Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc353215-935f-47d2-9298-767ccc0eae1a.roa
File:                     fc353215-935f-47d2-9298-767ccc0eae1a.roa (raw, json)
Hash identifier:          Mu2hJ5Kbm2xdR1fy1rak2oxu0Cpsqypq1WFHNeufuKM=
Subject key identifier:   A7:39:5D:13:2A:B2:89:F4:5A:0D:D1:03:C7:BC:52:C3:D0:6A:31:05
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       336DD4A03C8AA6AAB3B903DB76A9256A53F0D61B
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc353215-935f-47d2-9298-767ccc0eae1a.roa
Signing time:             Tue 21 May 2024 00:00:00 +0000
ROA not before:           Tue 21 May 2024 00:00:00 +0000
ROA not after:            Tue 25 Jun 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        85.151.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:6d:d4:a0:3c:8a:a6:aa:b3:b9:03:db:76:a9:25:6a:53:f0:d6:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May 21 00:00:00 2024 GMT
            Not After : Jun 25 23:59:59 2024 GMT
        Subject: serialNumber=8ffda4dd5009f090d7408375b7142e8073254d78974d182cb4d2edd027ee6c3f, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d3:0e:91:b5:07:b7:22:ea:a0:f1:2f:ce:32:
                    2e:87:f0:89:83:78:9e:ab:75:fe:9d:1d:16:55:e5:
                    93:35:f6:54:1a:fc:84:82:78:6d:4c:72:27:8c:24:
                    94:7c:a1:1d:7d:10:ae:8f:36:ed:16:0f:83:ef:04:
                    d6:d8:f4:cd:9d:58:2a:6a:1a:30:b4:fc:2a:87:89:
                    fe:65:9b:47:46:97:6a:bd:2d:71:2b:d3:ce:ab:e8:
                    c5:5c:99:0b:c5:af:47:16:97:e7:be:62:a2:a9:9a:
                    54:87:71:d9:4a:e6:e1:fd:c9:dd:72:e4:ef:93:18:
                    58:78:8b:20:11:a0:94:ff:1c:4e:c6:7c:dd:d0:a2:
                    a4:bd:f0:7b:1a:31:2a:2d:d6:0c:64:e2:5d:3b:2c:
                    79:4c:5c:3c:b7:ad:28:8d:da:29:92:aa:40:4f:ab:
                    bf:a5:e7:6d:d4:87:be:37:70:1d:33:1f:df:4c:0d:
                    71:78:fa:ff:9c:6f:da:ca:08:00:b1:63:b1:dd:21:
                    a0:23:15:03:22:fe:48:f7:6c:a9:c8:d9:67:83:5f:
                    29:b4:34:d5:e2:b8:66:95:84:5a:d4:5d:54:78:4d:
                    f8:92:ed:c5:6d:52:44:b2:f0:d9:7a:0b:4e:08:4c:
                    22:1f:00:d8:37:66:3f:19:3f:77:4e:ed:bf:9b:0a:
                    a4:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:39:5D:13:2A:B2:89:F4:5A:0D:D1:03:C7:BC:52:C3:D0:6A:31:05
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc353215-935f-47d2-9298-767ccc0eae1a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.151.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2b:dc:a6:0a:a0:1b:be:90:52:3a:49:54:1b:41:51:c6:c8:be:
         57:5f:3b:b6:58:76:5e:58:b0:22:b9:79:88:21:d9:6c:c1:01:
         60:d3:db:cb:44:9c:ce:32:d7:d6:48:68:c7:e6:98:1b:24:06:
         f2:73:ab:1f:90:7d:02:ba:0c:bf:d7:9c:3b:d5:12:9c:9f:cb:
         2b:87:ce:3b:8d:25:00:8a:ff:f1:50:e5:09:d3:fa:43:da:aa:
         9d:e8:33:b9:5a:ac:55:bb:b5:e5:38:8e:05:61:7c:e2:2d:0b:
         27:31:83:7e:9d:68:b8:61:ca:5c:a4:f3:54:7a:05:50:51:2f:
         bd:a4:87:1a:2b:d9:be:95:4a:54:23:0b:47:b2:aa:80:6a:53:
         35:57:70:27:24:1b:c6:31:34:13:0c:21:58:01:68:bd:ad:2c:
         f8:c5:7f:12:ad:37:30:a3:8b:5c:c4:e3:d2:9c:e0:95:47:b1:
         30:64:e8:f3:ce:03:c5:b4:5e:69:7b:d2:a0:78:26:3f:d9:8c:
         41:dd:66:ca:0e:fe:4c:b6:d5:47:9c:14:ed:e9:ce:a7:34:97:
         18:73:fe:44:39:2e:a2:0b:65:51:4b:f5:a5:2f:ed:7c:58:df:
         f3:60:7f:53:bb:5d:3e:66:46:cd:db:f5:83:b5:76:3d:54:3f:
         23:a7:ca:6d
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUM23UoDyKpqqzuQPbdqklalPw1hswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA1MjEwMDAwMDBaFw0yNDA2MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDhmZmRhNGRkNTAwOWYwOTBkNzQwODM3NWI3MTQyZTgwNzMyNTRkNzg5NzRk
MTgyY2I0ZDJlZGQwMjdlZTZjM2YxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKLTDpG1B7ci6qDxL84yLofwiYN4nqt1/p0dFlXlkzX2VBr8hIJ4bUxyJ4wk
lHyhHX0Qro827RYPg+8E1tj0zZ1YKmoaMLT8KoeJ/mWbR0aXar0tcSvTzqvoxVyZ
C8WvRxaX575ioqmaVIdx2Urm4f3J3XLk75MYWHiLIBGglP8cTsZ83dCipL3wexox
Ki3WDGTiXTsseUxcPLetKI3aKZKqQE+rv6XnbdSHvjdwHTMf30wNcXj6/5xv2soI
ALFjsd0hoCMVAyL+SPdsqcjZZ4NfKbQ01eK4ZpWEWtRdVHhN+JLtxW1SRLLw2XoL
TghMIh8A2DdmPxk/d07tv5sKpA8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSnOV0T
KrKJ9FoN0QPHvFLD0GoxBTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmMzNTMyMTUtOTM1Zi00N2QyLTkyOTgtNzY3Y2NjMGVhZTFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAFWXMA0G
CSqGSIb3DQEBCwUAA4IBAQAr3KYKoBu+kFI6SVQbQVHGyL5XXzu2WHZeWLAiuXmI
IdlswQFg09vLRJzOMtfWSGjH5pgbJAbyc6sfkH0Cugy/15w71RKcn8srh847jSUA
iv/xUOUJ0/pD2qqd6DO5WqxVu7XlOI4FYXziLQsnMYN+nWi4YcpcpPNUegVQUS+9
pIcaK9m+lUpUIwtHsqqAalM1V3AnJBvGMTQTDCFYAWi9rSz4xX8SrTcwo4tcxOPS
nOCVR7EwZOjzzgPFtF5pe9KgeCY/2YxB3WbKDv5MttVHnBTt6c6nNJcYc/5EOS6i
C2VRS/WlL+18WN/zYH9Tu10+ZkbN2/WDtXY9VD8jp8pt
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:40 2024 by rpki-client on console-ams.rpki-client.org