Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa
File:                     dc5d2309-ce0f-4816-b8d0-260ce079f694.roa (raw, json)
Hash identifier:          e3zMQBD9KGiMeY5dRLH6c57ABZqBEZTVN0DD7hQuuE8=
Subject key identifier:   A1:06:6B:3A:E1:89:FF:32:75:41:01:D4:34:E0:0D:57:A4:7C:4C:4D
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6E87586A19900E9EFBBB98AC93E9B35383AAD867
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa
Signing time:             Tue 21 May 2024 00:00:00 +0000
ROA not before:           Tue 21 May 2024 00:00:00 +0000
ROA not after:            Tue 25 Jun 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        212.255.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:87:58:6a:19:90:0e:9e:fb:bb:98:ac:93:e9:b3:53:83:aa:d8:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May 21 00:00:00 2024 GMT
            Not After : Jun 25 23:59:59 2024 GMT
        Subject: serialNumber=5d32460e61c379f1e7b044f42ceea69b859cacafa813419b45a41f8800a0029d, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:3c:95:34:2f:61:52:d3:c9:13:bb:d5:a4:ec:
                    25:0a:fe:f9:e2:23:fa:96:7f:92:37:30:7c:84:56:
                    5a:ea:35:c3:43:e6:63:b2:f3:25:bd:e3:be:23:5b:
                    8a:6c:1a:1a:ea:97:94:a4:ac:bd:61:7e:c8:9d:1c:
                    29:da:70:4a:1a:20:67:6d:2b:70:58:b4:60:a7:39:
                    29:a3:e2:dc:9e:27:bf:b7:9a:df:66:48:10:27:f2:
                    c1:d2:3b:69:0a:55:7a:cf:1d:d3:0b:21:29:f7:8b:
                    9d:60:ab:f6:a5:93:14:ca:92:e5:18:56:6f:cb:45:
                    96:eb:05:4e:18:75:79:9a:2f:b5:d7:a1:c5:bd:c3:
                    53:db:98:4f:af:70:00:e6:da:4c:86:5c:c9:4b:21:
                    99:fc:14:48:62:bf:d0:d0:00:1b:61:51:18:be:f6:
                    d6:4f:a0:c0:86:8b:f3:d8:e8:46:19:31:e2:dd:a3:
                    93:7a:d4:6b:6f:9c:7b:5d:ad:43:d9:65:c5:d1:80:
                    0b:69:19:82:60:37:cd:3c:64:0b:4f:ff:4e:cd:0e:
                    f4:72:4b:b7:d5:0c:34:9b:d5:76:c5:6b:13:c8:2b:
                    fa:bb:6c:86:88:8e:7f:d9:44:1a:c1:82:8d:63:d6:
                    97:09:29:67:0e:23:cb:4c:1c:97:71:84:ff:7f:e8:
                    55:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:06:6B:3A:E1:89:FF:32:75:41:01:D4:34:E0:0D:57:A4:7C:4C:4D
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.255.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1c:20:4b:67:ae:13:e5:6d:7a:b9:7f:9b:2b:71:da:d0:10:f3:
         95:54:41:d1:10:ef:b7:9f:5e:86:c7:39:76:3e:3e:cf:8e:e7:
         cd:78:50:29:56:13:cd:2c:3e:69:19:10:84:29:59:db:37:8f:
         0e:41:60:45:7b:d9:40:46:c6:6b:5f:c6:f4:36:f8:ad:23:4c:
         4a:37:8a:f4:46:1f:64:d9:33:27:22:26:fb:1d:27:6c:2d:b4:
         57:9d:96:6d:6b:e1:09:51:70:ba:9c:f4:0f:a9:61:21:2b:4e:
         7e:d3:a2:38:93:d6:a5:7a:ea:7f:a8:9a:35:d0:57:27:40:09:
         ff:18:41:59:57:44:ef:00:5d:a2:0b:c5:66:1f:eb:de:7b:40:
         a8:c1:b2:22:4e:18:3f:0b:a9:16:b3:56:85:4e:52:23:c8:a7:
         7c:82:80:02:eb:e1:80:e3:66:a6:f4:54:47:c2:6c:2b:b0:1b:
         75:df:b9:57:63:a9:98:0f:dc:53:5f:70:91:3f:b1:38:aa:c2:
         e2:53:eb:91:ee:73:e0:f1:21:17:cb:4b:ad:a2:1f:64:4d:ca:
         2f:2b:31:06:c9:54:1b:da:55:c1:9e:c1:e8:bf:08:e6:ce:71:
         f6:b7:cd:22:2c:b5:07:95:cb:ec:52:f7:6f:8b:fe:bf:68:97:
         7b:ae:5a:a1
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUbodYahmQDp77u5isk+mzU4Oq2GcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA1MjEwMDAwMDBaFw0yNDA2MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDVkMzI0NjBlNjFjMzc5ZjFlN2IwNDRmNDJjZWVhNjliODU5Y2FjYWZhODEz
NDE5YjQ1YTQxZjg4MDBhMDAyOWQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALI8lTQvYVLTyRO71aTsJQr++eIj+pZ/kjcwfIRWWuo1w0PmY7LzJb3jviNb
imwaGuqXlKSsvWF+yJ0cKdpwShogZ20rcFi0YKc5KaPi3J4nv7ea32ZIECfywdI7
aQpVes8d0wshKfeLnWCr9qWTFMqS5RhWb8tFlusFThh1eZovtdehxb3DU9uYT69w
AObaTIZcyUshmfwUSGK/0NAAG2FRGL721k+gwIaL89joRhkx4t2jk3rUa2+ce12t
Q9llxdGAC2kZgmA3zTxkC0//Ts0O9HJLt9UMNJvVdsVrE8gr+rtshoiOf9lEGsGC
jWPWlwkpZw4jy0wcl3GE/3/oVRsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBShBms6
4Yn/MnVBAdQ04A1XpHxMTTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGM1ZDIzMDktY2UwZi00ODE2LWI4ZDAtMjYwY2UwNzlmNjk0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDANT/MA0G
CSqGSIb3DQEBCwUAA4IBAQAcIEtnrhPlbXq5f5srcdrQEPOVVEHREO+3n16Gxzl2
Pj7PjufNeFApVhPNLD5pGRCEKVnbN48OQWBFe9lARsZrX8b0NvitI0xKN4r0Rh9k
2TMnIib7HSdsLbRXnZZta+EJUXC6nPQPqWEhK05+06I4k9aleup/qJo10FcnQAn/
GEFZV0TvAF2iC8VmH+vee0CowbIiThg/C6kWs1aFTlIjyKd8goAC6+GA42am9FRH
wmwrsBt137lXY6mYD9xTX3CRP7E4qsLiU+uR7nPg8SEXy0utoh9kTcovKzEGyVQb
2lXBnsHovwjmznH2t80iLLUHlcvsUvdvi/6/aJd7rlqh
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:43 2024 by rpki-client on console-fra.rpki-client.org