Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2e4c2934-9e54-49b6-bb41-7c76b504d78c.roa
File:                     2e4c2934-9e54-49b6-bb41-7c76b504d78c.roa (raw, json)
Hash identifier:          bbsDTi8pNrBxfBFH7PNHN9DCz8dDMssie5iV6qavB78=
Subject key identifier:   01:6A:C6:F0:70:2C:C2:91:25:7D:BA:65:A5:53:C0:50:A9:15:30:E9
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       7917EF81EDEEA362B708EF7CE817620583518897
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2e4c2934-9e54-49b6-bb41-7c76b504d78c.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a01:578:1080::/41 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:17:ef:81:ed:ee:a3:62:b7:08:ef:7c:e8:17:62:05:83:51:88:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=eb5efbde933180335a769f89f61b3e159d8584b2ebabe257266962054b7278aa, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1f:a4:8b:c3:dd:7f:83:13:c0:eb:df:8e:91:
                    e7:d6:0e:df:7e:b6:4b:63:40:dd:fb:a8:67:9c:44:
                    06:c5:ee:f9:3f:74:7d:87:7a:56:8f:9f:ca:31:f4:
                    3f:a0:6c:94:49:a6:04:b3:83:4e:75:57:73:d6:df:
                    72:75:18:a2:0e:a1:fe:82:b3:af:b4:0e:bb:1d:2a:
                    10:a7:af:d8:ac:40:2a:aa:5d:e0:a8:08:bc:27:25:
                    bc:22:01:d8:ee:1f:71:66:c2:27:d8:e9:c3:71:15:
                    ed:26:25:38:af:73:86:88:b1:46:3e:53:8a:ec:6f:
                    de:e4:90:2e:89:76:b9:6d:4d:98:b5:cc:4b:99:6a:
                    df:22:67:b4:28:87:fc:d1:d1:cb:a2:05:10:18:83:
                    09:54:9a:b7:81:91:75:32:23:60:d8:fe:25:cc:bb:
                    e4:db:21:f3:ef:06:d0:3c:6a:47:d4:c2:25:ca:3a:
                    58:79:2a:8e:37:de:f6:b5:fc:98:11:75:46:90:0c:
                    12:01:c9:ee:06:c0:92:f5:35:a1:c3:df:82:f6:59:
                    b8:6a:ae:1f:aa:ce:af:94:26:ce:9c:f5:18:f3:fb:
                    9e:ab:f3:30:7e:75:4c:00:28:a2:0a:1e:b4:ef:98:
                    6c:1c:7d:e5:40:cc:75:58:4d:6d:58:1a:ec:64:6d:
                    62:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:6A:C6:F0:70:2C:C2:91:25:7D:BA:65:A5:53:C0:50:A9:15:30:E9
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2e4c2934-9e54-49b6-bb41-7c76b504d78c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578:1080::/41

    Signature Algorithm: sha256WithRSAEncryption
         51:60:97:1f:8d:ce:05:d3:25:0d:7b:f4:15:da:0d:d9:1a:49:
         2d:4d:b1:db:5a:75:55:c5:aa:b0:e0:2d:5b:d2:14:00:1b:c5:
         2b:6c:a6:7a:ae:23:9c:b1:0e:69:4d:0c:30:71:f8:cb:9a:0c:
         29:b2:48:4a:74:b8:38:b9:53:b9:c3:ad:df:46:72:ba:6d:cd:
         d5:d4:11:42:00:ac:42:96:ef:b2:66:0b:15:b2:39:55:0c:8a:
         07:68:7b:58:b6:98:ad:bf:24:46:fa:8b:d9:0e:60:86:fc:6d:
         86:9e:cb:04:3b:97:3d:64:72:85:2a:7e:7d:84:c0:ea:54:3a:
         ce:49:84:c8:22:6b:12:b1:c5:44:e6:5f:08:81:52:44:9d:86:
         20:ce:a2:38:81:47:0a:9c:d9:ce:a6:35:4a:1c:72:5b:4e:71:
         c7:ae:38:cd:1f:6b:c9:31:e5:32:d8:c5:13:2c:5f:28:a1:e4:
         93:73:85:ff:b5:06:13:0f:74:39:2f:a9:ec:f2:08:bf:8f:6c:
         84:32:bd:e0:7b:6d:5c:8b:0b:aa:c2:6c:16:08:e9:e4:dd:ac:
         a9:8a:ac:e8:45:14:be:f6:54:83:9b:9b:4a:b6:b3:4f:47:57:
         59:f9:56:3b:a7:7d:91:55:36:e2:ba:a2:35:0c:90:1a:ea:91:
         ed:d1:36:ae
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUeRfvge3uo2K3CO986BdiBYNRiJcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQGViNWVmYmRlOTMzMTgwMzM1YTc2OWY4OWY2MWIzZTE1OWQ4NTg0YjJlYmFi
ZTI1NzI2Njk2MjA1NGI3Mjc4YWExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALEfpIvD3X+DE8Dr346R59YO3362S2NA3fuoZ5xEBsXu+T90fYd6Vo+fyjH0
P6BslEmmBLODTnVXc9bfcnUYog6h/oKzr7QOux0qEKev2KxAKqpd4KgIvCclvCIB
2O4fcWbCJ9jpw3EV7SYlOK9zhoixRj5Tiuxv3uSQLol2uW1NmLXMS5lq3yJntCiH
/NHRy6IFEBiDCVSat4GRdTIjYNj+Jcy75Nsh8+8G0DxqR9TCJco6WHkqjjfe9rX8
mBF1RpAMEgHJ7gbAkvU1ocPfgvZZuGquH6rOr5Qmzpz1GPP7nqvzMH51TAAoogoe
tO+YbBx95UDMdVhNbVga7GRtYokCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQBasbw
cCzCkSV9umWlU8BQqRUw6TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MmU0YzI5MzQtOWU1NC00OWI2LWJiNDEtN2M3NmI1MDRkNzhjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHByoBBXgQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAUWCXH43OBdMlDXv0FdoN2RpJLU2x21p1VcWq
sOAtW9IUABvFK2ymeq4jnLEOaU0MMHH4y5oMKbJISnS4OLlTucOt30Zyum3N1dQR
QgCsQpbvsmYLFbI5VQyKB2h7WLaYrb8kRvqL2Q5ghvxthp7LBDuXPWRyhSp+fYTA
6lQ6zkmEyCJrErHFROZfCIFSRJ2GIM6iOIFHCpzZzqY1ShxyW05xx644zR9ryTHl
MtjFEyxfKKHkk3OF/7UGEw90OS+p7PIIv49shDK94HttXIsLqsJsFgjp5N2sqYqs
6EUUvvZUg5ubSrazT0dXWflWO6d9kVU24rqiNQyQGuqR7dE2rg==
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:41:27 2023 by rpki-client on console-ams.rpki-client.org