Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/de83ab0d-730e-4ba0-9d22-af2c8b7fd8f7.roa
File:                     de83ab0d-730e-4ba0-9d22-af2c8b7fd8f7.roa (raw, json)
Hash identifier:          Citq+IaA3ivH9o+nOUoWhm3klTJiC9/BC6MtJyrkSak=
Subject key identifier:   CD:41:95:08:70:C8:69:BC:0E:1F:C4:CC:89:52:C0:E5:FC:6A:54:62
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       4D9CE6BADE06328915BA62A3CB6CB8F9A1220A18
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/de83ab0d-730e-4ba0-9d22-af2c8b7fd8f7.roa
Signing time:             Tue 22 Oct 2024 00:00:00 +0000
ROA not before:           Tue 22 Oct 2024 00:00:00 +0000
ROA not after:            Tue 26 Nov 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        51.40.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Nov 2024 14:00:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:9c:e6:ba:de:06:32:89:15:ba:62:a3:cb:6c:b8:f9:a1:22:0a:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Oct 22 00:00:00 2024 GMT
            Not After : Nov 26 23:59:59 2024 GMT
        Subject: serialNumber=bab599142ad0a9fbb7a7b9135fec3c011759420b85abe749afc1c4c26bcc96fa, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a2:ed:a7:8d:91:48:97:84:34:3f:38:a0:0e:
                    05:5c:a5:a2:83:c2:8d:e2:8b:39:85:aa:01:a6:ba:
                    6e:91:3b:ac:6e:10:b7:54:a8:a4:5d:e1:24:22:11:
                    89:a9:0b:d5:09:f6:f0:c4:9c:3c:fc:4e:4e:a5:ec:
                    d6:89:a8:c7:d7:13:be:10:3d:95:11:f1:54:e2:9b:
                    3a:c4:88:e9:d5:f9:69:5b:40:6e:a5:4b:03:af:0b:
                    bd:12:a1:e0:81:9a:7d:0f:74:7d:c7:19:8e:47:6f:
                    c1:fe:df:d5:c0:ec:a4:61:84:70:a5:50:e0:48:58:
                    68:1f:a6:5f:5e:f8:99:a4:00:8e:52:f2:69:64:ba:
                    8a:10:8c:7b:94:be:ed:6d:ff:7f:6a:34:60:50:95:
                    95:be:ec:cb:62:34:7a:1c:86:38:81:18:33:83:bc:
                    c3:02:98:f9:76:8d:eb:24:80:4b:d7:86:24:79:06:
                    f3:8f:a7:8f:7b:dd:14:19:3a:cc:79:1b:57:3c:89:
                    7c:cf:5b:01:0e:a6:fc:3b:ca:5b:c0:f5:79:34:f8:
                    39:00:51:17:50:34:92:36:1d:13:c4:56:b8:98:77:
                    25:de:19:c3:a0:9c:72:34:cb:ef:36:6c:c1:68:e1:
                    71:35:5d:01:e6:92:d5:52:84:b3:67:eb:16:cc:e2:
                    24:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:41:95:08:70:C8:69:BC:0E:1F:C4:CC:89:52:C0:E5:FC:6A:54:62
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/de83ab0d-730e-4ba0-9d22-af2c8b7fd8f7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.40.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         27:5c:a1:05:e7:ac:c9:6a:9f:b7:26:7f:df:20:53:d3:fd:ff:
         06:f3:84:99:54:6c:c2:97:4d:ae:eb:7b:fb:b1:d5:c3:78:35:
         a0:04:83:a6:0c:fe:c7:43:a7:f7:c8:eb:9d:3c:8e:7e:21:3a:
         57:5f:e9:ac:c4:c4:37:44:f9:04:40:8c:22:a4:2c:2b:b7:5d:
         e8:c0:a8:dd:6a:6f:0a:d8:88:d7:57:08:dd:d1:dd:46:2a:76:
         e6:f1:90:00:21:99:26:cf:e0:c0:cb:4c:ff:21:c6:f0:08:c9:
         a8:d4:d5:d9:0b:6a:8b:5b:d4:92:1a:f2:cb:2a:83:d0:f8:31:
         4c:5e:3a:02:e8:81:cd:21:56:f5:88:26:09:46:a0:b1:52:c0:
         d9:3f:f1:60:ad:19:13:68:aa:1b:96:0c:ee:1a:04:2e:43:31:
         26:9a:8d:ec:59:d5:47:f6:21:5a:16:c0:67:38:4d:99:ef:dc:
         08:c7:49:7d:2d:45:1d:d8:d6:18:d8:6a:d9:25:81:d8:ef:4b:
         c0:72:1f:f5:4d:05:1d:02:10:81:71:39:12:40:af:0f:b9:e6:
         b7:3c:30:6b:02:8c:98:d0:3c:0f:7f:92:12:3a:fb:85:46:10:
         eb:db:b0:b0:f4:aa:01:ca:8a:9e:95:aa:46:16:94:52:8e:57:
         29:a1:f1:cc
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUTZzmut4GMokVumKjy2y4+aEiChgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDEwMjIwMDAwMDBaFw0yNDExMjYyMzU5NTlaMHoxSTBHBgNV
BAUTQGJhYjU5OTE0MmFkMGE5ZmJiN2E3YjkxMzVmZWMzYzAxMTc1OTQyMGI4NWFi
ZTc0OWFmYzFjNGMyNmJjYzk2ZmExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK2i7aeNkUiXhDQ/OKAOBVylooPCjeKLOYWqAaa6bpE7rG4Qt1SopF3hJCIR
iakL1Qn28MScPPxOTqXs1omox9cTvhA9lRHxVOKbOsSI6dX5aVtAbqVLA68LvRKh
4IGafQ90fccZjkdvwf7f1cDspGGEcKVQ4EhYaB+mX174maQAjlLyaWS6ihCMe5S+
7W3/f2o0YFCVlb7sy2I0ehyGOIEYM4O8wwKY+XaN6ySAS9eGJHkG84+nj3vdFBk6
zHkbVzyJfM9bAQ6m/DvKW8D1eTT4OQBRF1A0kjYdE8RWuJh3Jd4Zw6CccjTL7zZs
wWjhcTVdAeaS1VKEs2frFsziJFsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTNQZUI
cMhpvA4fxMyJUsDl/GpUYjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGU4M2FiMGQtNzMwZS00YmEwLTlkMjItYWYyYzhiN2ZkOGY3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMoMA0G
CSqGSIb3DQEBCwUAA4IBAQAnXKEF56zJap+3Jn/fIFPT/f8G84SZVGzCl02u63v7
sdXDeDWgBIOmDP7HQ6f3yOudPI5+ITpXX+msxMQ3RPkEQIwipCwrt13owKjdam8K
2IjXVwjd0d1GKnbm8ZAAIZkmz+DAy0z/IcbwCMmo1NXZC2qLW9SSGvLLKoPQ+DFM
XjoC6IHNIVb1iCYJRqCxUsDZP/FgrRkTaKoblgzuGgQuQzEmmo3sWdVH9iFaFsBn
OE2Z79wIx0l9LUUd2NYY2GrZJYHY70vAch/1TQUdAhCBcTkSQK8Puea3PDBrAoyY
0DwPf5ISOvuFRhDr27Cw9KoByoqelapGFpRSjlcpofHM
-----END CERTIFICATE-----
Generated at Sun Nov 10 22:06:08 2024 by rpki-client on console-fra.rpki-client.org