Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc353215-935f-47d2-9298-767ccc0eae1a.roa
File:                     fc353215-935f-47d2-9298-767ccc0eae1a.roa (raw, json)
Hash identifier:          8Xkd45o9SrZDD852ek0wXGvcD6kIi9dopSP+Xfo/f/U=
Subject key identifier:   37:49:11:30:C4:AF:DC:C5:09:61:8D:0C:1B:86:A5:FF:C1:8D:31:D5
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       294F6DC51EB26AB12CA76DEA8066E0734F1E65E9
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc353215-935f-47d2-9298-767ccc0eae1a.roa
Signing time:             Mon 17 Jun 2024 00:00:00 +0000
ROA not before:           Mon 17 Jun 2024 00:00:00 +0000
ROA not after:            Mon 22 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        85.151.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:4f:6d:c5:1e:b2:6a:b1:2c:a7:6d:ea:80:66:e0:73:4f:1e:65:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 17 00:00:00 2024 GMT
            Not After : Jul 22 23:59:59 2024 GMT
        Subject: serialNumber=b93265d914e61e086239d143d251a540d5fa28ea86d48c2d2e6b6759835c835d, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:4d:9b:80:7a:c1:0c:9d:c1:08:8c:38:af:f7:
                    f1:ef:3f:69:30:75:6f:84:da:2f:7f:72:9f:fa:96:
                    91:3b:64:71:8e:f4:a2:5e:d7:54:07:ae:39:ee:02:
                    81:c4:9d:a7:f8:e7:14:c6:45:f0:d2:d1:97:8a:86:
                    d6:37:92:7c:31:55:bb:95:65:2b:5d:e9:74:c3:e4:
                    d0:72:73:ea:bf:bb:27:f2:71:7f:41:ad:bb:27:12:
                    4c:17:01:c8:e2:34:47:d5:e4:05:22:62:d8:da:98:
                    d6:0b:a6:fd:05:99:37:70:2a:af:e8:0e:cc:d3:94:
                    e8:fb:ff:b0:68:f0:b1:27:65:b1:fc:c5:58:53:47:
                    35:70:aa:6d:9f:37:82:dd:e7:0e:3c:58:6d:84:61:
                    72:1e:90:9c:8a:37:a4:58:4c:8e:f3:8f:44:56:5c:
                    aa:c3:d9:43:90:9f:5a:e7:79:37:23:73:9d:c6:d4:
                    59:6a:d5:65:07:1c:01:e1:b7:75:87:d4:08:1d:05:
                    ac:6c:96:b2:07:b0:da:84:e5:d5:45:ba:79:94:f6:
                    d6:f9:53:5c:27:73:1a:12:aa:79:94:19:4e:33:9d:
                    c2:50:fc:73:0a:a4:96:4a:e4:44:45:53:04:2a:a3:
                    6d:41:02:31:da:fe:65:6f:47:ed:ef:2c:07:ff:a0:
                    56:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:49:11:30:C4:AF:DC:C5:09:61:8D:0C:1B:86:A5:FF:C1:8D:31:D5
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc353215-935f-47d2-9298-767ccc0eae1a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.151.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b2:b0:99:0b:2f:c6:72:7a:22:db:60:31:5c:95:e4:13:6a:18:
         d6:1e:d8:3c:50:9e:71:c4:f3:8b:a5:9c:ee:48:a0:df:1f:f0:
         0d:85:da:bd:98:2e:18:dc:3f:d3:fe:60:95:1e:b0:1f:81:be:
         e4:af:5c:0c:19:bf:38:23:af:dd:4c:b0:7a:87:2d:84:3b:ba:
         d7:f1:b1:db:79:2e:73:12:bf:3f:51:44:a9:77:6d:62:1a:f1:
         b5:0f:8f:23:16:de:de:cd:d4:74:1a:85:38:32:c7:88:f9:69:
         ee:59:e8:04:11:d8:69:0b:d1:5b:4f:59:ad:a2:ba:d0:ad:4d:
         46:28:94:43:fb:2b:cf:34:6b:8b:40:ba:a2:e7:09:da:92:9b:
         07:fb:0d:ee:e4:84:dc:e7:6a:a1:c0:a9:f7:4b:17:19:a3:14:
         7d:d6:71:6a:a9:4c:cc:e6:1e:44:ee:4a:87:84:96:69:7c:e1:
         9b:0d:fe:69:f0:fd:ba:0a:61:c0:68:7a:32:23:c3:a7:d3:ac:
         db:48:9e:64:17:0d:98:c8:fe:80:e7:b8:5d:83:07:c8:7d:3f:
         be:a0:fa:d9:00:73:ed:a2:d0:6f:8d:dd:05:70:3f:82:cf:09:
         15:63:e8:6d:7e:7c:05:5a:52:d6:eb:7f:9e:a5:ae:7e:f7:d2:
         d2:29:d1:0f
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUKU9txR6yarEsp23qgGbgc08eZekwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MTcwMDAwMDBaFw0yNDA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQGI5MzI2NWQ5MTRlNjFlMDg2MjM5ZDE0M2QyNTFhNTQwZDVmYTI4ZWE4NmQ0
OGMyZDJlNmI2NzU5ODM1YzgzNWQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJdNm4B6wQydwQiMOK/38e8/aTB1b4TaL39yn/qWkTtkcY70ol7XVAeuOe4C
gcSdp/jnFMZF8NLRl4qG1jeSfDFVu5VlK13pdMPk0HJz6r+7J/Jxf0GtuycSTBcB
yOI0R9XkBSJi2NqY1gum/QWZN3Aqr+gOzNOU6Pv/sGjwsSdlsfzFWFNHNXCqbZ83
gt3nDjxYbYRhch6QnIo3pFhMjvOPRFZcqsPZQ5CfWud5NyNzncbUWWrVZQccAeG3
dYfUCB0FrGyWsgew2oTl1UW6eZT21vlTXCdzGhKqeZQZTjOdwlD8cwqklkrkREVT
BCqjbUECMdr+ZW9H7e8sB/+gVvcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ3SREw
xK/cxQlhjQwbhqX/wY0x1TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmMzNTMyMTUtOTM1Zi00N2QyLTkyOTgtNzY3Y2NjMGVhZTFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAFWXMA0G
CSqGSIb3DQEBCwUAA4IBAQCysJkLL8ZyeiLbYDFcleQTahjWHtg8UJ5xxPOLpZzu
SKDfH/ANhdq9mC4Y3D/T/mCVHrAfgb7kr1wMGb84I6/dTLB6hy2EO7rX8bHbeS5z
Er8/UUSpd21iGvG1D48jFt7ezdR0GoU4MseI+WnuWegEEdhpC9FbT1mtorrQrU1G
KJRD+yvPNGuLQLqi5wnakpsH+w3u5ITc52qhwKn3SxcZoxR91nFqqUzM5h5E7kqH
hJZpfOGbDf5p8P26CmHAaHoyI8On06zbSJ5kFw2YyP6A57hdgwfIfT++oPrZAHPt
otBvjd0FcD+CzwkVY+htfnwFWlLW63+epa5+99LSKdEP
-----END CERTIFICATE-----
Generated at Wed Jun 26 02:44:41 2024 by rpki-client on console-fra.rpki-client.org