Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6f7eb0e6-fbf6-4872-8a70-838cbba40e6f.roa
File:                     6f7eb0e6-fbf6-4872-8a70-838cbba40e6f.roa (raw, json)
Hash identifier:          HoYozpq/QV4Ynwa6LwDyc962bUekqOVm/IK9EjELPjE=
Subject key identifier:   B2:D8:43:F3:20:3D:8B:F5:47:43:1F:28:51:59:76:0F:F1:2B:CD:86
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       4E56F8E25FC926EA3824C28624F6D7805A28F734
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6f7eb0e6-fbf6-4872-8a70-838cbba40e6f.roa
Signing time:             Tue 21 May 2024 00:00:00 +0000
ROA not before:           Tue 21 May 2024 00:00:00 +0000
ROA not after:            Tue 25 Jun 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a01:578:1010::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:56:f8:e2:5f:c9:26:ea:38:24:c2:86:24:f6:d7:80:5a:28:f7:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May 21 00:00:00 2024 GMT
            Not After : Jun 25 23:59:59 2024 GMT
        Subject: serialNumber=7ab97799f2edee1f27ec9d4c0c688a3153bf786954e8937ebb05ed11d2a3dd4c, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d5:f0:24:0c:3c:c8:b5:cf:83:91:de:55:56:
                    49:d7:8f:1e:52:f7:b6:71:05:0f:c9:74:27:ad:fd:
                    19:81:6c:d7:e1:f3:8a:b3:6d:25:b0:ef:38:5f:0a:
                    ce:d0:93:c7:b7:37:2e:61:2c:dc:71:3a:ba:20:0c:
                    63:b8:c3:8e:57:67:a3:33:55:07:67:db:ec:54:f0:
                    b8:78:4c:6c:c4:d1:9f:e0:cd:61:b3:7e:09:ce:7f:
                    0b:72:ef:fb:dc:ca:ed:81:c8:35:f0:e4:aa:ca:33:
                    4a:b1:f9:da:67:55:5c:ba:97:60:59:61:02:1c:04:
                    1d:94:51:77:63:2f:04:8b:69:d5:3f:83:4e:65:b0:
                    bf:d9:0f:df:47:2c:81:67:e6:3d:5a:61:29:f5:b3:
                    01:8d:f6:fe:b7:7e:59:f8:84:35:93:7b:e1:e3:d0:
                    f7:d3:a5:b3:7c:a9:9f:a4:62:ef:2e:63:c5:f8:03:
                    b8:8c:44:bc:6b:4c:a2:5d:50:7c:d4:fc:ac:20:38:
                    07:23:a0:32:9c:14:f9:90:5a:5d:3e:3a:3b:e3:32:
                    e9:d4:e9:0f:e3:8f:32:29:f1:8d:fe:39:0b:e1:17:
                    96:59:99:5a:69:e5:17:29:3c:e9:cc:bb:d5:61:e6:
                    19:80:b2:20:ed:e9:02:24:ef:8b:57:5d:7e:29:6e:
                    03:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:D8:43:F3:20:3D:8B:F5:47:43:1F:28:51:59:76:0F:F1:2B:CD:86
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6f7eb0e6-fbf6-4872-8a70-838cbba40e6f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578:1010::/44

    Signature Algorithm: sha256WithRSAEncryption
         ac:e3:15:8b:ac:96:1a:25:bb:6e:f8:3c:2a:1d:f9:a4:43:7c:
         77:50:3a:cc:98:29:ee:ef:aa:a0:5d:5d:53:ba:6a:bb:d4:64:
         67:48:f2:62:33:65:0b:f9:10:9a:c6:f9:a9:55:f8:d5:53:ec:
         ca:33:e7:23:a9:cd:39:e7:5b:c6:7c:c8:06:a7:0b:3c:52:62:
         c9:3b:f9:a2:61:94:2f:2f:d5:34:89:57:d5:af:9b:07:f5:67:
         6e:31:45:a9:aa:45:83:c8:19:d3:f9:c3:b9:d2:fe:cc:06:dc:
         0d:25:32:c9:b6:74:b6:46:a6:b3:d0:dd:41:88:25:b3:13:77:
         f3:65:a5:bf:fc:6d:e0:14:91:d4:63:c6:c5:a8:a8:6e:6a:d7:
         93:92:01:19:75:35:7c:79:50:46:b6:b3:87:82:35:91:74:30:
         f6:21:ba:81:6e:7d:ed:a4:ef:c8:f8:4e:bd:4c:5f:df:5c:81:
         c0:b2:4f:69:2f:a6:cd:5c:09:67:24:ef:81:1e:55:be:3e:46:
         de:bc:e6:9d:d5:50:aa:2b:6b:87:af:04:52:6f:57:e8:09:05:
         f6:d2:fd:3c:e5:07:0b:e3:c1:99:a5:2c:87:e1:20:2b:93:ac:
         b5:a2:67:21:ab:56:46:93:ee:8f:eb:d7:44:8f:89:02:09:14:
         0e:76:d8:6b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUTlb44l/JJuo4JMKGJPbXgFoo9zQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA1MjEwMDAwMDBaFw0yNDA2MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDdhYjk3Nzk5ZjJlZGVlMWYyN2VjOWQ0YzBjNjg4YTMxNTNiZjc4Njk1NGU4
OTM3ZWJiMDVlZDExZDJhM2RkNGMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAILV8CQMPMi1z4OR3lVWSdePHlL3tnEFD8l0J639GYFs1+HzirNtJbDvOF8K
ztCTx7c3LmEs3HE6uiAMY7jDjldnozNVB2fb7FTwuHhMbMTRn+DNYbN+Cc5/C3Lv
+9zK7YHINfDkqsozSrH52mdVXLqXYFlhAhwEHZRRd2MvBItp1T+DTmWwv9kP30cs
gWfmPVphKfWzAY32/rd+WfiENZN74ePQ99Ols3ypn6Ri7y5jxfgDuIxEvGtMol1Q
fNT8rCA4ByOgMpwU+ZBaXT46O+My6dTpD+OPMinxjf45C+EXllmZWmnlFyk86cy7
1WHmGYCyIO3pAiTvi1ddfiluA5sCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSy2EPz
ID2L9UdDHyhRWXYP8SvNhjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NmY3ZWIwZTYtZmJmNi00ODcyLThhNzAtODM4Y2JiYTQwZTZmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoBBXgQ
EDANBgkqhkiG9w0BAQsFAAOCAQEArOMVi6yWGiW7bvg8Kh35pEN8d1A6zJgp7u+q
oF1dU7pqu9RkZ0jyYjNlC/kQmsb5qVX41VPsyjPnI6nNOedbxnzIBqcLPFJiyTv5
omGULy/VNIlX1a+bB/VnbjFFqapFg8gZ0/nDudL+zAbcDSUyybZ0tkams9DdQYgl
sxN382Wlv/xt4BSR1GPGxaiobmrXk5IBGXU1fHlQRrazh4I1kXQw9iG6gW597aTv
yPhOvUxf31yBwLJPaS+mzVwJZyTvgR5Vvj5G3rzmndVQqitrh68EUm9X6AkF9tL9
POUHC+PBmaUsh+EgK5OstaJnIatWRpPuj+vXRI+JAgkUDnbYaw==
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:42 2024 by rpki-client on console-fra.rpki-client.org