Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6f7eb0e6-fbf6-4872-8a70-838cbba40e6f.roa
File:                     6f7eb0e6-fbf6-4872-8a70-838cbba40e6f.roa (raw, json)
Hash identifier:          RJDQ51IGha3ACOa8FRrKgC/R1rRcF6SKBzqmMb2Klj4=
Subject key identifier:   27:63:3F:66:53:3E:67:98:D1:2B:B3:01:FB:E6:36:7C:4F:82:76:B7
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       44F6FEABF1ECE27B0D4C14EC9EFBB7A89BD7CC9A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6f7eb0e6-fbf6-4872-8a70-838cbba40e6f.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a01:578:1010::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:f6:fe:ab:f1:ec:e2:7b:0d:4c:14:ec:9e:fb:b7:a8:9b:d7:cc:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=bbf360aba825de299457cea11638654e7cdc6ca0eb433db6d5f0070b03866c03, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:8d:94:85:cf:5a:e0:56:5a:64:9c:83:15:8c:
                    72:d2:03:a0:71:9f:f7:27:0f:35:99:d9:5c:14:e2:
                    2f:2e:8e:cf:ea:43:a3:c9:3d:c5:9f:b9:18:3b:0b:
                    84:93:80:05:e1:22:47:78:ed:51:fa:a6:c1:92:f4:
                    cb:82:39:5d:98:ba:47:b4:24:ee:a8:d4:44:ad:db:
                    6b:ec:ca:9b:75:5b:5e:e5:81:1d:f9:c0:32:77:13:
                    b7:30:48:44:b9:ec:ee:49:32:b5:d2:05:a5:eb:f1:
                    ed:45:01:c0:70:ca:46:b1:7c:01:bb:90:c6:b4:f1:
                    9e:58:83:62:3a:30:6a:2e:9f:b4:26:92:42:bf:7f:
                    72:64:42:44:f6:5f:2d:91:6c:34:12:a9:ba:02:fa:
                    84:73:0a:7c:57:f4:58:45:9d:54:ef:3a:5f:46:9d:
                    06:1a:9a:3f:f7:58:c3:a9:15:98:1c:34:7b:4d:f9:
                    bd:46:7e:cc:4c:5e:56:aa:92:6c:62:3c:23:ed:e4:
                    01:e2:63:c0:a3:1d:3c:58:f6:74:80:3f:76:56:9b:
                    c2:ff:39:35:c9:82:fe:d2:db:c9:bb:68:46:15:b8:
                    84:23:1b:4a:44:47:16:95:6b:88:48:1e:3e:11:d7:
                    06:2d:62:83:bd:ef:98:41:fd:e0:ce:19:cd:92:f4:
                    b8:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:63:3F:66:53:3E:67:98:D1:2B:B3:01:FB:E6:36:7C:4F:82:76:B7
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6f7eb0e6-fbf6-4872-8a70-838cbba40e6f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578:1010::/44

    Signature Algorithm: sha256WithRSAEncryption
         7d:8c:fd:74:1f:80:da:20:58:ae:f9:4f:67:ca:86:0e:ba:46:
         0c:36:02:78:f3:02:b3:b7:d9:53:48:e5:0c:1c:13:ef:b9:10:
         63:ad:6f:4b:df:e9:81:27:af:d4:fc:0f:d3:af:77:35:ba:ed:
         d8:42:3b:f7:b7:da:53:95:6f:1f:2a:b2:c6:e5:1e:e9:9f:22:
         76:2d:04:9b:8a:bc:ab:88:37:62:d9:0c:0a:ed:f1:6f:1f:cd:
         53:4b:2a:4c:55:e5:46:ca:04:2b:ee:8a:31:f8:e3:99:d4:f6:
         ba:57:36:2d:85:c4:2f:1d:c6:8e:8f:f8:3c:7a:9d:a9:f0:0a:
         bc:c9:35:d9:62:8f:9a:d3:47:72:42:64:b1:f0:1d:94:d4:bb:
         0d:c5:56:d9:3a:32:f7:f6:3f:a3:77:af:52:51:f4:a9:66:e1:
         88:16:f3:91:29:a7:5c:43:fb:6c:a3:6a:59:26:76:1b:52:f5:
         54:78:67:0b:63:54:75:40:cb:c2:82:ed:72:ad:9d:2f:94:58:
         21:21:c4:c6:92:47:94:3f:31:d2:85:37:0e:5e:51:3d:7a:2a:
         01:2a:fe:04:45:49:fc:a9:de:5f:51:14:6e:78:e1:68:e9:8d:
         e3:11:e2:2d:7e:42:d7:2d:1b:01:fd:d6:2c:a7:65:05:fc:e4:
         e2:1c:3d:de
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIURPb+q/Hs4nsNTBTsnvu3qJvXzJowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQGJiZjM2MGFiYTgyNWRlMjk5NDU3Y2VhMTE2Mzg2NTRlN2NkYzZjYTBlYjQz
M2RiNmQ1ZjAwNzBiMDM4NjZjMDMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANONlIXPWuBWWmScgxWMctIDoHGf9ycPNZnZXBTiLy6Oz+pDo8k9xZ+5GDsL
hJOABeEiR3jtUfqmwZL0y4I5XZi6R7Qk7qjURK3ba+zKm3VbXuWBHfnAMncTtzBI
RLns7kkytdIFpevx7UUBwHDKRrF8AbuQxrTxnliDYjowai6ftCaSQr9/cmRCRPZf
LZFsNBKpugL6hHMKfFf0WEWdVO86X0adBhqaP/dYw6kVmBw0e035vUZ+zExeVqqS
bGI8I+3kAeJjwKMdPFj2dIA/dlabwv85NcmC/tLbybtoRhW4hCMbSkRHFpVriEge
PhHXBi1ig73vmEH94M4ZzZL0uIkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQnYz9m
Uz5nmNErswH75jZ8T4J2tzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NmY3ZWIwZTYtZmJmNi00ODcyLThhNzAtODM4Y2JiYTQwZTZmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoBBXgQ
EDANBgkqhkiG9w0BAQsFAAOCAQEAfYz9dB+A2iBYrvlPZ8qGDrpGDDYCePMCs7fZ
U0jlDBwT77kQY61vS9/pgSev1PwP0693Nbrt2EI797faU5VvHyqyxuUe6Z8idi0E
m4q8q4g3YtkMCu3xbx/NU0sqTFXlRsoEK+6KMfjjmdT2ulc2LYXELx3Gjo/4PHqd
qfAKvMk12WKPmtNHckJksfAdlNS7DcVW2Toy9/Y/o3evUlH0qWbhiBbzkSmnXEP7
bKNqWSZ2G1L1VHhnC2NUdUDLwoLtcq2dL5RYISHExpJHlD8x0oU3Dl5RPXoqASr+
BEVJ/KneX1EUbnjhaOmN4xHiLX5C1y0bAf3WLKdlBfzk4hw93g==
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:41:27 2023 by rpki-client on console-ams.rpki-client.org