Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2db57b82-f8e4-4b85-a46a-befecb4774c0.roa
File:                     2db57b82-f8e4-4b85-a46a-befecb4774c0.roa (raw, json)
Hash identifier:          jcwLKIZ2C8Zus75t0MvNUnCkLwamLu17YS8eg/k9Dhc=
Subject key identifier:   4F:63:EA:A9:64:61:A3:92:E6:A2:5A:D4:CB:4C:38:F1:F1:C2:74:20
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5FCC68CF16FBB0F8F883573DFBB284DA13F1AF30
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2db57b82-f8e4-4b85-a46a-befecb4774c0.roa
Signing time:             Fri 12 Jul 2024 00:00:00 +0000
ROA not before:           Fri 12 Jul 2024 00:00:00 +0000
ROA not after:            Fri 16 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.32.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Jul 2024 15:17:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:cc:68:cf:16:fb:b0:f8:f8:83:57:3d:fb:b2:84:da:13:f1:af:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 12 00:00:00 2024 GMT
            Not After : Aug 16 23:59:59 2024 GMT
        Subject: serialNumber=03bde861b029ccdacc53ec987bf7698221d430860cead4bd82c8c07ff4dadd80, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:44:0a:f4:ae:57:43:9e:4d:9a:43:46:96:c7:
                    53:a7:dd:4c:df:4a:fb:43:c3:eb:d3:80:b7:41:c5:
                    6e:bb:91:0d:ed:10:cb:18:6e:59:b2:14:b1:68:37:
                    36:b6:b1:73:f9:a9:3a:52:76:07:e2:f8:50:71:67:
                    0c:38:f8:70:c7:5c:0c:6d:c7:ae:06:9e:7d:4a:68:
                    72:e5:3b:ee:44:9e:e9:5d:0b:61:33:b2:94:88:df:
                    f8:56:8d:c0:c9:f0:bd:85:2b:52:0a:51:60:5f:20:
                    53:39:f6:1b:33:72:96:99:37:74:1c:c6:27:a4:25:
                    6f:f6:31:41:c6:b1:d8:7e:14:f1:33:24:79:56:ff:
                    58:4c:36:9e:8d:16:69:1b:88:8c:2f:2a:a0:0c:c8:
                    45:22:25:fc:5a:e3:10:6b:ca:05:d7:8a:bd:fa:85:
                    e4:0f:89:c0:f0:e6:0f:a3:90:6e:d6:d2:7a:3e:5c:
                    a0:d2:03:9e:59:29:aa:16:19:7e:3d:8e:89:17:fc:
                    09:36:bb:e5:5e:aa:bf:37:e0:8b:c0:5e:d4:64:d4:
                    3d:31:fe:98:1e:09:55:1a:29:9e:ce:0b:fb:49:60:
                    d2:ea:f1:ad:b3:f9:2d:cb:40:7f:d7:6b:da:48:87:
                    48:75:bd:44:0a:a6:ad:61:93:1b:32:2c:96:17:64:
                    eb:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:63:EA:A9:64:61:A3:92:E6:A2:5A:D4:CB:4C:38:F1:F1:C2:74:20
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2db57b82-f8e4-4b85-a46a-befecb4774c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.32.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a0:ab:3d:a0:56:c3:12:61:f9:dd:cb:13:70:eb:bb:81:23:1f:
         70:e2:0e:73:d4:a0:b9:f2:63:63:2a:ea:e9:85:fb:46:dc:20:
         f9:9a:3e:cf:79:7e:ac:2a:69:42:d8:47:97:6b:08:62:46:de:
         d1:d7:dc:33:7a:7d:43:cc:36:63:1c:f7:aa:54:68:69:08:05:
         c4:ea:9f:fa:d0:db:db:07:6d:99:f5:77:59:a1:22:31:f8:42:
         f7:66:06:cc:8a:5c:50:72:09:cd:64:25:c2:bc:9c:b9:65:99:
         00:c6:71:89:28:7b:9b:36:d1:13:75:0f:f5:b6:c2:67:f4:d1:
         8f:b1:e7:b9:8c:10:37:8a:63:72:1b:67:64:b0:38:c0:dd:66:
         fb:4b:6c:5c:9e:96:bc:24:1d:08:17:55:3e:d7:66:45:41:d7:
         41:6c:a2:bc:33:4d:cc:78:59:81:e2:38:47:23:c8:57:00:ad:
         05:f5:e8:c2:92:46:57:b8:60:de:26:d9:8d:fe:4c:a5:3f:87:
         e9:81:12:df:64:b7:2f:19:06:96:4f:c7:b5:ef:c1:a2:c7:86:
         c8:bf:fe:92:99:5f:b5:87:da:ba:94:be:06:5c:4e:38:2f:59:
         38:72:4e:0c:09:98:03:ea:eb:c5:36:a8:c0:24:a7:35:f4:8e:
         7d:b2:8a:cf
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUX8xozxb7sPj4g1c9+7KE2hPxrzAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA3MTIwMDAwMDBaFw0yNDA4MTYyMzU5NTlaMHoxSTBHBgNV
BAUTQDAzYmRlODYxYjAyOWNjZGFjYzUzZWM5ODdiZjc2OTgyMjFkNDMwODYwY2Vh
ZDRiZDgyYzhjMDdmZjRkYWRkODAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI9ECvSuV0OeTZpDRpbHU6fdTN9K+0PD69OAt0HFbruRDe0QyxhuWbIUsWg3
Nraxc/mpOlJ2B+L4UHFnDDj4cMdcDG3HrgaefUpocuU77kSe6V0LYTOylIjf+FaN
wMnwvYUrUgpRYF8gUzn2GzNylpk3dBzGJ6Qlb/YxQcax2H4U8TMkeVb/WEw2no0W
aRuIjC8qoAzIRSIl/FrjEGvKBdeKvfqF5A+JwPDmD6OQbtbSej5coNIDnlkpqhYZ
fj2OiRf8CTa75V6qvzfgi8Be1GTUPTH+mB4JVRopns4L+0lg0urxrbP5LctAf9dr
2kiHSHW9RAqmrWGTGzIslhdk6yMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRPY+qp
ZGGjkuaiWtTLTDjx8cJ0IDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MmRiNTdiODItZjhlNC00Yjg1LWE0NmEtYmVmZWNiNDc3NGMwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMgMA0G
CSqGSIb3DQEBCwUAA4IBAQCgqz2gVsMSYfndyxNw67uBIx9w4g5z1KC58mNjKurp
hftG3CD5mj7PeX6sKmlC2EeXawhiRt7R19wzen1DzDZjHPeqVGhpCAXE6p/60Nvb
B22Z9XdZoSIx+EL3ZgbMilxQcgnNZCXCvJy5ZZkAxnGJKHubNtETdQ/1tsJn9NGP
see5jBA3imNyG2dksDjA3Wb7S2xcnpa8JB0IF1U+12ZFQddBbKK8M03MeFmB4jhH
I8hXAK0F9ejCkkZXuGDeJtmN/kylP4fpgRLfZLcvGQaWT8e178Gix4bIv/6SmV+1
h9q6lL4GXE44L1k4ck4MCZgD6uvFNqjAJKc19I59sorP
-----END CERTIFICATE-----
Generated at Mon Jul 15 20:17:38 2024 by rpki-client on console-fra.rpki-client.org