Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa
File:                     dc5d2309-ce0f-4816-b8d0-260ce079f694.roa (raw, json)
Hash identifier:          SDkuoV0wkh2snxutyfi3HWwgh7J72JJxdwtQ0CVtiZ0=
Subject key identifier:   62:08:2C:DA:D8:88:68:64:F7:85:80:2D:77:DD:3F:1C:DB:92:50:12
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       41B9BBEA5699F6ECA6A4B8B5349100AFB9B559F3
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa
Signing time:             Mon 17 Jun 2024 00:00:00 +0000
ROA not before:           Mon 17 Jun 2024 00:00:00 +0000
ROA not after:            Mon 22 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        212.255.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:b9:bb:ea:56:99:f6:ec:a6:a4:b8:b5:34:91:00:af:b9:b5:59:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 17 00:00:00 2024 GMT
            Not After : Jul 22 23:59:59 2024 GMT
        Subject: serialNumber=b9e09a47abc9822c71726d93266b21d68ef4e8d376feb08c5765dc3945c9cb44, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:30:f6:ec:04:24:1b:c6:71:19:80:e9:bd:33:
                    ad:77:c3:ba:bf:3e:00:8d:da:26:11:a9:10:cc:fe:
                    8e:b3:ec:91:69:28:2b:c9:0e:6c:60:f5:0a:eb:63:
                    d3:a3:00:5e:a7:4f:7c:a8:31:cb:97:34:f8:d0:58:
                    da:cc:90:9f:48:91:35:78:42:71:8d:84:73:c3:f5:
                    92:02:df:87:2a:8d:52:44:a6:2a:08:a5:29:8d:9a:
                    42:37:ed:1b:c4:c3:bb:60:aa:5a:92:42:c6:6d:e1:
                    94:a7:c7:2d:b5:06:08:81:19:8e:3d:91:8e:54:69:
                    99:f6:ca:d3:fc:d8:e5:94:5a:39:3e:e2:28:f2:a8:
                    15:f2:c3:e2:da:8d:8a:f5:d6:3e:46:d3:45:e7:38:
                    a0:15:c5:7c:d8:b6:8a:cb:f1:e3:5b:4a:4f:4c:7c:
                    f2:eb:32:eb:bd:ef:b9:3d:5f:83:0c:cb:90:7e:33:
                    1e:9e:41:8a:43:ae:03:74:16:eb:21:ff:e7:e0:99:
                    89:16:9c:14:40:91:83:09:26:bc:e5:e3:66:ea:d3:
                    95:01:94:06:54:43:0f:8e:84:b3:97:d2:21:d8:fa:
                    11:12:32:e6:e5:fe:a6:1a:97:d3:55:53:e7:68:4e:
                    90:88:29:36:2a:1e:e9:ac:bf:e9:6c:d9:af:0b:e4:
                    e1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:08:2C:DA:D8:88:68:64:F7:85:80:2D:77:DD:3F:1C:DB:92:50:12
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.255.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         25:57:2f:3b:20:6d:b0:70:10:fa:00:d9:4f:54:2e:b9:b6:a8:
         70:f0:8a:77:f5:c7:3a:f2:ae:58:b6:5d:66:9e:31:5f:f3:2b:
         e7:5f:c4:8d:d8:eb:bc:96:6d:74:3b:a9:7a:49:d2:7d:91:f2:
         3b:00:75:c8:4b:c5:74:7d:77:c2:73:8e:00:72:b7:46:1e:cf:
         96:99:e1:b3:76:cf:be:85:69:82:2f:0f:17:ba:35:c7:62:22:
         66:64:f7:9a:c4:66:c0:81:9c:f3:63:e7:cd:3e:dd:29:c5:7d:
         3b:7d:dd:10:19:16:cd:27:76:57:fb:9b:14:bb:b0:b1:55:e0:
         0e:2d:4d:a8:fa:bf:c1:1b:94:55:ce:c6:7c:ec:85:a5:2e:71:
         56:4f:13:c5:34:c1:14:c3:42:20:60:21:71:3d:c7:d8:df:a0:
         70:bb:da:30:82:32:3c:0f:7c:4f:9d:e2:8d:0a:ca:22:27:cb:
         8d:28:53:e2:b4:56:8c:c4:98:40:cd:f8:63:b5:9b:72:29:4a:
         ad:77:01:ec:51:cb:ff:dd:b0:09:7c:4b:94:c9:cf:d2:9d:83:
         ee:c0:ea:4b:fd:bd:b1:f0:d9:e6:3a:c1:9b:14:15:11:24:1b:
         d7:e7:55:61:bf:19:eb:e0:f9:8d:24:f9:6e:1e:79:3b:63:13:
         5d:e9:03:c6
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUQbm76laZ9uympLi1NJEAr7m1WfMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MTcwMDAwMDBaFw0yNDA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQGI5ZTA5YTQ3YWJjOTgyMmM3MTcyNmQ5MzI2NmIyMWQ2OGVmNGU4ZDM3NmZl
YjA4YzU3NjVkYzM5NDVjOWNiNDQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK0w9uwEJBvGcRmA6b0zrXfDur8+AI3aJhGpEMz+jrPskWkoK8kObGD1Cutj
06MAXqdPfKgxy5c0+NBY2syQn0iRNXhCcY2Ec8P1kgLfhyqNUkSmKgilKY2aQjft
G8TDu2CqWpJCxm3hlKfHLbUGCIEZjj2RjlRpmfbK0/zY5ZRaOT7iKPKoFfLD4tqN
ivXWPkbTRec4oBXFfNi2isvx41tKT0x88usy673vuT1fgwzLkH4zHp5BikOuA3QW
6yH/5+CZiRacFECRgwkmvOXjZurTlQGUBlRDD46Es5fSIdj6ERIy5uX+phqX01VT
52hOkIgpNioe6ay/6WzZrwvk4S0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRiCCza
2IhoZPeFgC133T8c25JQEjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGM1ZDIzMDktY2UwZi00ODE2LWI4ZDAtMjYwY2UwNzlmNjk0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDANT/MA0G
CSqGSIb3DQEBCwUAA4IBAQAlVy87IG2wcBD6ANlPVC65tqhw8Ip39cc68q5Ytl1m
njFf8yvnX8SN2Ou8lm10O6l6SdJ9kfI7AHXIS8V0fXfCc44AcrdGHs+WmeGzds++
hWmCLw8XujXHYiJmZPeaxGbAgZzzY+fNPt0pxX07fd0QGRbNJ3ZX+5sUu7CxVeAO
LU2o+r/BG5RVzsZ87IWlLnFWTxPFNMEUw0IgYCFxPcfY36Bwu9owgjI8D3xPneKN
CsoiJ8uNKFPitFaMxJhAzfhjtZtyKUqtdwHsUcv/3bAJfEuUyc/SnYPuwOpL/b2x
8NnmOsGbFBURJBvX51Vhvxnr4PmNJPluHnk7YxNd6QPG
-----END CERTIFICATE-----
Generated at Wed Jun 26 02:44:41 2024 by rpki-client on console-fra.rpki-client.org