Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/83c9f9c4-39a2-4f5f-9188-1a9e0dccf209.roa
File:                     83c9f9c4-39a2-4f5f-9188-1a9e0dccf209.roa (raw, json)
Hash identifier:          fdmiXnAUN+Si/HuUAuQGA6f/b6F6IbFMHEpCRL/RljE=
Subject key identifier:   9F:CB:F1:37:ED:89:4F:7C:86:FF:01:6C:28:68:B2:38:29:3C:CD:CB
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       26E90CCCF01BA26FDD3386C9E1F2D0F2855B1937
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/83c9f9c4-39a2-4f5f-9188-1a9e0dccf209.roa
Signing time:             Tue 22 Oct 2024 00:00:00 +0000
ROA not before:           Tue 22 Oct 2024 00:00:00 +0000
ROA not after:            Tue 26 Nov 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.150.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 Nov 2024 15:27:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:e9:0c:cc:f0:1b:a2:6f:dd:33:86:c9:e1:f2:d0:f2:85:5b:19:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Oct 22 00:00:00 2024 GMT
            Not After : Nov 26 23:59:59 2024 GMT
        Subject: serialNumber=4aefc6fe32cd4b2b5c28982917a5c3bea498caab21acd2a95bd7bd314af1b1c8, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:19:0d:02:35:01:42:90:81:c6:a9:f5:91:83:
                    1b:07:61:18:f2:d0:35:4b:01:df:5d:7e:08:f1:a0:
                    45:b5:08:f5:08:dd:2a:87:fc:c7:7f:26:46:78:5e:
                    d4:b6:33:b7:9a:34:ee:1d:dd:52:3d:fc:75:af:ea:
                    53:0e:06:39:03:4e:c3:fd:0c:17:7b:85:e3:1f:83:
                    69:20:f2:cf:0f:1a:1d:89:e1:84:c0:ef:22:fe:04:
                    2b:e4:f2:9b:85:42:5d:f6:7e:56:96:cb:ee:82:dc:
                    c4:85:bb:8a:6d:d3:f9:8b:6c:46:65:b7:43:ea:24:
                    0d:77:55:13:77:27:92:d2:84:a9:ca:e1:67:10:1f:
                    8b:c0:b6:df:54:89:eb:68:b3:d2:98:e5:3f:f6:c1:
                    34:cf:60:61:df:de:8b:95:69:99:fc:3d:5e:e2:4f:
                    aa:c0:5a:7d:d6:56:33:c3:fa:ec:51:67:2f:c0:e9:
                    06:cb:c6:84:be:b8:16:0c:de:0e:be:29:c6:61:44:
                    5f:34:e1:d6:37:08:d8:b6:48:69:5d:e2:96:6f:bb:
                    64:12:f8:40:05:b2:1a:c5:13:da:8c:ed:ee:37:d9:
                    f5:dd:b5:be:3d:16:94:6d:08:dc:49:65:df:a1:69:
                    22:b3:35:c3:3a:d3:6e:e9:17:16:f8:ff:ac:63:3f:
                    4a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:CB:F1:37:ED:89:4F:7C:86:FF:01:6C:28:68:B2:38:29:3C:CD:CB
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/83c9f9c4-39a2-4f5f-9188-1a9e0dccf209.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.150.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         44:df:6a:4b:56:b0:bf:5f:c9:cb:31:65:ad:a8:75:cc:04:7e:
         01:52:5f:a7:ba:d5:67:c4:fe:be:1a:64:4c:4a:cf:6a:cc:7d:
         cc:4c:26:44:1a:44:ee:cd:42:e9:95:77:06:ab:e8:82:f1:7d:
         bb:db:a2:ff:c4:2a:06:cf:bd:f9:47:69:ae:f8:9f:be:0e:91:
         81:27:e0:3a:82:40:54:64:24:6d:77:e9:05:ac:d7:3c:58:e1:
         be:20:fc:02:93:d9:23:65:38:a2:34:8c:3c:eb:cc:89:55:f8:
         3c:d1:45:59:9a:87:c1:b3:69:3d:7f:c7:67:e5:4c:a1:7e:ad:
         55:e8:4b:dd:09:96:f9:b9:25:ac:38:86:8c:08:00:c6:03:09:
         10:96:13:25:c9:81:fe:73:bd:4b:99:88:af:88:2c:0a:17:9e:
         2d:3d:26:3e:da:86:f6:ea:db:cd:ab:6e:0b:44:0a:20:63:2a:
         bc:69:c1:8d:60:d9:ab:1b:ed:fc:c3:de:1d:54:d4:9a:90:ad:
         9e:8d:90:61:dc:d0:d0:36:02:fa:63:6c:88:3e:9c:ba:37:5d:
         c5:ba:5f:84:8f:64:6b:fd:21:32:79:77:a6:83:b1:0e:bc:e5:
         b8:cb:70:97:b5:cc:b8:9b:40:da:43:ef:2d:9f:f8:0a:28:af:
         02:cd:56:a8
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUJukMzPAbom/dM4bJ4fLQ8oVbGTcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDEwMjIwMDAwMDBaFw0yNDExMjYyMzU5NTlaMHoxSTBHBgNV
BAUTQDRhZWZjNmZlMzJjZDRiMmI1YzI4OTgyOTE3YTVjM2JlYTQ5OGNhYWIyMWFj
ZDJhOTViZDdiZDMxNGFmMWIxYzgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALMZDQI1AUKQgcap9ZGDGwdhGPLQNUsB311+CPGgRbUI9QjdKof8x38mRnhe
1LYzt5o07h3dUj38da/qUw4GOQNOw/0MF3uF4x+DaSDyzw8aHYnhhMDvIv4EK+Ty
m4VCXfZ+VpbL7oLcxIW7im3T+YtsRmW3Q+okDXdVE3cnktKEqcrhZxAfi8C231SJ
62iz0pjlP/bBNM9gYd/ei5Vpmfw9XuJPqsBafdZWM8P67FFnL8DpBsvGhL64Fgze
Dr4pxmFEXzTh1jcI2LZIaV3ilm+7ZBL4QAWyGsUT2ozt7jfZ9d21vj0WlG0I3Ell
36FpIrM1wzrTbukXFvj/rGM/SisCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSfy/E3
7YlPfIb/AWwoaLI4KTzNyzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODNjOWY5YzQtMzlhMi00ZjVmLTkxODgtMWE5ZTBkY2NmMjA5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOWMA0G
CSqGSIb3DQEBCwUAA4IBAQBE32pLVrC/X8nLMWWtqHXMBH4BUl+nutVnxP6+GmRM
Ss9qzH3MTCZEGkTuzULplXcGq+iC8X2726L/xCoGz735R2mu+J++DpGBJ+A6gkBU
ZCRtd+kFrNc8WOG+IPwCk9kjZTiiNIw868yJVfg80UVZmofBs2k9f8dn5Uyhfq1V
6EvdCZb5uSWsOIaMCADGAwkQlhMlyYH+c71LmYiviCwKF54tPSY+2ob26tvNq24L
RAogYyq8acGNYNmrG+38w94dVNSakK2ejZBh3NDQNgL6Y2yIPpy6N13Ful+Ej2Rr
/SEyeXemg7EOvOW4y3CXtcy4m0DaQ+8tn/gKKK8CzVao
-----END CERTIFICATE-----
Generated at Tue Nov 12 17:56:18 2024 by rpki-client on console-ams.rpki-client.org