Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9eb7dfb3-5cb3-484a-b550-418fc540ea28.roa
File:                     9eb7dfb3-5cb3-484a-b550-418fc540ea28.roa (raw, json)
Hash identifier:          /ZnEzsIMot8v6CHRKTX8iVuymBrI7N6llVrpP74noqg=
Subject key identifier:   3B:15:31:A4:FA:D4:30:59:E8:7F:E7:B2:50:6F:84:A2:D4:F7:D5:65
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       78AF1D306A50786E52B180890861943FE656FAFE
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9eb7dfb3-5cb3-484a-b550-418fc540ea28.roa
Signing time:             Tue 21 May 2024 00:00:00 +0000
ROA not before:           Tue 21 May 2024 00:00:00 +0000
ROA not after:            Tue 25 Jun 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.50.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:af:1d:30:6a:50:78:6e:52:b1:80:89:08:61:94:3f:e6:56:fa:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May 21 00:00:00 2024 GMT
            Not After : Jun 25 23:59:59 2024 GMT
        Subject: serialNumber=d19a840fca0479184429ac6060fbc9d27b807e3e82518a2e4251343848274104, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:63:b0:c7:d4:a1:22:e5:ac:b9:34:6c:82:ba:
                    e4:49:eb:73:31:fe:34:de:ac:e2:db:95:bc:80:0d:
                    63:93:27:0f:07:73:41:77:d9:e0:ec:6e:9c:33:5c:
                    a8:5c:7f:0e:9f:4f:f4:ab:41:10:f4:fb:de:02:a8:
                    e3:06:4d:de:08:28:2c:c5:3d:50:e4:e0:5a:db:b9:
                    3d:39:5d:2d:eb:69:a1:7d:67:68:34:3c:38:13:43:
                    cb:79:aa:1e:de:56:41:0e:55:f7:74:2f:09:3c:d9:
                    f9:3e:8a:37:37:db:3e:79:df:9e:e0:00:44:de:f7:
                    5a:9d:27:23:56:e3:47:19:4a:40:82:97:8c:65:66:
                    00:e3:85:23:da:bf:8d:bd:3a:2e:b2:02:3d:0d:bd:
                    46:6a:7d:0c:b4:a0:f5:29:c8:d5:89:b9:81:20:27:
                    66:26:a9:38:1e:5e:4e:4b:5b:c4:45:89:0c:56:47:
                    b3:15:d5:e6:58:b6:0b:8d:0c:eb:6b:11:b5:46:27:
                    b6:05:76:ba:ea:c0:bd:8a:33:47:62:92:71:1a:40:
                    cc:90:1a:33:2a:2a:72:10:25:1e:72:ff:a5:4d:73:
                    df:6c:6c:5a:35:9e:a2:46:54:3b:ef:b0:e0:02:75:
                    5e:e2:34:88:b5:c7:86:72:1b:9a:01:e0:b3:2c:5e:
                    ae:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:15:31:A4:FA:D4:30:59:E8:7F:E7:B2:50:6F:84:A2:D4:F7:D5:65
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9eb7dfb3-5cb3-484a-b550-418fc540ea28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.50.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4c:54:a7:61:fa:7a:b8:01:63:93:73:83:6a:7a:79:2b:d5:bd:
         e2:89:09:0f:39:0d:72:a5:d8:fc:36:a1:37:ce:63:9f:ad:9f:
         b0:19:b4:65:fa:f0:13:2b:ef:f0:40:ce:2b:76:64:ee:6c:98:
         49:cf:0e:dc:f7:33:6e:3b:7b:4e:92:c4:a3:d0:ff:fd:77:6c:
         08:4a:92:ef:21:f4:26:f2:96:d0:2e:67:f7:f8:4d:94:84:3b:
         cb:d0:f1:aa:a9:cf:16:8a:08:55:4f:09:cf:97:e6:94:e3:4f:
         b0:f5:56:61:08:48:0c:65:e2:07:e1:c1:f2:db:02:d6:10:b4:
         8b:ce:da:0c:51:22:e1:4c:62:f2:ba:d6:5a:17:67:68:86:25:
         1f:dc:d3:5a:46:6a:62:a3:1e:0d:5e:ad:75:37:f9:58:af:45:
         ff:6d:e1:0e:e9:c2:2b:77:c1:68:1f:de:da:ea:e6:cc:e0:51:
         38:7f:8b:08:52:2f:30:18:43:69:21:10:17:00:e9:91:6e:f0:
         a4:b6:4d:31:5a:93:af:9a:02:7a:e8:05:a1:c9:fc:70:9a:33:
         a4:68:8b:df:1d:ef:1b:83:1e:7b:c7:57:bd:6f:e6:67:3e:c1:
         cb:99:c9:61:cb:c3:bd:9c:fc:ff:4a:57:a9:23:72:c5:c0:1e:
         7b:59:2b:1e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUeK8dMGpQeG5SsYCJCGGUP+ZW+v4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA1MjEwMDAwMDBaFw0yNDA2MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQxOWE4NDBmY2EwNDc5MTg0NDI5YWM2MDYwZmJjOWQyN2I4MDdlM2U4MjUx
OGEyZTQyNTEzNDM4NDgyNzQxMDQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMFjsMfUoSLlrLk0bIK65EnrczH+NN6s4tuVvIANY5MnDwdzQXfZ4OxunDNc
qFx/Dp9P9KtBEPT73gKo4wZN3ggoLMU9UOTgWtu5PTldLetpoX1naDQ8OBNDy3mq
Ht5WQQ5V93QvCTzZ+T6KNzfbPnnfnuAARN73Wp0nI1bjRxlKQIKXjGVmAOOFI9q/
jb06LrICPQ29Rmp9DLSg9SnI1Ym5gSAnZiapOB5eTktbxEWJDFZHsxXV5li2C40M
62sRtUYntgV2uurAvYozR2KScRpAzJAaMyoqchAlHnL/pU1z32xsWjWeokZUO++w
4AJ1XuI0iLXHhnIbmgHgsyxernkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ7FTGk
+tQwWeh/57JQb4Si1PfVZTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWViN2RmYjMtNWNiMy00ODRhLWI1NTAtNDE4ZmM1NDBlYTI4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMyMA0G
CSqGSIb3DQEBCwUAA4IBAQBMVKdh+nq4AWOTc4Nqenkr1b3iiQkPOQ1ypdj8NqE3
zmOfrZ+wGbRl+vATK+/wQM4rdmTubJhJzw7c9zNuO3tOksSj0P/9d2wISpLvIfQm
8pbQLmf3+E2UhDvL0PGqqc8WighVTwnPl+aU40+w9VZhCEgMZeIH4cHy2wLWELSL
ztoMUSLhTGLyutZaF2dohiUf3NNaRmpiox4NXq11N/lYr0X/beEO6cIrd8FoH97a
6ubM4FE4f4sIUi8wGENpIRAXAOmRbvCktk0xWpOvmgJ66AWhyfxwmjOkaIvfHe8b
gx57x1e9b+ZnPsHLmclhy8O9nPz/SlepI3LFwB57WSse
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:42 2024 by rpki-client on console-fra.rpki-client.org