Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9eb7dfb3-5cb3-484a-b550-418fc540ea28.roa
File:                     9eb7dfb3-5cb3-484a-b550-418fc540ea28.roa (raw, json)
Hash identifier:          /6HeUG7F3VncHonHnNMitDQZtnF5BZCuUGnLU/ulBxA=
Subject key identifier:   A8:43:7F:2E:D7:39:7A:4C:B6:B7:3C:E6:FD:B9:18:9F:B7:40:27:E7
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       17B760024F71E210A5DC19F3D410DD5158CD944C
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9eb7dfb3-5cb3-484a-b550-418fc540ea28.roa
Signing time:             Mon 17 Jun 2024 00:00:00 +0000
ROA not before:           Mon 17 Jun 2024 00:00:00 +0000
ROA not after:            Mon 22 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.50.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:b7:60:02:4f:71:e2:10:a5:dc:19:f3:d4:10:dd:51:58:cd:94:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 17 00:00:00 2024 GMT
            Not After : Jul 22 23:59:59 2024 GMT
        Subject: serialNumber=719fc2808c90ff1b7a8eef86a8d61dc48ab3d0a224a11250ce14f2cd672049b7, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d5:d2:87:16:52:1d:f6:f1:cf:bf:4a:93:64:
                    f5:25:a2:40:8d:f6:d4:a7:ce:fb:a7:dc:11:aa:30:
                    30:58:72:55:2e:f9:d7:a2:28:68:46:22:c2:6a:79:
                    cc:7e:9e:56:18:3e:d0:63:68:06:82:51:2b:40:ab:
                    43:0e:3e:38:35:26:b9:0a:1b:e1:ce:23:9d:db:43:
                    15:11:fc:52:8d:1c:f1:ca:f2:c3:2c:fe:bc:92:6a:
                    e9:88:24:45:40:77:f5:c6:48:14:3e:4e:82:57:61:
                    92:91:34:b1:1a:5b:a4:07:43:2c:84:73:a7:55:dc:
                    82:d2:19:b9:8e:6e:88:24:80:74:a8:bc:b8:48:a7:
                    1d:2b:3c:f6:b7:e8:56:2d:2e:f4:5c:5e:f7:48:f6:
                    8c:4c:5b:81:e3:ee:77:5a:8d:33:72:63:64:ff:1a:
                    17:aa:9b:67:71:d6:5b:67:a5:7b:fa:da:9f:b2:e8:
                    43:17:64:1c:64:b5:ce:05:e0:30:77:d7:dd:2e:b6:
                    65:03:4e:44:71:83:ef:de:db:24:a7:76:26:92:73:
                    c2:85:0d:92:29:62:7d:b0:3d:f4:da:99:a4:e2:45:
                    a7:6e:79:6b:8f:1a:77:c1:c1:30:7e:ed:9c:04:38:
                    f3:6c:bb:5d:a9:e8:2e:d1:36:22:f2:3a:a0:bf:10:
                    cc:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:43:7F:2E:D7:39:7A:4C:B6:B7:3C:E6:FD:B9:18:9F:B7:40:27:E7
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9eb7dfb3-5cb3-484a-b550-418fc540ea28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.50.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1e:51:26:6f:80:96:d2:d6:0d:59:cb:e2:ef:e4:9c:29:6e:9c:
         a9:6e:f1:b9:e4:78:9e:f6:72:65:88:55:68:42:a3:91:ef:35:
         18:3d:3d:69:0e:93:79:1a:d6:67:1d:a5:b7:f6:e5:d7:26:53:
         b8:55:3a:28:a8:24:36:fb:03:14:1b:f9:e6:ae:fb:0e:80:cd:
         5b:ff:e6:46:b0:07:2f:f8:b7:60:d9:37:7f:f3:17:cf:24:04:
         b3:fc:4c:3e:ed:08:b5:43:ee:0f:a2:63:12:10:61:b3:ed:83:
         72:2d:36:d5:1f:16:74:4d:1a:3c:e7:ca:28:1e:24:1c:8b:11:
         49:27:f4:d9:e5:60:30:74:f3:db:a2:52:6c:86:ac:e0:bd:02:
         61:40:25:2d:bc:92:bc:b5:5c:4b:ed:45:61:85:4e:a5:70:0a:
         18:33:49:ae:37:18:e4:2d:68:b6:8b:38:49:1f:d2:dc:43:ef:
         c0:bb:d9:51:4e:e3:6f:a5:90:7c:34:76:c7:62:bf:67:e0:25:
         75:02:f4:17:d1:c2:e2:8c:85:95:1b:59:e7:c8:e3:c2:42:a5:
         f2:40:32:46:47:a1:df:82:89:80:61:ca:a0:d8:e1:92:eb:87:
         f8:5c:a3:84:a2:66:0e:59:aa:27:83:88:e3:2e:d8:91:ba:74:
         36:3f:54:f8
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUF7dgAk9x4hCl3Bnz1BDdUVjNlEwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MTcwMDAwMDBaFw0yNDA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDcxOWZjMjgwOGM5MGZmMWI3YThlZWY4NmE4ZDYxZGM0OGFiM2QwYTIyNGEx
MTI1MGNlMTRmMmNkNjcyMDQ5YjcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL/V0ocWUh328c+/SpNk9SWiQI321KfO+6fcEaowMFhyVS7516IoaEYiwmp5
zH6eVhg+0GNoBoJRK0CrQw4+ODUmuQob4c4jndtDFRH8Uo0c8crywyz+vJJq6Ygk
RUB39cZIFD5OgldhkpE0sRpbpAdDLIRzp1XcgtIZuY5uiCSAdKi8uEinHSs89rfo
Vi0u9Fxe90j2jExbgePud1qNM3JjZP8aF6qbZ3HWW2ele/ran7LoQxdkHGS1zgXg
MHfX3S62ZQNORHGD797bJKd2JpJzwoUNkilifbA99NqZpOJFp255a48ad8HBMH7t
nAQ482y7XanoLtE2IvI6oL8QzJ8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSoQ38u
1zl6TLa3POb9uRift0An5zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWViN2RmYjMtNWNiMy00ODRhLWI1NTAtNDE4ZmM1NDBlYTI4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMyMA0G
CSqGSIb3DQEBCwUAA4IBAQAeUSZvgJbS1g1Zy+Lv5JwpbpypbvG55Hie9nJliFVo
QqOR7zUYPT1pDpN5GtZnHaW39uXXJlO4VTooqCQ2+wMUG/nmrvsOgM1b/+ZGsAcv
+Ldg2Td/8xfPJASz/Ew+7Qi1Q+4PomMSEGGz7YNyLTbVHxZ0TRo858ooHiQcixFJ
J/TZ5WAwdPPbolJshqzgvQJhQCUtvJK8tVxL7UVhhU6lcAoYM0muNxjkLWi2izhJ
H9LcQ+/Au9lRTuNvpZB8NHbHYr9n4CV1AvQX0cLijIWVG1nnyOPCQqXyQDJGR6Hf
gomAYcqg2OGS64f4XKOEomYOWaong4jjLtiRunQ2P1T4
-----END CERTIFICATE-----
Generated at Wed Jun 26 02:09:56 2024 by rpki-client on console-ams.rpki-client.org