Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d13d26ae-36b1-4815-a7f0-4dc090d15b78.roa
File:                     d13d26ae-36b1-4815-a7f0-4dc090d15b78.roa (raw, json)
Hash identifier:          poUYhiid1tvu9ibbb9Hlrc8OtR1z8WCl4IVKvAd5vwA=
Subject key identifier:   76:62:3B:C4:A4:B5:F8:38:92:16:29:DB:C9:38:86:F7:50:BB:AB:A7
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       2D66C0D793BB0A1E2B18CE57733F46B091F2A384
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d13d26ae-36b1-4815-a7f0-4dc090d15b78.roa
Signing time:             Fri 27 Sep 2024 00:00:00 +0000
ROA not before:           Fri 27 Sep 2024 00:00:00 +0000
ROA not after:            Fri 01 Nov 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.129.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Oct 2024 13:04:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:66:c0:d7:93:bb:0a:1e:2b:18:ce:57:73:3f:46:b0:91:f2:a3:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 27 00:00:00 2024 GMT
            Not After : Nov  1 23:59:59 2024 GMT
        Subject: serialNumber=ae70e380ddfb4b8e51716d4970c770b0e86bd8b84065d91a4df792d5faed4870, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:00:3e:51:1b:bf:35:62:fe:31:4b:c8:c7:b4:
                    50:74:31:3e:ad:b9:f6:ab:9b:ec:31:d6:72:e6:4c:
                    10:49:62:9b:8a:4d:b2:80:6a:fd:26:41:f2:f6:27:
                    3a:13:3b:85:3e:fa:1b:48:0f:2b:e2:ac:f4:ac:68:
                    29:ed:70:ec:25:76:6e:76:a5:df:2f:c9:79:03:7d:
                    ca:fa:c6:06:2f:8d:dc:83:13:0b:38:91:fd:a1:7f:
                    8b:4b:30:60:c8:ae:85:e5:09:fc:5b:3e:39:b3:70:
                    93:8e:66:d6:66:0c:41:3c:24:18:a1:2b:bd:c5:4f:
                    82:00:1e:b1:01:f9:e2:fd:96:c8:f5:f3:23:0f:22:
                    07:00:01:a8:2a:fc:2d:65:a1:ff:4a:ab:94:54:c0:
                    6a:56:64:07:c9:db:e7:c3:17:5c:3f:af:2b:be:9e:
                    dd:d4:3d:25:2e:32:d9:77:cf:19:ea:98:1d:fd:25:
                    ab:b5:86:01:f2:ea:d1:24:2c:1a:b7:cf:47:99:20:
                    26:7e:71:d7:9d:11:c6:f6:2d:8c:ce:64:0e:09:1f:
                    2a:dc:ed:df:17:63:27:d2:79:6b:42:ef:4b:f6:f6:
                    7a:2a:f4:2f:34:39:d4:34:e0:7c:99:d7:0c:3a:25:
                    39:11:4a:a7:20:9a:e2:45:57:78:54:c1:b9:a6:9d:
                    99:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:62:3B:C4:A4:B5:F8:38:92:16:29:DB:C9:38:86:F7:50:BB:AB:A7
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d13d26ae-36b1-4815-a7f0-4dc090d15b78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.129.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         58:13:09:39:7e:1c:56:3b:4d:01:90:16:91:82:98:ca:d1:64:
         f2:4b:69:41:86:12:af:e6:2f:8e:b3:ac:32:00:f2:8d:20:af:
         de:25:6b:bc:34:39:f6:6e:4e:6d:71:4a:cb:c9:f0:95:7a:e8:
         92:ff:9d:ac:c3:a9:e9:c9:89:74:c5:9c:a7:ad:e6:a0:61:73:
         34:95:af:67:0e:5a:c6:b3:e0:d8:13:99:61:95:be:f4:1b:5c:
         81:22:81:21:09:9b:e3:38:45:a8:e4:1d:69:99:93:6a:46:f9:
         f8:19:b2:cd:80:ce:96:4d:71:68:93:e1:f2:0e:45:67:3e:dc:
         f0:b6:ab:fd:21:76:25:50:f7:79:45:6b:27:cd:e7:df:27:34:
         5f:dc:a7:fa:43:87:58:75:ff:85:d1:8a:c6:2e:63:95:c6:2e:
         17:ce:8e:ee:3b:d6:10:02:6d:4b:f6:79:c0:2f:dc:b5:92:41:
         6e:16:ed:a1:54:1e:aa:1c:51:a7:63:a3:7c:1a:a5:eb:76:40:
         ff:25:a3:d0:d8:2e:a6:a7:e8:26:8e:ec:6d:0e:1c:28:13:23:
         40:23:aa:0d:89:2b:fa:96:0a:93:5e:9c:37:09:9f:82:c7:bc:
         56:2d:41:bf:9c:0a:7e:7c:a3:42:af:af:61:51:a7:2e:41:cb:
         39:e5:7e:d5
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIULWbA15O7Ch4rGM5Xcz9GsJHyo4QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA5MjcwMDAwMDBaFw0yNDExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQGFlNzBlMzgwZGRmYjRiOGU1MTcxNmQ0OTcwYzc3MGIwZTg2YmQ4Yjg0MDY1
ZDkxYTRkZjc5MmQ1ZmFlZDQ4NzAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMoAPlEbvzVi/jFLyMe0UHQxPq259qub7DHWcuZMEElim4pNsoBq/SZB8vYn
OhM7hT76G0gPK+Ks9KxoKe1w7CV2bnal3y/JeQN9yvrGBi+N3IMTCziR/aF/i0sw
YMiuheUJ/Fs+ObNwk45m1mYMQTwkGKErvcVPggAesQH54v2WyPXzIw8iBwABqCr8
LWWh/0qrlFTAalZkB8nb58MXXD+vK76e3dQ9JS4y2XfPGeqYHf0lq7WGAfLq0SQs
GrfPR5kgJn5x150RxvYtjM5kDgkfKtzt3xdjJ9J5a0LvS/b2eir0LzQ51DTgfJnX
DDolORFKpyCa4kVXeFTBuaadmQsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBR2YjvE
pLX4OJIWKdvJOIb3ULurpzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDEzZDI2YWUtMzZiMS00ODE1LWE3ZjAtNGRjMDkwZDE1Yjc4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOBMA0G
CSqGSIb3DQEBCwUAA4IBAQBYEwk5fhxWO00BkBaRgpjK0WTyS2lBhhKv5i+Os6wy
APKNIK/eJWu8NDn2bk5tcUrLyfCVeuiS/52sw6npyYl0xZynreagYXM0la9nDlrG
s+DYE5lhlb70G1yBIoEhCZvjOEWo5B1pmZNqRvn4GbLNgM6WTXFok+HyDkVnPtzw
tqv9IXYlUPd5RWsnzeffJzRf3Kf6Q4dYdf+F0YrGLmOVxi4Xzo7uO9YQAm1L9nnA
L9y1kkFuFu2hVB6qHFGnY6N8GqXrdkD/JaPQ2C6mp+gmjuxtDhwoEyNAI6oNiSv6
lgqTXpw3CZ+Cx7xWLUG/nAp+fKNCr69hUacuQcs55X7V
-----END CERTIFICATE-----
Generated at Thu Oct 10 20:39:40 2024 by rpki-client on console-fra.rpki-client.org