Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cc65de9d-dc78-4e7d-96ff-16c3294057be.roa
File:                     cc65de9d-dc78-4e7d-96ff-16c3294057be.roa (raw, json)
Hash identifier:          QkyVBMa1fGbNn3pZpYKZmuO8wbOFqVMLPz5UWO/+u5o=
Subject key identifier:   B6:98:9E:EB:08:38:D4:DC:74:89:42:13:D5:18:6B:F1:66:EB:51:A9
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       35EC8E3CFF07B13A0F74CED330DA083A18A4FAD8
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cc65de9d-dc78-4e7d-96ff-16c3294057be.roa
Signing time:             Mon 18 Nov 2024 00:00:00 +0000
ROA not before:           Mon 18 Nov 2024 00:00:00 +0000
ROA not after:            Mon 23 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        195.17.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Dec 2024 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:ec:8e:3c:ff:07:b1:3a:0f:74:ce:d3:30:da:08:3a:18:a4:fa:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Nov 18 00:00:00 2024 GMT
            Not After : Dec 23 23:59:59 2024 GMT
        Subject: serialNumber=3446b106c433bec99b3f2a351de3c375720821336eb7c6211587502c6cd4b6d7, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:f8:01:a4:cb:4a:3f:fd:fc:01:77:a5:b1:ef:
                    ff:6b:94:78:e0:1e:df:13:4a:b0:b0:8c:84:ae:d2:
                    84:e0:9b:e8:2e:9b:b3:ad:d3:2e:cf:21:74:b6:7b:
                    5a:bc:68:45:ee:3e:7b:33:e1:81:91:d0:3e:bd:12:
                    28:bd:59:6e:9b:d0:e7:41:37:4e:db:ba:c2:19:ab:
                    1f:ff:a4:03:75:9d:1e:5f:e7:e3:54:67:18:52:4c:
                    a9:cc:e7:93:36:b5:8e:4b:ca:9d:a4:3f:d5:b5:44:
                    4f:f1:49:e0:13:a2:34:b7:13:2a:0a:96:14:3b:db:
                    b4:ee:98:18:1e:7b:2d:ad:e3:e3:bd:e9:22:49:13:
                    e9:fb:98:3c:24:04:08:b3:d3:db:54:b6:0c:a0:13:
                    9e:3e:07:e2:fe:61:84:49:ae:3e:01:3d:21:1e:78:
                    13:59:cc:3e:77:20:b9:7e:06:d6:1d:06:f9:e4:0d:
                    64:a8:ad:64:44:9f:08:b8:79:23:93:f6:7a:12:a7:
                    d0:7a:5a:a1:bc:5d:4a:c7:a6:6c:3a:03:ce:ae:e2:
                    dc:7b:0b:8a:28:b3:e3:3f:06:64:44:52:c3:3c:e0:
                    5d:be:3a:c9:c1:a3:f0:3d:32:9f:31:e5:87:7e:2d:
                    9a:13:06:bc:2e:a1:0a:7d:5a:92:d6:4a:2b:7a:7d:
                    50:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:98:9E:EB:08:38:D4:DC:74:89:42:13:D5:18:6B:F1:66:EB:51:A9
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cc65de9d-dc78-4e7d-96ff-16c3294057be.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.17.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         17:69:92:9b:bd:b2:4a:8f:5d:02:d1:c1:ca:25:93:a0:3e:c2:
         20:be:d1:9d:cd:27:a1:9d:68:0c:9d:fd:9b:6e:9d:3d:6d:2d:
         0a:ba:c7:53:5c:bd:11:e5:2b:97:07:9a:5b:c2:aa:ce:04:93:
         58:df:14:8c:0a:7a:66:5e:23:2f:a8:10:6a:b7:4e:ac:97:d4:
         a9:e1:2d:96:71:d5:5c:84:23:56:c3:4e:d6:ea:8d:58:31:94:
         77:17:7b:cc:bb:98:db:43:0c:ab:38:f7:60:b0:ab:5f:46:e0:
         fd:81:ca:ee:78:93:5d:a8:c9:94:f5:8b:a0:1f:a6:7e:5d:16:
         63:01:eb:2c:1d:e8:a9:a2:72:c6:24:d4:d4:ac:48:48:34:5e:
         63:ed:15:ca:5a:70:18:2e:9e:7b:e0:74:c2:86:c8:d0:cc:3e:
         82:48:1b:16:20:5d:af:1c:d0:94:6f:94:b7:4c:bb:e3:dd:0e:
         53:f1:06:b1:b0:a9:a9:1e:4e:19:93:4e:91:a7:9a:8d:8f:2c:
         ca:28:2e:2d:c4:de:a4:5f:fe:75:50:57:e5:0b:88:a2:07:50:
         c9:9e:f1:19:12:56:c8:6a:82:c1:ec:1d:40:94:59:40:2b:f5:
         18:a4:6f:9c:b7:7c:83:00:7c:67:f0:2b:09:62:b1:c7:24:03:
         41:fc:34:05
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUNeyOPP8HsToPdM7TMNoIOhik+tgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDExMTgwMDAwMDBaFw0yNDEyMjMyMzU5NTlaMHoxSTBHBgNV
BAUTQDM0NDZiMTA2YzQzM2JlYzk5YjNmMmEzNTFkZTNjMzc1NzIwODIxMzM2ZWI3
YzYyMTE1ODc1MDJjNmNkNGI2ZDcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO74AaTLSj/9/AF3pbHv/2uUeOAe3xNKsLCMhK7ShOCb6C6bs63TLs8hdLZ7
WrxoRe4+ezPhgZHQPr0SKL1ZbpvQ50E3Ttu6whmrH/+kA3WdHl/n41RnGFJMqczn
kza1jkvKnaQ/1bVET/FJ4BOiNLcTKgqWFDvbtO6YGB57La3j473pIkkT6fuYPCQE
CLPT21S2DKATnj4H4v5hhEmuPgE9IR54E1nMPncguX4G1h0G+eQNZKitZESfCLh5
I5P2ehKn0HpaobxdSsembDoDzq7i3HsLiiiz4z8GZERSwzzgXb46ycGj8D0ynzHl
h34tmhMGvC6hCn1aktZKK3p9UAsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS2mJ7r
CDjU3HSJQhPVGGvxZutRqTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Y2M2NWRlOWQtZGM3OC00ZTdkLTk2ZmYtMTZjMzI5NDA1N2JlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMMRMA0G
CSqGSIb3DQEBCwUAA4IBAQAXaZKbvbJKj10C0cHKJZOgPsIgvtGdzSehnWgMnf2b
bp09bS0KusdTXL0R5SuXB5pbwqrOBJNY3xSMCnpmXiMvqBBqt06sl9Sp4S2WcdVc
hCNWw07W6o1YMZR3F3vMu5jbQwyrOPdgsKtfRuD9gcrueJNdqMmU9YugH6Z+XRZj
AessHeiponLGJNTUrEhINF5j7RXKWnAYLp574HTChsjQzD6CSBsWIF2vHNCUb5S3
TLvj3Q5T8QaxsKmpHk4Zk06Rp5qNjyzKKC4txN6kX/51UFflC4iiB1DJnvEZElbI
aoLB7B1AlFlAK/UYpG+ct3yDAHxn8CsJYrHHJANB/DQF
-----END CERTIFICATE-----
Generated at Fri Dec 6 19:28:02 2024 by rpki-client on console-ams.rpki-client.org