Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/be32e063-2484-4f24-b3d4-21b5c8f55455.roa
File:                     be32e063-2484-4f24-b3d4-21b5c8f55455.roa (raw, json)
Hash identifier:          0qV79WUiZ4/rnetY/Z54ej3uc40mvSPZRAaIW/aE/hY=
Subject key identifier:   AB:2A:FD:24:88:F3:02:8D:BD:44:4D:B6:D6:10:1B:4F:DB:9A:36:6E
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       368F349DD64C24CAA2BC3EEAF5DE1905CB7CE26B
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/be32e063-2484-4f24-b3d4-21b5c8f55455.roa
Signing time:             Tue 21 May 2024 00:00:00 +0000
ROA not before:           Tue 21 May 2024 00:00:00 +0000
ROA not after:            Tue 25 Jun 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.139.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:8f:34:9d:d6:4c:24:ca:a2:bc:3e:ea:f5:de:19:05:cb:7c:e2:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May 21 00:00:00 2024 GMT
            Not After : Jun 25 23:59:59 2024 GMT
        Subject: serialNumber=622194c11ae3756e492031574134b25a3f117971296220aaf45947aacc1f3a3f, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:50:dd:dc:6e:1f:d8:10:35:86:5a:4a:a7:8b:
                    ec:ea:0c:48:bc:01:f3:6f:8e:1a:fc:43:ff:4d:1e:
                    44:d8:98:0c:20:e3:7a:8a:0d:46:b4:04:09:55:88:
                    7d:81:b1:2f:f3:c4:f2:6f:71:44:80:af:28:5c:89:
                    51:55:9c:c4:11:9a:7f:5b:70:a2:52:20:17:f2:1b:
                    bb:90:c0:fb:78:7a:d6:8c:16:5d:7c:ba:a8:ab:83:
                    94:b5:ac:fc:7d:d8:56:78:07:40:56:1d:84:a2:06:
                    1b:7c:60:30:6a:87:ba:c8:b8:c8:61:6f:0b:cf:bc:
                    c1:28:5f:1b:b8:53:d3:eb:5c:85:31:71:f8:e5:a3:
                    48:db:ed:86:fd:a9:ee:9a:35:ed:ff:b6:18:70:d1:
                    0b:a5:74:bd:b1:8b:fe:16:14:0f:c4:34:10:3f:39:
                    50:cf:e5:9c:eb:3b:e1:e2:5d:15:9f:f5:9f:ce:cc:
                    41:88:5a:94:4d:16:45:ef:0d:22:a7:a8:63:24:2a:
                    2d:f9:ee:92:2d:75:88:de:a5:21:d4:47:d3:3a:d1:
                    2d:29:87:81:5d:45:63:b1:9c:fc:6a:32:89:b8:ed:
                    5f:cc:67:07:7b:ef:98:63:64:ca:2c:d1:ed:86:f5:
                    e3:4d:34:1c:23:66:8a:83:09:9a:f1:26:85:07:a2:
                    0f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:2A:FD:24:88:F3:02:8D:BD:44:4D:B6:D6:10:1B:4F:DB:9A:36:6E
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/be32e063-2484-4f24-b3d4-21b5c8f55455.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.139.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         05:e7:ef:e6:44:8f:a1:f9:a7:f7:cf:93:60:90:13:3b:d8:ac:
         88:6b:11:9f:b4:8d:93:35:eb:e7:5a:89:e0:e7:a7:00:a7:9f:
         c8:88:3c:81:22:a9:bf:a3:3a:eb:99:de:03:65:7f:76:ce:8d:
         4a:f8:b2:ba:91:ac:a9:bf:72:f3:28:05:1a:29:12:f2:82:d5:
         a4:d4:3b:00:d3:7f:b8:7d:53:9e:4b:fd:00:39:ac:9a:62:9a:
         f0:5d:94:64:2c:67:42:f0:c8:8c:55:2f:61:62:8a:b4:fa:74:
         50:8a:32:31:d8:18:77:b6:54:11:97:3b:4a:b1:24:dd:2d:75:
         19:81:78:48:fb:35:e6:69:f6:42:ff:ca:9c:c4:4d:4e:4e:59:
         a6:8c:94:2a:1b:ac:9d:d5:ae:91:05:78:58:9c:7b:a2:cc:1d:
         89:e5:61:78:6b:77:3d:32:da:da:1e:b3:6f:2a:0b:3e:2f:43:
         fb:59:8d:3b:15:fd:61:2c:ad:c0:23:57:49:7d:c2:b0:40:4a:
         59:f1:79:17:86:0d:bf:27:6d:d9:1e:0a:46:32:e3:59:fd:45:
         b5:16:ea:1f:c8:2f:f9:07:ec:7c:aa:80:9b:a9:d9:03:55:95:
         de:7e:39:ff:42:6f:5d:66:ce:ce:fc:fb:5f:e6:3c:e0:49:61:
         3b:38:49:f1
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUNo80ndZMJMqivD7q9d4ZBct84mswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA1MjEwMDAwMDBaFw0yNDA2MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDYyMjE5NGMxMWFlMzc1NmU0OTIwMzE1NzQxMzRiMjVhM2YxMTc5NzEyOTYy
MjBhYWY0NTk0N2FhY2MxZjNhM2YxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANFQ3dxuH9gQNYZaSqeL7OoMSLwB82+OGvxD/00eRNiYDCDjeooNRrQECVWI
fYGxL/PE8m9xRICvKFyJUVWcxBGaf1twolIgF/Ibu5DA+3h61owWXXy6qKuDlLWs
/H3YVngHQFYdhKIGG3xgMGqHusi4yGFvC8+8wShfG7hT0+tchTFx+OWjSNvthv2p
7po17f+2GHDRC6V0vbGL/hYUD8Q0ED85UM/lnOs74eJdFZ/1n87MQYhalE0WRe8N
IqeoYyQqLfnuki11iN6lIdRH0zrRLSmHgV1FY7Gc/GoyibjtX8xnB3vvmGNkyizR
7Yb14000HCNmioMJmvEmhQeiD6cCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSrKv0k
iPMCjb1ETbbWEBtP25o2bjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YmUzMmUwNjMtMjQ4NC00ZjI0LWIzZDQtMjFiNWM4ZjU1NDU1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOLMA0G
CSqGSIb3DQEBCwUAA4IBAQAF5+/mRI+h+af3z5NgkBM72KyIaxGftI2TNevnWong
56cAp5/IiDyBIqm/ozrrmd4DZX92zo1K+LK6kaypv3LzKAUaKRLygtWk1DsA03+4
fVOeS/0AOayaYprwXZRkLGdC8MiMVS9hYoq0+nRQijIx2Bh3tlQRlztKsSTdLXUZ
gXhI+zXmafZC/8qcxE1OTlmmjJQqG6yd1a6RBXhYnHuizB2J5WF4a3c9MtraHrNv
Kgs+L0P7WY07Ff1hLK3AI1dJfcKwQEpZ8XkXhg2/J23ZHgpGMuNZ/UW1FuofyC/5
B+x8qoCbqdkDVZXefjn/Qm9dZs7O/Ptf5jzgSWE7OEnx
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:39 2024 by rpki-client on console-ams.rpki-client.org