Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
File:                     3558ad32-215e-47a4-9f5b-477ec71e940f.roa (raw, json)
Hash identifier:          FgwbeDmnzHS57VxqvyC2byDe27PkqJT6pz15zq91W8o=
Subject key identifier:   85:E0:E9:8D:5B:C7:2B:38:ED:B5:95:E2:C5:84:DC:EB:C1:38:1F:45
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       69ED63BDBF204A75F7632F2D97A18846EE994FF0
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a01:578:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:ed:63:bd:bf:20:4a:75:f7:63:2f:2d:97:a1:88:46:ee:99:4f:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=46052183634976060f319b171ad9f117e712f089000bb608ddb7b6f5f7f36aac, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:7a:28:c7:c1:35:3f:6d:11:65:eb:34:a8:16:
                    63:d0:fc:a5:e3:5d:15:1d:fb:01:f3:d6:e1:b8:c0:
                    28:5e:76:5e:74:4c:1f:5d:9e:c1:c2:33:48:85:0a:
                    d8:52:bf:6b:fc:39:dc:fb:7f:9a:b4:09:da:6f:74:
                    de:d8:f8:d5:25:af:87:8d:1e:cd:62:ba:88:c1:86:
                    18:75:58:94:ac:aa:4d:16:b4:24:06:a4:73:ab:82:
                    f6:e2:e9:00:e2:73:e7:db:58:2e:1d:1a:ea:b1:f0:
                    3a:3e:3e:ce:72:db:3b:cb:e0:60:d1:2c:2e:26:43:
                    19:4b:f1:62:0f:79:fe:a2:c6:24:6e:f1:b4:9c:58:
                    0a:bb:d9:64:4d:aa:b0:ce:20:dc:03:3e:b7:94:16:
                    94:fb:20:af:ce:9a:76:35:22:48:a7:1b:19:ca:6d:
                    a5:69:f2:14:59:80:c6:d4:ba:f8:2c:ff:0f:4e:3e:
                    f6:10:e3:64:b8:f7:f7:fc:65:c0:89:45:8f:3a:39:
                    ad:72:d8:e1:27:57:06:e3:01:d4:d2:e7:ef:e0:ad:
                    0f:1d:25:86:c8:61:03:cb:42:25:9e:51:41:3b:f3:
                    f7:44:11:59:44:0c:2d:3b:5c:7d:57:63:ef:68:37:
                    e8:7e:27:25:50:61:e6:3e:bb:6e:65:92:80:32:f1:
                    07:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:E0:E9:8D:5B:C7:2B:38:ED:B5:95:E2:C5:84:DC:EB:C1:38:1F:45
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:95:98:2f:39:50:7a:c9:47:90:8e:af:c4:b1:f0:1b:1a:59:
         eb:4a:43:5e:ac:fe:07:18:84:36:cb:86:13:e5:a8:7c:44:34:
         4d:22:8b:3c:76:70:65:1f:33:44:bf:bd:51:4b:c7:68:62:15:
         1b:7b:f7:8f:11:24:d0:cd:39:f6:23:79:51:88:3c:e7:2c:9f:
         c5:2a:d4:aa:72:4b:59:e3:5a:bd:88:38:b9:e8:69:3d:f1:9a:
         f8:15:a3:18:8d:5d:20:30:3f:5e:ad:d1:2d:ba:31:28:d2:55:
         9e:05:50:30:66:35:2c:9b:8e:66:3e:67:af:d5:90:97:66:7a:
         a9:f7:18:8c:fb:41:d5:bb:60:fe:23:ca:e7:53:1b:ff:68:95:
         1d:2e:3d:4a:0b:80:b4:14:87:0f:95:7e:5b:1c:90:76:db:29:
         33:a6:1c:d8:7a:2d:9c:77:05:6d:ec:60:05:fd:a8:0c:1f:a8:
         e7:c2:60:e6:8c:18:43:dc:b2:99:79:bf:d1:5f:65:a8:c3:ee:
         04:fe:65:1b:b1:b3:5b:96:bc:4a:73:d1:95:c4:0b:5e:0b:9d:
         cc:dc:4a:ae:89:55:25:3c:eb:48:b0:b7:12:42:56:ed:5f:c1:
         62:8f:9b:70:8e:c6:6e:f5:08:b5:78:d4:0c:14:22:24:9e:39:
         26:6c:83:eb
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUae1jvb8gSnX3Yy8tl6GIRu6ZT/AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ2MDUyMTgzNjM0OTc2MDYwZjMxOWIxNzFhZDlmMTE3ZTcxMmYwODkwMDBi
YjYwOGRkYjdiNmY1ZjdmMzZhYWMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL96KMfBNT9tEWXrNKgWY9D8peNdFR37AfPW4bjAKF52XnRMH12ewcIzSIUK
2FK/a/w53Pt/mrQJ2m903tj41SWvh40ezWK6iMGGGHVYlKyqTRa0JAakc6uC9uLp
AOJz59tYLh0a6rHwOj4+znLbO8vgYNEsLiZDGUvxYg95/qLGJG7xtJxYCrvZZE2q
sM4g3AM+t5QWlPsgr86adjUiSKcbGcptpWnyFFmAxtS6+Cz/D04+9hDjZLj39/xl
wIlFjzo5rXLY4SdXBuMB1NLn7+CtDx0lhshhA8tCJZ5RQTvz90QRWUQMLTtcfVdj
72g36H4nJVBh5j67bmWSgDLxB8cCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSF4OmN
W8crOO21leLFhNzrwTgfRTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzU1OGFkMzItMjE1ZS00N2E0LTlmNWItNDc3ZWM3MWU5NDBmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBBXgA
AzANBgkqhkiG9w0BAQsFAAOCAQEAQZWYLzlQeslHkI6vxLHwGxpZ60pDXqz+BxiE
NsuGE+WofEQ0TSKLPHZwZR8zRL+9UUvHaGIVG3v3jxEk0M059iN5UYg85yyfxSrU
qnJLWeNavYg4uehpPfGa+BWjGI1dIDA/Xq3RLboxKNJVngVQMGY1LJuOZj5nr9WQ
l2Z6qfcYjPtB1btg/iPK51Mb/2iVHS49SguAtBSHD5V+WxyQdtspM6Yc2HotnHcF
bexgBf2oDB+o58Jg5owYQ9yymXm/0V9lqMPuBP5lG7GzW5a8SnPRlcQLXgudzNxK
rolVJTzrSLC3EkJW7V/BYo+bcI7GbvUItXjUDBQiJJ45JmyD6w==
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:47:31 2023 by rpki-client on console-fra.rpki-client.org