Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d6f6ca40-e3d8-439c-81a4-b2c7fd862c09.roa
File:                     d6f6ca40-e3d8-439c-81a4-b2c7fd862c09.roa (raw, json)
Hash identifier:          yoBuhqK1f+KH2wJ9XuBJsfvKhV2exLDpVrdgyE2wT3E=
Subject key identifier:   E7:B3:37:92:53:A3:30:63:C8:F9:A4:DE:7E:80:4A:65:7A:76:87:89
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       66B3D44E1849647BC1EFECEEDE921D0B0BDB975D
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d6f6ca40-e3d8-439c-81a4-b2c7fd862c09.roa
Signing time:             Mon 17 Jun 2024 00:00:00 +0000
ROA not before:           Mon 17 Jun 2024 00:00:00 +0000
ROA not after:            Mon 22 Jul 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        2a01:578::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:b3:d4:4e:18:49:64:7b:c1:ef:ec:ee:de:92:1d:0b:0b:db:97:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 17 00:00:00 2024 GMT
            Not After : Jul 22 23:59:59 2024 GMT
        Subject: serialNumber=d512f9f342693b0ca57bc70c0856cd184592f656ccc6e1d10d292a3648b6ef7a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1d:8d:84:bf:5a:8b:b4:e8:1e:bb:28:93:f0:
                    51:34:11:74:76:79:c0:03:21:78:24:06:8b:a6:1d:
                    f5:b5:89:14:29:5c:0c:2c:0d:ff:51:fb:49:77:56:
                    1f:52:65:c1:4b:79:2c:65:73:57:88:34:85:ea:59:
                    ce:0e:ba:12:5b:e3:ae:18:c5:38:db:1c:c0:94:bb:
                    01:b5:d1:d5:2d:d6:2d:82:a6:ef:3d:15:71:cf:db:
                    db:72:5b:36:96:3a:e2:de:d6:02:1a:e3:c0:0c:47:
                    77:0a:16:6d:81:c9:fe:0d:e8:df:0f:61:fa:98:db:
                    82:fb:26:c9:c0:af:49:41:e5:11:bd:dc:87:33:9a:
                    93:f8:2f:75:96:c4:68:ac:1b:b2:a0:ca:cc:41:f8:
                    1f:3b:4e:7f:d7:ac:1f:f8:80:43:51:f9:64:78:c2:
                    e0:8e:eb:11:62:6a:ee:07:98:25:9d:8d:72:8a:66:
                    4b:d8:e2:73:6c:50:ea:4e:e7:aa:94:80:58:93:8a:
                    fe:2b:0b:c2:9d:73:f2:e4:13:09:d6:45:ed:95:0b:
                    76:0e:d2:8f:46:18:ee:c2:15:e6:1b:de:52:65:c0:
                    4a:bb:1f:72:a0:4d:09:d0:90:6f:45:c5:2f:b6:c4:
                    fc:6f:43:15:4a:6f:49:de:93:6a:8a:29:17:6c:9e:
                    57:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:B3:37:92:53:A3:30:63:C8:F9:A4:DE:7E:80:4A:65:7A:76:87:89
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d6f6ca40-e3d8-439c-81a4-b2c7fd862c09.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578::/36

    Signature Algorithm: sha256WithRSAEncryption
         59:7c:fd:2e:52:e4:ad:30:6a:bb:54:d6:23:42:7b:e1:5b:66:
         37:c9:e7:1c:c7:54:da:20:7f:1b:22:18:73:a0:c6:c6:d6:8a:
         23:88:43:de:27:9a:74:90:cb:a1:3b:5f:c2:fe:02:f2:59:06:
         7f:50:8f:1c:15:78:3c:5a:7d:4d:aa:53:a5:c3:1b:e6:68:31:
         33:5e:38:f3:0c:ad:55:6e:98:d6:61:64:d6:c7:38:ca:2a:6b:
         b3:b1:8d:05:d7:b7:b0:bd:97:13:ff:97:13:40:a3:67:c6:40:
         09:85:9a:aa:28:82:e3:5d:f1:2c:6b:f9:c1:22:28:70:e7:56:
         67:06:6b:87:dd:07:b3:76:8b:b1:14:8e:2f:10:51:65:43:e0:
         f4:a9:9f:f1:17:1d:75:55:6d:c9:dc:b7:f4:35:72:ba:3e:a4:
         30:be:d1:e3:69:e0:81:ad:29:f9:d8:28:28:4c:85:c8:1d:83:
         fc:c7:53:cd:be:e2:73:ef:5d:1d:fc:fe:90:f5:cf:1f:b0:32:
         b6:d6:ce:9a:86:ee:76:bf:7a:22:8d:f2:07:c1:f4:3d:3f:2e:
         d4:82:0e:56:56:a2:b5:d5:29:f2:92:5f:05:95:59:04:38:35:
         18:25:26:71:30:ba:33:8c:25:97:39:34:9a:94:0f:0d:97:46:
         39:ee:00:18
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZrPUThhJZHvB7+zu3pIdCwvbl10wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MTcwMDAwMDBaFw0yNDA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ1MTJmOWYzNDI2OTNiMGNhNTdiYzcwYzA4NTZjZDE4NDU5MmY2NTZjY2M2
ZTFkMTBkMjkyYTM2NDhiNmVmN2ExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK4djYS/Wou06B67KJPwUTQRdHZ5wAMheCQGi6Yd9bWJFClcDCwN/1H7SXdW
H1JlwUt5LGVzV4g0hepZzg66ElvjrhjFONscwJS7AbXR1S3WLYKm7z0Vcc/b23Jb
NpY64t7WAhrjwAxHdwoWbYHJ/g3o3w9h+pjbgvsmycCvSUHlEb3chzOak/gvdZbE
aKwbsqDKzEH4HztOf9esH/iAQ1H5ZHjC4I7rEWJq7geYJZ2NcopmS9jic2xQ6k7n
qpSAWJOK/isLwp1z8uQTCdZF7ZULdg7Sj0YY7sIV5hveUmXASrsfcqBNCdCQb0XF
L7bE/G9DFUpvSd6TaoopF2yeVwcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTnszeS
U6MwY8j5pN5+gEplenaHiTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDZmNmNhNDAtZTNkOC00MzljLTgxYTQtYjJjN2ZkODYyYzA5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoBBXgA
MA0GCSqGSIb3DQEBCwUAA4IBAQBZfP0uUuStMGq7VNYjQnvhW2Y3yeccx1TaIH8b
IhhzoMbG1oojiEPeJ5p0kMuhO1/C/gLyWQZ/UI8cFXg8Wn1NqlOlwxvmaDEzXjjz
DK1VbpjWYWTWxzjKKmuzsY0F17ewvZcT/5cTQKNnxkAJhZqqKILjXfEsa/nBIihw
51ZnBmuH3QezdouxFI4vEFFlQ+D0qZ/xFx11VW3J3Lf0NXK6PqQwvtHjaeCBrSn5
2CgoTIXIHYP8x1PNvuJz710d/P6Q9c8fsDK21s6ahu52v3oijfIHwfQ9Py7Ugg5W
VqK11Snykl8FlVkEODUYJSZxMLozjCWXOTSalA8Nl0Y57gAY
-----END CERTIFICATE-----
Generated at Wed Jun 26 02:09:57 2024 by rpki-client on console-ams.rpki-client.org