Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6f7eb0e6-fbf6-4872-8a70-838cbba40e6f.roa
File:                     6f7eb0e6-fbf6-4872-8a70-838cbba40e6f.roa (raw, json)
Hash identifier:          lqnnbPv7KJGE2Ck/jBGUFZKNE9kn44d+PZCvmohXCcM=
Subject key identifier:   FE:61:F9:23:1A:BD:C6:47:16:4C:9E:B4:83:13:B7:58:23:E6:C6:2F
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5015D56155AE5E583E498A9825DF4F4E7412B571
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6f7eb0e6-fbf6-4872-8a70-838cbba40e6f.roa
Signing time:             Mon 17 Jun 2024 00:00:00 +0000
ROA not before:           Mon 17 Jun 2024 00:00:00 +0000
ROA not after:            Mon 22 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a01:578:1010::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:15:d5:61:55:ae:5e:58:3e:49:8a:98:25:df:4f:4e:74:12:b5:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 17 00:00:00 2024 GMT
            Not After : Jul 22 23:59:59 2024 GMT
        Subject: serialNumber=adb4930e64d58ae16aaadc119ee3b3fd29ab628b2d728446e03f3775c2c416e3, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:64:55:ef:21:ed:c5:e9:f4:3d:25:3e:8c:56:
                    13:f6:de:b3:4a:20:72:75:d9:3f:95:80:77:5d:d8:
                    cd:ce:d7:25:76:de:6a:1c:8a:1a:8c:c6:65:c6:26:
                    14:db:d8:2d:95:43:82:1d:33:84:0c:04:c4:42:5f:
                    6c:67:9e:ce:90:d0:20:f1:fc:ab:08:eb:7c:29:01:
                    91:1c:7b:1d:44:6b:8f:c1:70:47:e5:5f:00:52:c8:
                    de:77:32:6f:d9:36:47:61:a8:05:56:91:94:9a:49:
                    e3:87:dd:07:40:65:f3:27:79:76:d9:e3:eb:aa:5a:
                    86:b5:21:92:18:4f:2b:14:83:cd:18:cc:91:a8:1f:
                    41:f1:50:56:fb:ef:04:10:0c:ba:03:ae:93:31:bf:
                    e8:d8:de:51:42:b4:a0:e1:33:2c:56:40:2e:f5:e5:
                    c7:97:01:40:09:60:ea:08:02:59:06:32:e0:5d:26:
                    8b:06:23:2b:cc:53:89:5b:ef:75:28:57:5b:4c:47:
                    df:c1:76:1d:bc:cb:e5:3d:2f:79:df:cf:de:18:d7:
                    be:1f:b4:44:aa:73:54:6a:d7:71:d0:10:18:df:cb:
                    67:2d:00:f9:c1:e1:17:54:8c:7a:ba:d5:bd:1e:a9:
                    dc:bb:7c:56:fa:dd:0c:d1:aa:95:20:cf:6b:ec:e8:
                    85:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:61:F9:23:1A:BD:C6:47:16:4C:9E:B4:83:13:B7:58:23:E6:C6:2F
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6f7eb0e6-fbf6-4872-8a70-838cbba40e6f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578:1010::/44

    Signature Algorithm: sha256WithRSAEncryption
         b3:df:a6:30:50:37:c3:5d:d9:42:11:7f:fa:5e:10:2a:04:e0:
         79:62:11:85:f5:ab:6a:6f:9c:32:fe:42:fc:b8:17:48:66:95:
         b3:91:b2:5f:63:98:ad:08:09:8c:60:4f:1f:57:18:7f:e6:13:
         a5:95:aa:71:97:48:1b:12:f5:8c:2f:75:2c:5d:a3:19:3f:6a:
         c4:58:b9:a8:a9:62:c5:7c:ad:20:45:cc:8f:3c:45:00:3b:04:
         43:9f:f3:6e:47:b3:5e:5a:f7:13:0c:b9:b4:98:e2:73:2a:65:
         4a:94:87:4b:55:22:a1:17:8a:dd:53:bf:d3:34:b0:89:8e:23:
         05:27:84:98:25:80:91:3c:6c:d2:d7:17:d4:2a:97:ae:94:a0:
         3e:99:07:09:3a:68:45:91:6a:7c:97:71:55:11:33:15:0e:aa:
         cc:b1:78:a3:a1:92:42:9e:46:e4:b3:ea:3b:8e:89:1c:6b:7d:
         47:03:f7:0f:21:05:56:0a:69:16:b6:83:98:83:a9:92:76:48:
         36:ad:75:42:ee:3e:fc:8e:83:c9:88:45:a8:76:43:95:04:75:
         0f:f4:dd:7b:3b:69:bf:90:79:0d:e4:31:98:b8:38:f2:b2:ab:
         22:84:6f:4f:84:04:ac:fb:f5:9a:13:39:25:c4:33:31:30:53:
         a8:9c:b7:4b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUUBXVYVWuXlg+SYqYJd9PTnQStXEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MTcwMDAwMDBaFw0yNDA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQGFkYjQ5MzBlNjRkNThhZTE2YWFhZGMxMTllZTNiM2ZkMjlhYjYyOGIyZDcy
ODQ0NmUwM2YzNzc1YzJjNDE2ZTMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALVkVe8h7cXp9D0lPoxWE/bes0ogcnXZP5WAd13Yzc7XJXbeahyKGozGZcYm
FNvYLZVDgh0zhAwExEJfbGeezpDQIPH8qwjrfCkBkRx7HURrj8FwR+VfAFLI3ncy
b9k2R2GoBVaRlJpJ44fdB0Bl8yd5dtnj66pahrUhkhhPKxSDzRjMkagfQfFQVvvv
BBAMugOukzG/6NjeUUK0oOEzLFZALvXlx5cBQAlg6ggCWQYy4F0miwYjK8xTiVvv
dShXW0xH38F2HbzL5T0ved/P3hjXvh+0RKpzVGrXcdAQGN/LZy0A+cHhF1SMerrV
vR6p3Lt8VvrdDNGqlSDPa+zohVMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT+Yfkj
Gr3GRxZMnrSDE7dYI+bGLzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NmY3ZWIwZTYtZmJmNi00ODcyLThhNzAtODM4Y2JiYTQwZTZmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoBBXgQ
EDANBgkqhkiG9w0BAQsFAAOCAQEAs9+mMFA3w13ZQhF/+l4QKgTgeWIRhfWram+c
Mv5C/LgXSGaVs5GyX2OYrQgJjGBPH1cYf+YTpZWqcZdIGxL1jC91LF2jGT9qxFi5
qKlixXytIEXMjzxFADsEQ5/zbkezXlr3Ewy5tJjicyplSpSHS1UioReK3VO/0zSw
iY4jBSeEmCWAkTxs0tcX1CqXrpSgPpkHCTpoRZFqfJdxVREzFQ6qzLF4o6GSQp5G
5LPqO46JHGt9RwP3DyEFVgppFraDmIOpknZINq11Qu4+/I6DyYhFqHZDlQR1D/Td
eztpv5B5DeQxmLg48rKrIoRvT4QErPv1mhM5JcQzMTBTqJy3Sw==
-----END CERTIFICATE-----
Generated at Wed Jun 26 02:44:40 2024 by rpki-client on console-fra.rpki-client.org