Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c806309a-9e3e-4b0e-aad2-1356d070a437.roa
File:                     c806309a-9e3e-4b0e-aad2-1356d070a437.roa (raw, json)
Hash identifier:          ShL6469dDFqsoS8mTQIHr7Ev0zHNuYJGU3bFCXDrOyI=
Subject key identifier:   DC:0E:99:DE:4C:5C:36:96:28:04:E7:21:62:98:F7:08:78:40:21:90
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       59BD05DF56F6B54A5D2007542CB674C0208E60CC
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c806309a-9e3e-4b0e-aad2-1356d070a437.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a01:578:13::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Dec 2024 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:bd:05:df:56:f6:b5:4a:5d:20:07:54:2c:b6:74:c0:20:8e:60:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: serialNumber=6b730d0aebea549e6d729c73d842884f7dbc56a342d588cdae5ecec56f5800e8, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:4f:ab:28:f8:1c:01:ba:76:f0:30:40:45:9d:
                    74:2a:54:76:1f:c2:7b:2c:77:71:e1:b9:c2:d8:c3:
                    0f:ed:4c:ab:c8:1e:1a:9f:0a:c8:7c:71:16:72:40:
                    4a:e0:15:c7:ce:57:b5:7d:1d:7e:5c:4b:3f:e0:8d:
                    75:9a:1b:2b:a0:c2:5a:b7:b8:15:3f:0d:ed:9c:8a:
                    04:dc:4d:98:96:c9:fa:43:5f:20:56:57:7d:47:e3:
                    ae:bb:c6:d0:e7:9b:ee:a5:b8:33:f1:e0:6c:d2:ee:
                    ca:84:e0:bd:62:0c:ac:45:a9:c3:50:57:14:fa:7c:
                    eb:46:3c:3e:f5:c0:83:da:fa:bb:2d:cc:2b:aa:f9:
                    27:72:cd:6d:16:b3:c2:fc:47:3b:da:d3:e3:b9:04:
                    0f:8a:77:58:57:77:50:8b:a3:c2:11:94:ab:1c:38:
                    b9:bb:8d:02:69:72:2f:3e:2c:e7:61:72:0f:9f:92:
                    d6:82:24:bb:ea:5e:c4:9d:89:80:0e:69:43:d0:b2:
                    41:53:8c:ec:2d:05:0a:97:51:12:94:66:88:a8:46:
                    07:4c:e5:ec:7a:55:58:36:24:a0:7f:54:d7:15:ea:
                    be:dd:9b:6e:ba:0a:94:09:85:78:69:f2:be:cd:b8:
                    b2:56:26:86:e7:e0:e0:d3:30:f8:99:a2:9c:4e:3e:
                    a6:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:0E:99:DE:4C:5C:36:96:28:04:E7:21:62:98:F7:08:78:40:21:90
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c806309a-9e3e-4b0e-aad2-1356d070a437.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578:13::/48

    Signature Algorithm: sha256WithRSAEncryption
         cd:62:68:b0:08:57:3e:2b:8d:83:a5:35:4c:60:b5:49:5b:f9:
         2f:0a:b0:a7:c2:60:d9:51:c2:8d:e3:f5:f0:c6:91:30:01:f5:
         cc:f8:6c:e8:8d:b2:1d:79:93:20:b5:d7:2c:6c:73:b7:04:61:
         e8:7b:7a:03:56:85:16:48:35:21:a3:6a:5f:63:e0:c5:6e:db:
         0e:fc:ff:60:50:cb:73:80:16:e1:d1:8b:1b:e5:95:d4:5b:0a:
         19:d9:05:d7:c4:45:72:4b:83:c9:9a:19:2d:c5:f3:0f:eb:48:
         ab:a7:03:93:a2:f9:ac:0e:58:a2:a3:d2:5d:37:ad:eb:de:ff:
         46:65:0f:de:a5:78:ec:25:99:b5:0a:8a:f6:98:ec:ca:b1:76:
         64:73:7f:9c:c9:67:99:f9:c3:e8:e0:e2:6a:ec:78:36:fc:44:
         69:e2:cd:60:45:89:25:e8:15:3e:62:b2:99:fd:16:2f:29:06:
         de:e5:68:cd:18:6f:da:fd:7a:f2:d3:88:4f:79:31:4d:da:ce:
         e9:c9:06:dd:b1:8e:1e:ca:2f:b0:02:b1:4c:fe:c5:e8:21:cc:
         66:df:38:50:94:7a:6a:7f:f8:1b:d7:e2:ab:65:7d:8e:13:1f:
         cd:bf:4f:d4:29:54:91:b1:ba:83:1f:73:ed:04:7c:61:1d:ea:
         e5:c8:02:73
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUWb0F31b2tUpdIAdULLZ0wCCOYMwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDEyMDMwMDAwMDBaFw0yNTAxMDcyMzU5NTlaMHoxSTBHBgNV
BAUTQDZiNzMwZDBhZWJlYTU0OWU2ZDcyOWM3M2Q4NDI4ODRmN2RiYzU2YTM0MmQ1
ODhjZGFlNWVjZWM1NmY1ODAwZTgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANBPqyj4HAG6dvAwQEWddCpUdh/Ceyx3ceG5wtjDD+1Mq8geGp8KyHxxFnJA
SuAVx85XtX0dflxLP+CNdZobK6DCWre4FT8N7ZyKBNxNmJbJ+kNfIFZXfUfjrrvG
0Oeb7qW4M/HgbNLuyoTgvWIMrEWpw1BXFPp860Y8PvXAg9r6uy3MK6r5J3LNbRaz
wvxHO9rT47kED4p3WFd3UIujwhGUqxw4ubuNAmlyLz4s52FyD5+S1oIku+pexJ2J
gA5pQ9CyQVOM7C0FCpdREpRmiKhGB0zl7HpVWDYkoH9U1xXqvt2bbroKlAmFeGny
vs24slYmhufg4NMw+JminE4+psMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTcDpne
TFw2ligE5yFimPcIeEAhkDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YzgwNjMwOWEtOWUzZS00YjBlLWFhZDItMTM1NmQwNzBhNDM3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBBXgA
EzANBgkqhkiG9w0BAQsFAAOCAQEAzWJosAhXPiuNg6U1TGC1SVv5Lwqwp8Jg2VHC
jeP18MaRMAH1zPhs6I2yHXmTILXXLGxztwRh6Ht6A1aFFkg1IaNqX2PgxW7bDvz/
YFDLc4AW4dGLG+WV1FsKGdkF18RFckuDyZoZLcXzD+tIq6cDk6L5rA5YoqPSXTet
697/RmUP3qV47CWZtQqK9pjsyrF2ZHN/nMlnmfnD6ODiaux4NvxEaeLNYEWJJegV
PmKymf0WLykG3uVozRhv2v168tOIT3kxTdrO6ckG3bGOHsovsAKxTP7F6CHMZt84
UJR6an/4G9fiq2V9jhMfzb9P1ClUkbG6gx9z7QR8YR3q5cgCcw==
-----END CERTIFICATE-----
Generated at Sun Dec 8 19:26:36 2024 by rpki-client on console-fra.rpki-client.org