Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7f44216c-6452-466e-be4f-93ae1547f6d1.roa
File:                     7f44216c-6452-466e-be4f-93ae1547f6d1.roa (raw, json)
Hash identifier:          Fq3V3NsG3ZwMZERhZhWtpdHUk6vUou9JykF3MqpHPIY=
Subject key identifier:   AA:5B:0B:6B:C6:24:91:1D:0A:E9:29:EF:C4:4F:03:25:6F:3E:AB:30
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6ECC3395C5F3784D625A4192DC4CF24BC017889D
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7f44216c-6452-466e-be4f-93ae1547f6d1.roa
Signing time:             Fri 12 Jul 2024 00:00:00 +0000
ROA not before:           Fri 12 Jul 2024 00:00:00 +0000
ROA not after:            Fri 16 Aug 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a01:578::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jul 2024 14:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:cc:33:95:c5:f3:78:4d:62:5a:41:92:dc:4c:f2:4b:c0:17:88:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 12 00:00:00 2024 GMT
            Not After : Aug 16 23:59:59 2024 GMT
        Subject: serialNumber=a4215b97fb4016eda8e61d390bd2de3ba309e87f9a765e4011eac54ca202d057, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c2:ce:f4:72:0f:e1:e2:e6:96:d7:cc:dc:6c:
                    28:59:95:9b:26:e8:10:f1:3c:03:9e:b7:a7:86:e2:
                    a5:4c:f9:0e:a9:6b:8b:95:9d:b4:6a:eb:5e:ca:22:
                    85:38:d1:01:8b:eb:4b:7d:35:16:4c:dd:8c:33:ad:
                    80:aa:9a:b9:3a:58:07:fc:a7:c9:b5:b4:8e:db:69:
                    73:a1:e4:6a:53:b6:e6:61:e0:a9:0a:43:38:b1:0f:
                    5f:db:ad:b4:75:b0:fc:47:ee:63:bc:7c:ef:98:44:
                    78:ac:3f:a4:9b:82:ef:8a:4b:2c:1b:80:32:d5:22:
                    1d:dc:e5:6f:22:a7:01:e4:23:29:9b:e7:db:ee:58:
                    a5:21:cd:6f:88:09:e8:66:96:45:8c:a8:3a:8f:db:
                    b6:95:c7:f0:c6:4e:df:b6:7b:58:38:c1:4a:6f:6a:
                    99:fd:82:0f:25:80:d2:cf:9d:d3:0d:1b:f7:61:1e:
                    a7:b3:8e:01:07:9a:13:dc:41:3b:ba:f7:51:88:cc:
                    a0:75:2b:79:7e:1a:b7:f1:f3:96:1c:52:cc:5d:e9:
                    ab:7e:f7:fb:33:11:de:07:00:03:1e:4b:e6:76:64:
                    d3:71:cc:79:e4:5c:f2:92:7a:e3:46:0f:10:3f:e5:
                    95:87:83:ad:0c:5d:43:79:f0:b6:64:09:6f:dd:e4:
                    0d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:5B:0B:6B:C6:24:91:1D:0A:E9:29:EF:C4:4F:03:25:6F:3E:AB:30
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7f44216c-6452-466e-be4f-93ae1547f6d1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578::/36

    Signature Algorithm: sha256WithRSAEncryption
         17:5f:e8:00:93:38:e5:24:a0:59:b7:5e:66:0a:b9:e0:72:97:
         d4:7b:6a:44:11:12:ea:4a:b5:6f:b1:d1:27:88:1f:60:f6:f6:
         d9:55:bf:97:f3:e8:3b:23:a6:19:02:a5:9b:17:15:b4:56:3c:
         b4:c4:03:20:17:b4:f2:9e:84:62:98:97:6f:eb:64:ee:48:3b:
         39:d8:06:12:79:82:3a:b0:16:9b:a6:45:e1:b9:1f:b5:59:59:
         a1:70:2e:3a:49:96:35:0e:37:f4:7a:dc:5b:3e:1f:6b:c4:6b:
         20:74:6d:c4:51:2d:61:bc:7b:88:e0:92:61:85:b4:99:54:50:
         ba:ad:c2:a9:71:36:ce:fc:69:f8:8c:fd:b2:ea:a2:c6:7b:c5:
         3d:22:48:d3:b8:2b:26:a2:b0:4b:94:14:ea:97:0e:37:c2:a1:
         9f:1a:25:74:ff:5e:da:4d:af:98:3b:89:ff:1f:e8:b1:01:97:
         48:60:c5:e3:68:15:a3:da:49:d2:0c:59:02:68:fb:73:cb:01:
         0e:3a:a9:a5:ff:c9:4f:a9:5b:a6:d6:cf:cf:9c:78:07:ea:2b:
         7f:3f:92:39:ee:64:a2:24:5e:3f:81:74:5f:95:8e:fc:5b:fc:
         ec:80:01:66:8b:81:52:d7:ba:f4:1d:35:42:dd:1a:3d:50:bd:
         49:00:ea:25
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbswzlcXzeE1iWkGS3EzyS8AXiJ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA3MTIwMDAwMDBaFw0yNDA4MTYyMzU5NTlaMHoxSTBHBgNV
BAUTQGE0MjE1Yjk3ZmI0MDE2ZWRhOGU2MWQzOTBiZDJkZTNiYTMwOWU4N2Y5YTc2
NWU0MDExZWFjNTRjYTIwMmQwNTcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANDCzvRyD+Hi5pbXzNxsKFmVmyboEPE8A563p4bipUz5Dqlri5WdtGrrXsoi
hTjRAYvrS301FkzdjDOtgKqauTpYB/ynybW0jttpc6HkalO25mHgqQpDOLEPX9ut
tHWw/EfuY7x875hEeKw/pJuC74pLLBuAMtUiHdzlbyKnAeQjKZvn2+5YpSHNb4gJ
6GaWRYyoOo/btpXH8MZO37Z7WDjBSm9qmf2CDyWA0s+d0w0b92Eep7OOAQeaE9xB
O7r3UYjMoHUreX4at/HzlhxSzF3pq373+zMR3gcAAx5L5nZk03HMeeRc8pJ640YP
ED/llYeDrQxdQ3nwtmQJb93kDT0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSqWwtr
xiSRHQrpKe/ETwMlbz6rMDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
N2Y0NDIxNmMtNjQ1Mi00NjZlLWJlNGYtOTNhZTE1NDdmNmQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoBBXgA
MA0GCSqGSIb3DQEBCwUAA4IBAQAXX+gAkzjlJKBZt15mCrngcpfUe2pEERLqSrVv
sdEniB9g9vbZVb+X8+g7I6YZAqWbFxW0Vjy0xAMgF7TynoRimJdv62TuSDs52AYS
eYI6sBabpkXhuR+1WVmhcC46SZY1Djf0etxbPh9rxGsgdG3EUS1hvHuI4JJhhbSZ
VFC6rcKpcTbO/Gn4jP2y6qLGe8U9IkjTuCsmorBLlBTqlw43wqGfGiV0/17aTa+Y
O4n/H+ixAZdIYMXjaBWj2knSDFkCaPtzywEOOqml/8lPqVum1s/PnHgH6it/P5I5
7mSiJF4/gXRflY78W/zsgAFmi4FS17r0HTVC3Ro9UL1JAOol
-----END CERTIFICATE-----
Generated at Tue Jul 16 19:44:50 2024 by rpki-client on console-fra.rpki-client.org