Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/85056db0-2868-4547-8893-66ae7ad101d4.roa
File:                     85056db0-2868-4547-8893-66ae7ad101d4.roa (raw, json)
Hash identifier:          Ha+G3A+RunBguuDFXf8zMD7RVdeU3NA9dXTbW/155dk=
Subject key identifier:   2E:A4:66:C2:E5:D1:49:B2:BC:C5:1E:D2:FE:B8:4E:B7:B5:E4:0E:37
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       40517D58E86C14DE7903300F341BE16AB01941C7
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/85056db0-2868-4547-8893-66ae7ad101d4.roa
Signing time:             Tue 10 Dec 2024 00:00:00 +0000
ROA not before:           Tue 10 Dec 2024 00:00:00 +0000
ROA not after:            Tue 14 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.90.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Dec 2024 16:33:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:51:7d:58:e8:6c:14:de:79:03:30:0f:34:1b:e1:6a:b0:19:41:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Dec 10 00:00:00 2024 GMT
            Not After : Jan 14 23:59:59 2025 GMT
        Subject: serialNumber=c40bb2d6a7eeb07c04ffe694fd1d0c30a345b1e6a2490f371cf98ab77d2cbe3a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2a:37:ee:e6:98:da:76:f7:a9:ae:6d:b5:31:
                    66:7a:16:36:7c:f3:fb:20:58:04:68:1b:1d:03:5e:
                    bc:49:43:c6:66:b8:c6:d7:ab:05:90:53:3f:01:f7:
                    31:21:aa:e9:99:0e:ca:30:0e:a0:fd:74:a6:75:78:
                    ac:da:8a:95:c6:04:af:36:c7:da:40:16:5e:b2:bf:
                    db:45:fb:45:d1:72:57:27:3b:54:d7:64:4b:1e:d0:
                    a9:66:22:6d:b1:bd:78:24:d5:9a:d4:70:2c:c7:5c:
                    7e:07:40:35:5c:e1:5a:2c:59:c9:a0:ff:7e:a4:d4:
                    10:0d:ec:d1:97:53:52:f2:a9:c2:67:82:ce:00:03:
                    36:1b:c2:23:31:d9:2e:33:43:2c:78:e6:2a:92:f4:
                    9a:43:4c:cc:94:81:96:b5:cf:73:7e:55:ee:fc:4a:
                    9c:0e:94:40:44:d8:cf:3b:a6:1e:c2:b6:82:12:38:
                    0c:53:63:96:12:91:82:e3:50:34:57:2f:8d:3b:23:
                    99:9c:ec:35:dc:43:57:e7:85:59:26:a6:1d:4c:5e:
                    00:7c:8f:22:9c:99:a8:fd:7b:64:fa:78:a6:e0:3e:
                    c1:ce:ab:49:cc:fe:8c:c5:0b:0f:ed:8f:31:bc:8c:
                    99:78:1b:4d:c6:84:5e:26:dd:6a:ff:65:1b:09:60:
                    d6:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:A4:66:C2:E5:D1:49:B2:BC:C5:1E:D2:FE:B8:4E:B7:B5:E4:0E:37
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/85056db0-2868-4547-8893-66ae7ad101d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.90.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c2:a0:0a:3d:e1:7d:7b:98:03:29:ab:b1:92:90:9d:1c:53:7e:
         21:5b:27:1b:53:67:a9:5c:48:0c:1d:fa:f1:64:0a:ca:83:ea:
         85:15:d2:d4:50:4d:35:70:94:c6:a8:de:b2:60:9d:39:17:70:
         62:44:6e:e3:2d:94:b8:a4:55:70:e6:5a:2c:01:53:62:0b:bb:
         b6:ba:ab:73:75:05:5a:da:29:c9:74:5f:c5:f9:cd:0f:e0:71:
         02:47:3d:9a:8c:fe:9c:8c:26:80:25:7d:90:55:c8:82:7f:e8:
         ba:e9:5a:5d:c1:56:81:30:db:5f:d0:02:66:6e:66:e9:f4:e4:
         e6:10:06:82:bf:6f:ff:97:a1:15:b2:b7:3d:99:46:04:50:fa:
         ab:15:6e:56:d2:e5:4a:da:e5:3a:9a:28:ca:ca:49:56:1b:68:
         d2:11:1e:b6:b9:fd:d3:8b:46:04:3e:35:a1:0c:71:c2:d6:8c:
         a6:6d:b0:76:a1:4d:2a:ab:bd:64:1b:dd:f7:a0:45:b4:48:46:
         9c:09:52:4a:43:33:d3:0b:f0:45:24:b4:0f:93:4e:79:ed:a8:
         9b:c4:6e:76:9b:45:77:1a:d1:22:55:12:5d:c8:76:08:61:6a:
         c8:30:84:50:ac:92:0e:1e:58:7d:45:0d:90:75:39:62:79:8d:
         87:cb:5c:ca
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUQFF9WOhsFN55AzAPNBvharAZQccwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDEyMTAwMDAwMDBaFw0yNTAxMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQGM0MGJiMmQ2YTdlZWIwN2MwNGZmZTY5NGZkMWQwYzMwYTM0NWIxZTZhMjQ5
MGYzNzFjZjk4YWI3N2QyY2JlM2ExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM4qN+7mmNp296mubbUxZnoWNnzz+yBYBGgbHQNevElDxma4xterBZBTPwH3
MSGq6ZkOyjAOoP10pnV4rNqKlcYErzbH2kAWXrK/20X7RdFyVyc7VNdkSx7QqWYi
bbG9eCTVmtRwLMdcfgdANVzhWixZyaD/fqTUEA3s0ZdTUvKpwmeCzgADNhvCIzHZ
LjNDLHjmKpL0mkNMzJSBlrXPc35V7vxKnA6UQETYzzumHsK2ghI4DFNjlhKRguNQ
NFcvjTsjmZzsNdxDV+eFWSamHUxeAHyPIpyZqP17ZPp4puA+wc6rScz+jMULD+2P
MbyMmXgbTcaEXibdav9lGwlg1hUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQupGbC
5dFJsrzFHtL+uE63teQONzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODUwNTZkYjAtMjg2OC00NTQ3LTg4OTMtNjZhZTdhZDEwMWQ0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNaMA0G
CSqGSIb3DQEBCwUAA4IBAQDCoAo94X17mAMpq7GSkJ0cU34hWycbU2epXEgMHfrx
ZArKg+qFFdLUUE01cJTGqN6yYJ05F3BiRG7jLZS4pFVw5losAVNiC7u2uqtzdQVa
2inJdF/F+c0P4HECRz2ajP6cjCaAJX2QVciCf+i66VpdwVaBMNtf0AJmbmbp9OTm
EAaCv2//l6EVsrc9mUYEUPqrFW5W0uVK2uU6mijKyklWG2jSER62uf3Ti0YEPjWh
DHHC1oymbbB2oU0qq71kG933oEW0SEacCVJKQzPTC/BFJLQPk0557aibxG52m0V3
GtEiVRJdyHYIYWrIMIRQrJIOHlh9RQ2QdTlieY2Hy1zK
-----END CERTIFICATE-----
Generated at Tue Dec 10 22:27:40 2024 by rpki-client on console-ams.rpki-client.org