Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/be32e063-2484-4f24-b3d4-21b5c8f55455.roa
File:                     be32e063-2484-4f24-b3d4-21b5c8f55455.roa (raw, json)
Hash identifier:          NzLwgW+dWwtViCkAOiMn03pT+UnkKLV2ol0zWr2r4DE=
Subject key identifier:   06:9A:36:6F:0C:6E:E1:62:73:28:93:D6:C1:93:2D:03:C8:3D:ED:57
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       76C749B32C9B278994947FAC4820D1D9C1B82E5E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/be32e063-2484-4f24-b3d4-21b5c8f55455.roa
Signing time:             Mon 17 Jun 2024 00:00:00 +0000
ROA not before:           Mon 17 Jun 2024 00:00:00 +0000
ROA not after:            Mon 22 Jul 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.139.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:c7:49:b3:2c:9b:27:89:94:94:7f:ac:48:20:d1:d9:c1:b8:2e:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 17 00:00:00 2024 GMT
            Not After : Jul 22 23:59:59 2024 GMT
        Subject: serialNumber=0930fb7add86fbd8cf7241fe248c7fd9ca160e4cab13fd35bd691141c1e8a8cf, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:13:26:22:68:37:0d:81:2b:1b:e1:d5:1e:0d:
                    6c:0d:3b:3f:ba:ec:5e:30:63:3c:82:92:66:22:fd:
                    07:f0:65:38:c3:fe:36:87:cf:d7:3e:65:c0:b1:62:
                    d1:3b:ff:f6:01:b1:d4:64:ad:1d:27:c0:3d:ef:41:
                    f3:5e:2a:e6:dc:45:b2:ee:87:95:e1:7f:ba:f0:e1:
                    09:58:c7:c0:19:b2:4d:1f:68:c1:f0:95:3e:4b:74:
                    a7:8f:a0:45:f7:11:8c:c4:b6:6c:f9:ac:9f:2b:6b:
                    c6:19:30:16:85:73:04:ae:be:79:71:74:47:30:c3:
                    2c:4f:ba:83:8b:f9:c9:e1:32:3d:98:b9:74:2a:b5:
                    43:f2:68:bb:49:e4:7a:e1:9e:a9:2f:47:53:fd:29:
                    ee:2d:a0:ba:ef:45:60:b9:a0:91:dc:16:16:90:77:
                    1a:27:6f:df:0e:9e:61:e4:ec:aa:86:ce:d4:72:d7:
                    6b:c6:f2:76:93:18:f7:1e:98:34:0d:74:33:ea:a6:
                    85:54:87:39:13:e8:bf:12:44:ef:4b:00:31:82:f0:
                    82:08:80:20:59:21:12:fd:1d:04:28:b3:a3:44:4d:
                    02:1e:7d:a6:ad:51:f9:6f:5b:a3:9e:d0:ce:68:56:
                    44:09:71:0b:86:cb:fe:84:29:9f:d2:7f:80:0d:c8:
                    13:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:9A:36:6F:0C:6E:E1:62:73:28:93:D6:C1:93:2D:03:C8:3D:ED:57
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/be32e063-2484-4f24-b3d4-21b5c8f55455.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.139.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         70:ee:ef:5c:ae:10:7b:fb:09:b4:3f:47:dd:06:e1:b0:7a:2d:
         5f:37:c8:60:c1:27:55:15:ae:7c:3d:ab:f5:56:8b:75:73:79:
         4f:a2:42:07:49:67:db:09:0d:d2:a6:45:01:1d:48:7c:09:c3:
         ed:84:64:9a:bd:e9:9c:79:68:0f:35:4f:db:7d:03:eb:d7:e2:
         38:22:d6:e6:a7:da:71:4b:f9:4f:a3:bc:4b:98:a1:ff:77:43:
         93:21:59:4d:ca:79:de:75:00:a2:35:56:be:fe:4a:16:8d:65:
         92:46:ee:98:fa:4b:4a:8d:bf:ec:4c:52:e2:24:30:39:77:8f:
         47:d3:1a:a6:3c:64:16:41:5f:bc:e2:5f:f3:a7:ae:02:b4:19:
         f7:b8:f3:9c:9a:ea:b6:f8:e5:d4:d0:72:f4:4d:82:38:e3:c5:
         1f:ee:f9:63:dd:79:f8:dc:4f:ad:4c:6d:c5:9f:ec:7e:fe:71:
         a5:04:32:21:fa:26:d6:b4:9a:49:b7:0d:e8:bb:c1:43:4b:0f:
         7e:ca:a4:d2:d2:03:9b:7c:f0:7a:e9:4b:80:26:13:44:63:d3:
         72:04:32:dc:0f:1b:95:2a:a1:26:89:e2:c1:c1:ae:3b:0f:85:
         d6:66:20:31:d3:a3:03:b2:a3:86:71:4c:7d:88:92:ed:a4:eb:
         67:56:2c:dc
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUdsdJsyybJ4mUlH+sSCDR2cG4Ll4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MTcwMDAwMDBaFw0yNDA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDA5MzBmYjdhZGQ4NmZiZDhjZjcyNDFmZTI0OGM3ZmQ5Y2ExNjBlNGNhYjEz
ZmQzNWJkNjkxMTQxYzFlOGE4Y2YxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALITJiJoNw2BKxvh1R4NbA07P7rsXjBjPIKSZiL9B/BlOMP+NofP1z5lwLFi
0Tv/9gGx1GStHSfAPe9B814q5txFsu6HleF/uvDhCVjHwBmyTR9owfCVPkt0p4+g
RfcRjMS2bPmsnytrxhkwFoVzBK6+eXF0RzDDLE+6g4v5yeEyPZi5dCq1Q/Jou0nk
euGeqS9HU/0p7i2guu9FYLmgkdwWFpB3Gidv3w6eYeTsqobO1HLXa8bydpMY9x6Y
NA10M+qmhVSHORPovxJE70sAMYLwggiAIFkhEv0dBCizo0RNAh59pq1R+W9bo57Q
zmhWRAlxC4bL/oQpn9J/gA3IE+kCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQGmjZv
DG7hYnMok9bBky0DyD3tVzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YmUzMmUwNjMtMjQ4NC00ZjI0LWIzZDQtMjFiNWM4ZjU1NDU1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOLMA0G
CSqGSIb3DQEBCwUAA4IBAQBw7u9crhB7+wm0P0fdBuGwei1fN8hgwSdVFa58Pav1
Vot1c3lPokIHSWfbCQ3SpkUBHUh8CcPthGSavemceWgPNU/bfQPr1+I4Itbmp9px
S/lPo7xLmKH/d0OTIVlNynnedQCiNVa+/koWjWWSRu6Y+ktKjb/sTFLiJDA5d49H
0xqmPGQWQV+84l/zp64CtBn3uPOcmuq2+OXU0HL0TYI448Uf7vlj3Xn43E+tTG3F
n+x+/nGlBDIh+ibWtJpJtw3ou8FDSw9+yqTS0gObfPB66UuAJhNEY9NyBDLcDxuV
KqEmieLBwa47D4XWZiAx06MDsqOGcUx9iJLtpOtnVizc
-----END CERTIFICATE-----
Generated at Wed Jun 26 02:09:57 2024 by rpki-client on console-ams.rpki-client.org