Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa
File:                     9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa (raw, json)
Hash identifier:          F1oa5aR1bGmEA4YbhrO1MCUvnFMHmt7z/6Y+S6mBHf4=
Subject key identifier:   E1:CE:22:1B:74:EB:C0:43:99:E8:DF:67:50:20:AD:5A:4D:74:4C:D1
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       11D972D6E207C8E8FC5F4A166E7701D5541D9023
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa
Signing time:             Tue 11 Jun 2024 00:00:00 +0000
ROA not before:           Tue 11 Jun 2024 00:00:00 +0000
ROA not after:            Tue 16 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.74.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:d9:72:d6:e2:07:c8:e8:fc:5f:4a:16:6e:77:01:d5:54:1d:90:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 11 00:00:00 2024 GMT
            Not After : Jul 16 23:59:59 2024 GMT
        Subject: serialNumber=f993ab6b3558f782533ecc496a62825d70ff3c4087014f25ef7af98675d23818, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:69:92:88:49:21:60:bd:46:0f:17:1e:a0:25:
                    eb:97:a4:20:77:cc:ee:3b:f3:47:73:04:0e:24:8f:
                    f1:a6:2d:a3:2b:d6:db:24:cb:e6:3f:42:b3:cd:31:
                    2b:b1:48:fb:bc:60:62:b6:bc:64:da:42:6c:94:02:
                    b7:5a:6a:d3:34:0b:b1:e7:11:0e:9c:89:d7:28:3a:
                    00:32:05:72:d2:e9:bc:ca:a5:79:44:a0:90:cb:94:
                    9f:a7:08:21:d7:13:f9:a0:97:b8:31:78:01:27:71:
                    be:2d:94:f5:4b:2b:c2:e7:5d:17:fb:0f:84:85:14:
                    5f:4b:22:44:00:bb:8f:53:00:32:0c:16:e4:30:3f:
                    f4:3d:6a:89:db:b2:4b:5c:0a:c9:4c:20:36:0d:e7:
                    89:b6:a1:82:5a:12:4e:38:2d:5a:a2:40:27:bf:7d:
                    cb:ee:c4:d4:f1:19:47:43:f8:df:77:58:e1:bf:6c:
                    95:2d:2d:30:69:4d:a4:9d:11:0b:27:99:1d:ca:d2:
                    db:df:da:e2:4d:d7:27:8a:5e:af:be:5d:77:e4:4c:
                    a4:f3:c0:20:91:f8:b5:41:86:7d:cb:0c:a9:43:9d:
                    13:b6:c2:71:4f:8b:8f:2b:8d:a2:51:96:92:4b:66:
                    a2:0f:1a:68:a1:dc:94:15:97:21:6b:6e:e1:d4:95:
                    f3:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:CE:22:1B:74:EB:C0:43:99:E8:DF:67:50:20:AD:5A:4D:74:4C:D1
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.74.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3a:4f:73:cf:fe:3b:bd:a7:ad:c1:f9:ee:ca:d5:9c:7c:94:5b:
         41:1d:f8:bb:1b:70:ca:76:82:b9:06:ed:da:8f:78:0e:42:2f:
         dc:4e:cc:09:6e:dd:ff:3a:64:49:27:af:2a:17:2f:06:dd:fa:
         ca:66:4e:1a:23:94:1a:80:2b:58:dc:64:40:3e:d6:af:42:94:
         46:25:b3:59:83:83:88:a3:4f:ec:01:d0:83:f3:10:9f:90:3c:
         71:80:22:60:03:9d:37:16:79:59:95:2e:34:5c:db:3f:7e:70:
         b6:8f:2f:23:47:00:26:12:ed:d9:2a:79:36:e4:61:ce:4a:7a:
         3d:14:ff:b3:d4:8a:ab:d5:c1:39:f4:89:eb:79:45:07:ae:d5:
         a0:d4:a6:0b:aa:f7:5d:c7:0b:06:a1:d5:70:b6:89:f6:05:76:
         1f:0e:1b:a6:7f:8e:fd:90:54:bc:1e:cb:ad:e0:21:d7:01:29:
         79:81:94:df:b1:2f:c4:44:92:8f:5d:b3:40:1d:7e:e8:9c:7f:
         39:70:43:d9:a4:0d:41:bd:39:ae:82:cd:80:07:09:29:c0:1d:
         bc:a9:85:76:c7:28:af:90:d1:61:19:63:a5:ca:bc:a7:ea:9b:
         56:92:d7:09:8a:0e:53:49:d3:1a:fe:93:20:1b:eb:f0:70:e4:
         9d:01:16:89
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUEdly1uIHyOj8X0oWbncB1VQdkCMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MTEwMDAwMDBaFw0yNDA3MTYyMzU5NTlaMHoxSTBHBgNV
BAUTQGY5OTNhYjZiMzU1OGY3ODI1MzNlY2M0OTZhNjI4MjVkNzBmZjNjNDA4NzAx
NGYyNWVmN2FmOTg2NzVkMjM4MTgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL1pkohJIWC9Rg8XHqAl65ekIHfM7jvzR3MEDiSP8aYtoyvW2yTL5j9Cs80x
K7FI+7xgYra8ZNpCbJQCt1pq0zQLsecRDpyJ1yg6ADIFctLpvMqleUSgkMuUn6cI
IdcT+aCXuDF4ASdxvi2U9UsrwuddF/sPhIUUX0siRAC7j1MAMgwW5DA/9D1qiduy
S1wKyUwgNg3nibahgloSTjgtWqJAJ799y+7E1PEZR0P433dY4b9slS0tMGlNpJ0R
CyeZHcrS29/a4k3XJ4per75dd+RMpPPAIJH4tUGGfcsMqUOdE7bCcU+LjyuNolGW
kktmog8aaKHclBWXIWtu4dSV830CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBThziIb
dOvAQ5no32dQIK1aTXRM0TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWU1NjUxMGItNWYxYy00N2Y2LThhNTQtMmVmOWM5NmM1NzJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNKMA0G
CSqGSIb3DQEBCwUAA4IBAQA6T3PP/ju9p63B+e7K1Zx8lFtBHfi7G3DKdoK5Bu3a
j3gOQi/cTswJbt3/OmRJJ68qFy8G3frKZk4aI5QagCtY3GRAPtavQpRGJbNZg4OI
o0/sAdCD8xCfkDxxgCJgA503FnlZlS40XNs/fnC2jy8jRwAmEu3ZKnk25GHOSno9
FP+z1Iqr1cE59InreUUHrtWg1KYLqvddxwsGodVwton2BXYfDhumf479kFS8Hsut
4CHXASl5gZTfsS/ERJKPXbNAHX7onH85cEPZpA1BvTmugs2ABwkpwB28qYV2xyiv
kNFhGWOlyryn6ptWktcJig5TSdMa/pMgG+vwcOSdARaJ
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:42 2024 by rpki-client on console-fra.rpki-client.org