+yEkulvNDOnP4oHSlxT9hpR6nXrQWPsw3gNb7xHnQ46cXM
YTOIfs47icD32XcgMrJxELIO5Z8MNyJhz3/Lg86oo3I0OzxszpinmniVlb2b8QRa
lo5vBp/awJJgoNH9s36I7KtAIxkwPcFQl9F6JLLVPAklOHBa1P/q3Sg6ELMNcCPZ
LMRWqsPUMaWxgEaYnrek7f91GOcv0ULLfrzuX8J67Ckfj0DTdoyudEcPu9cOtDNO
CGa5us8/fuaosrYfIDN0FDMGP2UCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQJiGqr
60ljVlvg4qC2luUzgdZu+TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTBlNDNlYzAtOTJmOS00MjBhLTgxNTgtN2I5N2Y3ZjMyYjUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBo9BgDAN
BgkqhkiG9w0BAQsFAAOCAQEAf3HSFqCIAcoOTz4uNescGcOlg398x0HAWiFwHO91
r3Y9cg8paamcncOxqTdBr6znFX0hz5H3IJI0eRy/YDxi0m4aIE1n+vu8gidjFQ6o
pBwevwGLHrMOXEjs5x3SS5yEqhWgDhBG0ZK9iLHv2uMJPv9fV5YB1j48fZwpKKqT
+ufvgde42Oa3zK96hJeZMaRCCTuQJSVZmfG/hwyiGG10twsg1ep9UEDQunRQG73b
oe4r8z6FkMansKdrNQle4ANmsvZi5OFnzf5DzXsBMXUWmTfOrlPEJxZNTnH8hBKA
xyJLOOSnNQnaEBdCSayKWqWLppnKFaY7wAGXfHKAnHzjYA==
-----END CERTIFICATE-----
Generated at Wed Jun 26 02:09:56 2024 by rpki-client on console-ams.rpki-client.org