Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7f44216c-6452-466e-be4f-93ae1547f6d1.roa
File:                     7f44216c-6452-466e-be4f-93ae1547f6d1.roa (raw, json)
Hash identifier:          iw4z/uvPJv8kVykZ5EidSI62azBmfOks31zsy46fYQ4=
Subject key identifier:   68:D4:BB:80:D5:E4:89:E7:85:92:3D:04:DE:98:35:45:BF:1A:09:71
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       4E21319B032F8A4833E0610B68FD9E149BC6E479
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7f44216c-6452-466e-be4f-93ae1547f6d1.roa
Signing time:             Mon 18 Nov 2024 00:00:00 +0000
ROA not before:           Mon 18 Nov 2024 00:00:00 +0000
ROA not after:            Mon 23 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a01:578::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:21:31:9b:03:2f:8a:48:33:e0:61:0b:68:fd:9e:14:9b:c6:e4:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Nov 18 00:00:00 2024 GMT
            Not After : Dec 23 23:59:59 2024 GMT
        Subject: serialNumber=b544aedec613df1251111b09d63ebc46ca61396531d8a60c9231bc5ace5397de, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:47:5f:9f:eb:30:1b:db:3e:59:a6:b3:ac:80:
                    7d:d6:a7:ee:04:67:32:fa:35:d4:0e:66:e4:62:03:
                    68:e1:58:78:e4:ef:f6:09:e1:1b:e1:f2:01:30:19:
                    6e:eb:69:e3:2f:fd:a3:9b:af:32:90:16:36:23:d3:
                    1f:dc:5f:65:37:39:dd:ed:1c:07:62:a2:83:c9:f9:
                    40:10:1b:e8:d1:39:c3:15:10:4f:b2:3a:ef:27:05:
                    ef:f0:ae:de:e0:8e:51:7e:8d:fb:6b:03:08:67:72:
                    14:5d:d7:3f:77:d5:29:de:86:08:e4:41:8e:18:d6:
                    e2:76:22:8d:55:28:d1:81:34:55:0a:41:ae:8c:44:
                    00:81:05:66:f0:c1:f9:5b:45:2c:77:1d:95:72:c1:
                    96:77:c1:03:e0:c8:58:00:be:46:fd:7f:ff:3d:09:
                    13:f3:90:df:8e:09:61:58:bf:da:d7:ea:1b:01:af:
                    18:eb:ab:0d:7d:e3:df:7a:d3:b4:6d:ff:e2:a8:ce:
                    6a:75:63:c2:9f:3b:29:c1:45:b9:bc:24:93:c8:78:
                    3d:58:07:57:a1:f4:e9:99:60:48:eb:1c:fc:7a:ec:
                    18:1e:ea:8e:07:7a:8b:c4:19:19:59:94:0c:f9:ea:
                    a1:f9:76:7b:6e:c1:c7:aa:77:22:87:91:4b:92:d5:
                    2c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D4:BB:80:D5:E4:89:E7:85:92:3D:04:DE:98:35:45:BF:1A:09:71
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7f44216c-6452-466e-be4f-93ae1547f6d1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578::/36

    Signature Algorithm: sha256WithRSAEncryption
         7a:df:04:7a:16:92:8e:2b:15:ef:ab:d9:cf:a7:df:40:cf:90:
         82:49:fc:1f:4b:93:b1:9a:e7:dd:ae:63:ee:fb:45:eb:f9:19:
         f5:67:61:2c:b7:d2:9f:90:7b:1a:1b:1b:e1:8f:f9:62:6e:4e:
         7d:24:6d:89:c5:8e:57:4f:04:17:33:a3:bc:bf:53:81:af:9b:
         ea:19:50:cb:09:62:a2:fd:3a:e0:dd:63:b2:9a:60:d3:1d:03:
         d0:dc:89:a9:61:74:ab:e4:ce:5d:9e:49:58:71:08:cd:77:6d:
         d2:b3:b9:44:e3:04:90:98:a7:89:ea:6e:c9:07:fe:2d:b0:35:
         ba:95:30:66:37:f0:4a:c3:bb:41:7c:41:60:fb:b1:3c:ab:18:
         7d:5d:50:aa:c3:af:17:01:de:2c:bd:e8:cd:cd:6b:8d:76:ae:
         2e:19:4f:ba:d8:f8:7d:22:fc:fd:05:6a:13:55:cc:b3:e6:ca:
         1e:b6:b7:8f:fc:4d:52:39:f7:1c:ff:14:65:5a:c4:8f:3a:53:
         5a:fe:d4:e9:70:41:c4:93:52:9c:b3:0e:3f:7b:ff:f8:9b:07:
         c4:23:e8:df:be:e8:2a:06:c1:da:d7:81:2d:e6:09:2f:41:09:
         5b:ca:02:21:81:35:1c:03:0f:66:2c:5c:a0:3a:f7:e4:59:d9:
         e8:1d:ee:46
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTiExmwMvikgz4GELaP2eFJvG5HkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDExMTgwMDAwMDBaFw0yNDEyMjMyMzU5NTlaMHoxSTBHBgNV
BAUTQGI1NDRhZWRlYzYxM2RmMTI1MTExMWIwOWQ2M2ViYzQ2Y2E2MTM5NjUzMWQ4
YTYwYzkyMzFiYzVhY2U1Mzk3ZGUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIVHX5/rMBvbPlmms6yAfdan7gRnMvo11A5m5GIDaOFYeOTv9gnhG+HyATAZ
butp4y/9o5uvMpAWNiPTH9xfZTc53e0cB2Kig8n5QBAb6NE5wxUQT7I67ycF7/Cu
3uCOUX6N+2sDCGdyFF3XP3fVKd6GCORBjhjW4nYijVUo0YE0VQpBroxEAIEFZvDB
+VtFLHcdlXLBlnfBA+DIWAC+Rv1//z0JE/OQ344JYVi/2tfqGwGvGOurDX3j33rT
tG3/4qjOanVjwp87KcFFubwkk8h4PVgHV6H06ZlgSOsc/HrsGB7qjgd6i8QZGVmU
DPnqofl2e27Bx6p3IoeRS5LVLBcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRo1LuA
1eSJ54WSPQTemDVFvxoJcTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
N2Y0NDIxNmMtNjQ1Mi00NjZlLWJlNGYtOTNhZTE1NDdmNmQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoBBXgA
MA0GCSqGSIb3DQEBCwUAA4IBAQB63wR6FpKOKxXvq9nPp99Az5CCSfwfS5Oxmufd
rmPu+0Xr+Rn1Z2Est9KfkHsaGxvhj/libk59JG2JxY5XTwQXM6O8v1OBr5vqGVDL
CWKi/Trg3WOymmDTHQPQ3ImpYXSr5M5dnklYcQjNd23Ss7lE4wSQmKeJ6m7JB/4t
sDW6lTBmN/BKw7tBfEFg+7E8qxh9XVCqw68XAd4svejNzWuNdq4uGU+62Ph9Ivz9
BWoTVcyz5soetreP/E1SOfcc/xRlWsSPOlNa/tTpcEHEk1Kcsw4/e//4mwfEI+jf
vugqBsHa14Et5gkvQQlbygIhgTUcAw9mLFygOvfkWdnoHe5G
-----END CERTIFICATE-----
Generated at Thu Nov 21 21:03:29 2024 by rpki-client on console-fra.rpki-client.org