Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/90e43ec0-92f9-420a-8158-7b97f7f32b51.roa
File:                     90e43ec0-92f9-420a-8158-7b97f7f32b51.roa (raw, json)
Hash identifier:          PzLbilF4xhu6VyIwky/8HbtoHlcd9AXTFe3t+0e0xI8=
Subject key identifier:   D4:F4:21:BC:67:85:DB:D4:03:95:F5:20:58:24:3E:EA:08:3C:9D:4A
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       3154CC78CEF98FB3F6570B9130B0C09AACAF3F81
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/90e43ec0-92f9-420a-8158-7b97f7f32b51.roa
Signing time:             Tue 21 May 2024 00:00:00 +0000
ROA not before:           Tue 21 May 2024 00:00:00 +0000
ROA not after:            Tue 25 Jun 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        143.65.128.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:54:cc:78:ce:f9:8f:b3:f6:57:0b:91:30:b0:c0:9a:ac:af:3f:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May 21 00:00:00 2024 GMT
            Not After : Jun 25 23:59:59 2024 GMT
        Subject: serialNumber=c4ae805cedd312e0db48de5717ecc3a3e5a6779514d0c4f9bd43ed07f89b4e9b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:26:45:da:57:01:0a:1e:43:ae:73:33:1d:b9:
                    23:9d:ee:56:a5:31:22:ca:5d:46:14:09:b0:07:39:
                    64:80:e5:b4:6d:11:13:41:24:9b:82:fe:eb:cb:9b:
                    4a:70:90:a2:ae:a0:45:9a:a9:75:41:ed:62:81:c9:
                    f6:82:f2:d0:e2:cb:de:aa:56:de:44:ea:18:81:87:
                    7c:de:ee:fd:c7:0a:c0:9e:45:40:c4:32:40:97:5f:
                    6e:0a:75:cc:e0:cd:64:12:43:f0:41:1b:5d:34:da:
                    0a:d0:f0:60:bf:dd:e7:f1:a2:d8:70:3a:de:7a:17:
                    61:7c:d7:fe:d5:5e:d8:45:c1:90:e7:33:a3:f6:98:
                    c8:18:5a:13:87:f4:7f:0f:6c:0e:f8:53:91:4f:a0:
                    c3:75:35:ee:68:ae:d3:12:16:a2:c9:66:56:9c:5b:
                    12:31:4d:27:04:a8:e7:67:5a:21:4d:36:a6:75:38:
                    17:9f:33:b9:3f:11:73:41:73:e5:77:72:9a:2c:ab:
                    ed:70:5c:42:95:81:9d:5a:f6:43:10:aa:9d:30:f4:
                    bc:e0:50:88:a4:52:2b:9a:e4:e7:b4:5e:bc:3d:d5:
                    b4:a4:c0:b6:2c:55:7b:14:2a:21:32:b8:78:bb:c5:
                    1d:af:94:06:dc:5f:ea:c4:38:d2:aa:14:7c:76:37:
                    2b:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:F4:21:BC:67:85:DB:D4:03:95:F5:20:58:24:3E:EA:08:3C:9D:4A
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/90e43ec0-92f9-420a-8158-7b97f7f32b51.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.65.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         99:c4:27:4d:eb:19:5c:f2:40:5c:cb:4b:39:4b:ff:53:76:77:
         ca:fe:ba:03:f4:08:31:ad:cf:e5:5f:a1:d6:df:08:60:a6:e5:
         2e:e4:1b:87:28:2e:95:09:b5:a8:d1:91:34:f0:7e:dc:32:53:
         0e:f9:8d:22:58:2c:68:d4:ad:ea:c5:5c:46:95:f1:7c:57:82:
         82:57:0a:cb:38:58:9e:50:f1:c3:7c:67:09:e2:b2:92:ba:99:
         6f:64:63:34:81:ed:3e:6b:30:b7:5f:cd:32:db:bd:10:49:6e:
         cb:5e:4e:03:5c:8a:28:85:1c:d8:a4:fd:dc:9b:be:da:3a:e6:
         b7:25:b4:27:1d:3e:25:7b:4a:57:32:ec:9f:a6:4c:c8:15:f2:
         e9:1a:f8:ab:44:0e:c5:c7:e7:2c:f7:36:e4:7d:46:8d:92:95:
         88:50:c3:46:05:e4:5a:9b:c2:e4:96:57:19:08:f1:9f:64:fe:
         fe:b1:8a:0f:11:bf:4d:2c:03:d9:6f:44:32:f0:d3:41:04:c2:
         cd:4c:0b:a9:6b:f5:29:b5:9a:01:36:93:5d:50:16:90:de:4a:
         dc:0f:a7:b4:3a:fe:67:e4:69:3e:48:ce:5e:ff:80:4d:a6:e7:
         35:13:16:96:aa:6d:7a:fb:70:c1:44:8f:07:26:2f:38:1f:ab:
         1c:53:11:e4
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUMVTMeM75j7P2VwuRMLDAmqyvP4EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA1MjEwMDAwMDBaFw0yNDA2MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGM0YWU4MDVjZWRkMzEyZTBkYjQ4ZGU1NzE3ZWNjM2EzZTVhNjc3OTUxNGQw
YzRmOWJkNDNlZDA3Zjg5YjRlOWIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMImRdpXAQoeQ65zMx25I53uVqUxIspdRhQJsAc5ZIDltG0RE0Ekm4L+68ub
SnCQoq6gRZqpdUHtYoHJ9oLy0OLL3qpW3kTqGIGHfN7u/ccKwJ5FQMQyQJdfbgp1
zODNZBJD8EEbXTTaCtDwYL/d5/Gi2HA63noXYXzX/tVe2EXBkOczo/aYyBhaE4f0
fw9sDvhTkU+gw3U17miu0xIWoslmVpxbEjFNJwSo52daIU02pnU4F58zuT8Rc0Fz
5Xdymiyr7XBcQpWBnVr2QxCqnTD0vOBQiKRSK5rk57RevD3VtKTAtixVexQqITK4
eLvFHa+UBtxf6sQ40qoUfHY3Kz0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTU9CG8
Z4Xb1AOV9SBYJD7qCDydSjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTBlNDNlYzAtOTJmOS00MjBhLTgxNTgtN2I5N2Y3ZjMyYjUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBo9BgDAN
BgkqhkiG9w0BAQsFAAOCAQEAmcQnTesZXPJAXMtLOUv/U3Z3yv66A/QIMa3P5V+h
1t8IYKblLuQbhygulQm1qNGRNPB+3DJTDvmNIlgsaNSt6sVcRpXxfFeCglcKyzhY
nlDxw3xnCeKykrqZb2RjNIHtPmswt1/NMtu9EEluy15OA1yKKIUc2KT93Ju+2jrm
tyW0Jx0+JXtKVzLsn6ZMyBXy6Rr4q0QOxcfnLPc25H1GjZKViFDDRgXkWpvC5JZX
GQjxn2T+/rGKDxG/TSwD2W9EMvDTQQTCzUwLqWv1KbWaATaTXVAWkN5K3A+ntDr+
Z+RpPkjOXv+ATabnNRMWlqptevtwwUSPByYvOB+rHFMR5A==
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:42 2024 by rpki-client on console-fra.rpki-client.org