Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
File:                     69988e45-d4fb-4896-be53-951c20d12c48.roa (raw, json)
Hash identifier:          u8QckAIIMfukVytLHAMHMVSrZsmSy4CJX6SkCjCJegA=
Subject key identifier:   69:C4:C3:A7:23:3C:66:3B:6F:81:91:F2:71:3A:62:91:E7:F6:CF:59
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       05F10E4D17DBCC8287FE446DCA80A7F1C52344EF
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa
Signing time:             Fri 27 Sep 2024 00:00:00 +0000
ROA not before:           Fri 27 Sep 2024 00:00:00 +0000
ROA not after:            Fri 01 Nov 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a11:47c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Oct 2024 21:24:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:f1:0e:4d:17:db:cc:82:87:fe:44:6d:ca:80:a7:f1:c5:23:44:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 27 00:00:00 2024 GMT
            Not After : Nov  1 23:59:59 2024 GMT
        Subject: serialNumber=40e79c72aeadf9e7c80a003ea80d7663dab09ccecf340a709cd58b0ee938fb0b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:70:a5:11:2f:3c:14:7e:c1:9f:be:6b:55:b3:
                    01:1c:67:a5:2c:67:2c:0a:4c:fb:e6:e8:25:a2:5c:
                    95:f8:c0:f1:0e:f2:2f:a8:ad:f8:5a:79:e4:ee:10:
                    d9:27:01:ef:94:30:31:55:75:96:8f:77:31:17:e8:
                    79:95:39:6d:d6:59:6f:c0:eb:16:14:6d:ca:fe:82:
                    09:d9:04:fe:c6:e3:37:c9:c7:34:7e:6e:cf:01:24:
                    70:49:d0:b2:58:26:d0:d4:75:85:2d:de:d5:a3:3a:
                    8b:2d:90:4f:5c:d1:58:ab:dc:50:d4:03:63:b7:0e:
                    48:91:10:a8:7d:73:0f:a4:4c:ca:73:a1:29:e3:ce:
                    c9:51:a5:ff:39:e0:30:dc:7f:c7:9f:8c:8a:75:9a:
                    ae:db:aa:47:8c:58:b6:79:0a:a9:b1:49:ac:af:7e:
                    d3:d4:6c:24:cb:31:53:33:47:02:0b:5f:21:7b:c4:
                    75:ca:83:2d:6d:26:ac:1f:a5:11:1e:5e:de:6f:51:
                    b1:a5:e5:89:f0:40:a4:af:f8:38:e1:7b:11:f9:5d:
                    b7:b5:31:19:c9:e2:19:bd:9c:33:25:21:63:b8:d3:
                    03:7c:ad:43:83:5d:f5:c1:c2:88:e3:61:b6:f5:2c:
                    aa:5e:5e:dc:4c:32:96:f2:5c:4b:bc:bf:3e:6f:23:
                    3b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C4:C3:A7:23:3C:66:3B:6F:81:91:F2:71:3A:62:91:E7:F6:CF:59
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/69988e45-d4fb-4896-be53-951c20d12c48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:47c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         c9:b1:0a:11:23:cd:53:63:50:1d:c1:d9:bc:e8:c7:37:82:87:
         0f:21:96:7a:09:03:40:05:c8:0e:fe:40:05:25:1f:14:60:45:
         c1:08:09:02:fc:87:4f:49:c0:ce:40:d3:32:b1:64:90:7b:9f:
         98:3e:b2:d0:fa:19:78:15:c1:57:b6:99:68:7e:59:6b:31:e8:
         9c:fc:3c:b5:ec:16:ef:ce:48:35:f9:55:e8:97:e1:fe:9e:fb:
         75:17:45:04:18:71:66:34:8a:33:7a:cf:66:bc:31:82:ff:61:
         71:cc:8f:4e:c4:6c:59:e4:02:80:91:c5:10:96:0e:09:5e:69:
         84:8a:cd:2a:09:9d:cc:d7:b4:a8:45:9c:01:df:0e:36:70:47:
         96:d1:e6:d5:15:ee:a9:90:39:b7:93:e9:77:9b:31:98:06:bc:
         69:fc:3a:c6:a3:53:3e:70:8c:1f:1f:b7:f8:98:26:1d:16:5d:
         87:e4:23:88:17:5e:64:a6:33:c9:ee:50:be:ff:24:5d:c1:cb:
         13:46:73:3d:82:6f:e5:22:f9:27:b4:09:9c:60:ac:b4:a7:51:
         c2:59:74:cc:fa:81:df:0e:e9:6b:c9:0f:a6:4e:04:0f:95:00:
         94:4c:e5:ed:f0:5d:d5:4c:38:ed:dd:33:38:72:e9:cb:0f:ad:
         fe:b3:b3:c7
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUBfEOTRfbzIKH/kRtyoCn8cUjRO8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA5MjcwMDAwMDBaFw0yNDExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQwZTc5YzcyYWVhZGY5ZTdjODBhMDAzZWE4MGQ3NjYzZGFiMDljY2VjZjM0
MGE3MDljZDU4YjBlZTkzOGZiMGIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ9wpREvPBR+wZ++a1WzARxnpSxnLApM++boJaJclfjA8Q7yL6it+Fp55O4Q
2ScB75QwMVV1lo93MRfoeZU5bdZZb8DrFhRtyv6CCdkE/sbjN8nHNH5uzwEkcEnQ
slgm0NR1hS3e1aM6iy2QT1zRWKvcUNQDY7cOSJEQqH1zD6RMynOhKePOyVGl/zng
MNx/x5+MinWartuqR4xYtnkKqbFJrK9+09RsJMsxUzNHAgtfIXvEdcqDLW0mrB+l
ER5e3m9RsaXlifBApK/4OOF7Efldt7UxGcniGb2cMyUhY7jTA3ytQ4Nd9cHCiONh
tvUsql5e3EwylvJcS7y/Pm8jOysCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBRpxMOn
IzxmO2+BkfJxOmKR5/bPWTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njk5ODhlNDUtZDRmYi00ODk2LWJlNTMtOTUxYzIwZDEyYzQ4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoRR8Aw
DQYJKoZIhvcNAQELBQADggEBAMmxChEjzVNjUB3B2bzoxzeChw8hlnoJA0AFyA7+
QAUlHxRgRcEICQL8h09JwM5A0zKxZJB7n5g+stD6GXgVwVe2mWh+WWsx6Jz8PLXs
Fu/OSDX5VeiX4f6e+3UXRQQYcWY0ijN6z2a8MYL/YXHMj07EbFnkAoCRxRCWDgle
aYSKzSoJnczXtKhFnAHfDjZwR5bR5tUV7qmQObeT6XebMZgGvGn8OsajUz5wjB8f
t/iYJh0WXYfkI4gXXmSmM8nuUL7/JF3ByxNGcz2Cb+Ui+Se0CZxgrLSnUcJZdMz6
gd8O6WvJD6ZOBA+VAJRM5e3wXdVMOO3dMzhy6csPrf6zs8c=
-----END CERTIFICATE-----
Generated at Wed Oct 9 04:20:26 2024 by rpki-client on console-fra.rpki-client.org