Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d6f6ca40-e3d8-439c-81a4-b2c7fd862c09.roa
File:                     d6f6ca40-e3d8-439c-81a4-b2c7fd862c09.roa (raw, json)
Hash identifier:          ZDUX9iJxWUcdpUcw4DMzgMRxiy+qg3LEehrAArmY1bU=
Subject key identifier:   9D:10:A8:C8:32:E1:2F:12:A9:3F:21:E8:5B:EC:71:9C:60:EA:B9:BB
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       023362E9F35F90243124B3166EBAAFC6B0E995B6
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d6f6ca40-e3d8-439c-81a4-b2c7fd862c09.roa
Signing time:             Tue 21 May 2024 00:00:00 +0000
ROA not before:           Tue 21 May 2024 00:00:00 +0000
ROA not after:            Tue 25 Jun 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        2a01:578::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:33:62:e9:f3:5f:90:24:31:24:b3:16:6e:ba:af:c6:b0:e9:95:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May 21 00:00:00 2024 GMT
            Not After : Jun 25 23:59:59 2024 GMT
        Subject: serialNumber=5ca4f14db68b94366e34395e94c67a9605d646a5862165e65a33dd30767d978a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7f:fb:77:63:ce:46:a3:7a:2f:1f:27:45:85:
                    eb:2b:07:6f:08:79:82:a7:f8:07:9e:1d:74:59:1f:
                    e5:cf:28:6c:d7:b2:9a:42:82:c1:bd:72:99:02:02:
                    9a:96:01:23:9a:b4:51:71:02:4c:bc:9d:9e:7c:65:
                    49:31:2f:8e:57:27:83:34:5d:f1:ec:da:f9:46:df:
                    d7:76:0a:aa:f2:c7:91:c4:c3:1d:b4:99:7b:5b:7a:
                    8d:31:37:8e:d5:c3:c3:16:05:46:e1:aa:94:52:66:
                    bd:a1:f3:de:44:ed:93:93:93:76:ae:27:b5:55:4f:
                    43:e8:52:b0:29:3c:fd:fb:05:68:d8:47:00:5a:fd:
                    7d:5e:38:e3:0a:de:a7:a3:bc:bf:09:86:77:40:0c:
                    d7:a8:d7:7a:9f:8d:26:4e:8c:19:36:3a:a4:04:be:
                    41:8a:09:13:d5:bb:e4:0a:11:dd:fd:00:40:ff:a3:
                    c3:f0:4f:4d:ae:c8:7c:e5:23:1d:be:7d:f0:93:b5:
                    83:a4:0c:1d:cb:07:ea:9f:1c:e1:92:a8:50:fe:96:
                    a5:7e:d9:ca:7f:7e:16:29:6c:ff:50:77:ab:41:c2:
                    dd:50:0c:a7:b9:9c:ce:06:2a:8c:80:f8:10:10:52:
                    9c:07:fd:7f:f3:dc:f5:88:0a:a1:74:3f:f8:f5:ae:
                    71:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:10:A8:C8:32:E1:2F:12:A9:3F:21:E8:5B:EC:71:9C:60:EA:B9:BB
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d6f6ca40-e3d8-439c-81a4-b2c7fd862c09.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578::/36

    Signature Algorithm: sha256WithRSAEncryption
         48:a3:60:3c:1a:28:37:c1:e5:41:86:ae:d7:82:c7:bb:e8:e5:
         78:9a:e3:c4:28:08:21:8b:9e:f3:ce:a9:d2:ff:be:21:85:2d:
         28:e1:9b:fc:58:3e:40:17:2e:d9:c1:2a:6e:0d:a2:56:42:0c:
         65:c8:bb:78:76:83:71:08:ff:b1:c2:c6:e7:ee:59:cc:e6:15:
         c6:a3:d3:d2:a8:34:2a:75:72:08:ae:3e:80:d5:e8:99:88:8a:
         ec:e7:92:71:af:9a:b4:67:65:a5:41:5c:91:b9:e9:cf:23:57:
         d5:ef:63:51:4d:36:74:4e:0a:c3:b8:34:31:f5:8b:de:70:8a:
         eb:86:ee:69:5c:d7:00:dd:ea:a0:1f:6f:14:59:0a:8f:84:92:
         0a:51:85:0e:02:22:37:bd:79:71:44:aa:98:55:2f:ee:0f:60:
         4d:be:26:f7:bc:5e:df:13:c2:b1:62:ed:8f:0e:be:0e:a7:0e:
         c0:5e:8f:75:ca:5d:51:51:4c:0e:5f:52:05:e2:4b:1a:f0:96:
         ec:1b:64:93:01:5d:db:e1:3b:00:5c:8d:b7:92:02:8c:0e:fa:
         b0:0e:5f:f5:9e:d5:59:c0:c3:66:1a:61:98:c7:f5:90:65:5c:
         40:59:fd:fe:77:d7:67:f2:7e:7c:2f:b0:9b:17:b9:20:d5:a3:
         fb:7b:1c:9a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAjNi6fNfkCQxJLMWbrqvxrDplbYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA1MjEwMDAwMDBaFw0yNDA2MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDVjYTRmMTRkYjY4Yjk0MzY2ZTM0Mzk1ZTk0YzY3YTk2MDVkNjQ2YTU4NjIx
NjVlNjVhMzNkZDMwNzY3ZDk3OGExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALJ/+3djzkajei8fJ0WF6ysHbwh5gqf4B54ddFkf5c8obNeymkKCwb1ymQIC
mpYBI5q0UXECTLydnnxlSTEvjlcngzRd8eza+Ubf13YKqvLHkcTDHbSZe1t6jTE3
jtXDwxYFRuGqlFJmvaHz3kTtk5OTdq4ntVVPQ+hSsCk8/fsFaNhHAFr9fV444wre
p6O8vwmGd0AM16jXep+NJk6MGTY6pAS+QYoJE9W75AoR3f0AQP+jw/BPTa7IfOUj
Hb598JO1g6QMHcsH6p8c4ZKoUP6WpX7Zyn9+Fils/1B3q0HC3VAMp7mczgYqjID4
EBBSnAf9f/Pc9YgKoXQ/+PWucQECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSdEKjI
MuEvEqk/Iehb7HGcYOq5uzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDZmNmNhNDAtZTNkOC00MzljLTgxYTQtYjJjN2ZkODYyYzA5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoBBXgA
MA0GCSqGSIb3DQEBCwUAA4IBAQBIo2A8Gig3weVBhq7Xgse76OV4muPEKAghi57z
zqnS/74hhS0o4Zv8WD5AFy7ZwSpuDaJWQgxlyLt4doNxCP+xwsbn7lnM5hXGo9PS
qDQqdXIIrj6A1eiZiIrs55Jxr5q0Z2WlQVyRuenPI1fV72NRTTZ0TgrDuDQx9Yve
cIrrhu5pXNcA3eqgH28UWQqPhJIKUYUOAiI3vXlxRKqYVS/uD2BNvib3vF7fE8Kx
Yu2PDr4Opw7AXo91yl1RUUwOX1IF4ksa8JbsG2STAV3b4TsAXI23kgKMDvqwDl/1
ntVZwMNmGmGYx/WQZVxAWf3+d9dn8n58L7CbF7kg1aP7exya
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:39 2024 by rpki-client on console-ams.rpki-client.org