Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc3cc874-29b0-4f9c-90aa-906fa9dca22a.roa
File:                     dc3cc874-29b0-4f9c-90aa-906fa9dca22a.roa (raw, json)
Hash identifier:          QIyYWem3j1VLMPiYTdEAhsFcS+FNFyoJ9aG1Tlg+ww4=
Subject key identifier:   C6:1B:A6:C3:CD:BF:F1:E7:74:82:F2:D5:46:F6:2B:1E:00:5F:BC:3E
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       770E491BD505E3480D4B15569C2A0100F79F6307
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc3cc874-29b0-4f9c-90aa-906fa9dca22a.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        2a01:578:1010::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:0e:49:1b:d5:05:e3:48:0d:4b:15:56:9c:2a:01:00:f7:9f:63:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=8297275cde9d7f441cc758c629ca39faa0e09f8e846b24bac976799602e24dad, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:f5:36:f9:58:ec:d7:8f:57:be:5b:1a:ff:e7:
                    e8:cb:9b:65:e5:c5:3a:19:e1:90:50:1b:45:fe:06:
                    4a:db:31:20:96:19:95:77:75:ca:76:d3:4a:52:e1:
                    85:e3:93:4b:a1:a9:10:f1:b7:5f:dd:38:60:84:da:
                    f5:14:21:09:a1:c6:98:24:d0:6c:d5:f0:c5:43:0d:
                    a8:e4:61:35:d2:19:96:dc:5a:1c:57:8e:1f:36:1d:
                    51:42:fb:1a:66:63:77:57:53:09:ac:f5:af:01:fa:
                    d5:8e:b3:20:b9:db:13:1b:3a:20:ef:a2:81:2b:dc:
                    ba:78:a7:43:a7:62:a2:41:92:54:f2:69:87:46:29:
                    ef:ad:94:6d:08:e2:75:a4:06:98:71:3d:92:8a:9a:
                    22:fd:53:4b:ba:78:7d:8e:b1:7e:04:f6:b2:48:de:
                    b7:2e:df:42:3d:a6:9c:03:0b:32:64:fe:a1:f1:19:
                    77:47:fd:65:30:f4:62:31:e3:db:f9:f5:1d:c3:09:
                    b7:b9:b3:be:fc:be:35:e5:29:0b:79:27:41:da:ac:
                    e0:df:dc:7e:6a:54:d6:5d:02:da:ec:a7:58:d4:f9:
                    b1:83:67:b2:48:22:ec:37:23:57:4a:f0:47:e0:95:
                    81:fd:2a:49:62:43:e7:ce:58:36:de:e5:a8:2d:e2:
                    b7:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:1B:A6:C3:CD:BF:F1:E7:74:82:F2:D5:46:F6:2B:1E:00:5F:BC:3E
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc3cc874-29b0-4f9c-90aa-906fa9dca22a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578:1010::/44

    Signature Algorithm: sha256WithRSAEncryption
         65:c7:de:e9:b3:28:1a:61:c4:51:f5:62:50:6a:fc:32:82:c1:
         1d:a9:e9:01:b7:15:94:51:8c:e4:f7:15:dc:d6:00:cd:75:a3:
         3d:5b:00:78:ae:fc:8e:1e:0c:79:74:a9:8a:85:e3:21:13:55:
         45:32:b1:27:4c:47:75:b8:f4:81:29:c0:8f:fa:08:12:04:39:
         66:27:5d:a0:b8:9b:ac:40:bf:7e:8d:4d:5e:31:45:e2:8a:30:
         b5:b2:08:4b:26:0d:a2:ea:39:41:7b:37:23:49:df:11:5b:81:
         24:1d:87:d1:8c:f9:e9:e4:09:03:79:41:c8:ad:9b:45:07:13:
         be:be:15:b0:19:ce:32:96:3f:c3:2a:8d:e4:31:e4:7c:54:e2:
         19:d1:e4:75:e4:77:ea:dc:0e:7b:ec:1b:29:ee:bb:73:70:47:
         58:01:8f:0a:e5:ea:dd:fd:04:0c:73:ab:7e:f6:58:7b:a0:3d:
         18:dd:45:88:a1:10:85:6d:6f:8d:ba:55:7c:9d:29:59:3b:ec:
         01:d7:91:7e:81:40:aa:c9:f3:bf:e9:5d:51:27:3b:3c:d8:59:
         e3:75:69:bb:cb:b2:b4:82:1a:14:a1:4d:08:ff:0e:20:24:a9:
         76:6c:22:38:f4:e8:e6:27:a6:3e:c2:2e:37:5a:c8:a4:ed:d2:
         d3:f6:64:fd
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUdw5JG9UF40gNSxVWnCoBAPefYwcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDgyOTcyNzVjZGU5ZDdmNDQxY2M3NThjNjI5Y2EzOWZhYTBlMDlmOGU4NDZi
MjRiYWM5NzY3OTk2MDJlMjRkYWQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM31NvlY7NePV75bGv/n6MubZeXFOhnhkFAbRf4GStsxIJYZlXd1ynbTSlLh
heOTS6GpEPG3X904YITa9RQhCaHGmCTQbNXwxUMNqORhNdIZltxaHFeOHzYdUUL7
GmZjd1dTCaz1rwH61Y6zILnbExs6IO+igSvcuninQ6diokGSVPJph0Yp762UbQji
daQGmHE9koqaIv1TS7p4fY6xfgT2skjety7fQj2mnAMLMmT+ofEZd0f9ZTD0YjHj
2/n1HcMJt7mzvvy+NeUpC3knQdqs4N/cfmpU1l0C2uynWNT5sYNnskgi7DcjV0rw
R+CVgf0qSWJD585YNt7lqC3it2kCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTGG6bD
zb/x53SC8tVG9iseAF+8PjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGMzY2M4NzQtMjliMC00ZjljLTkwYWEtOTA2ZmE5ZGNhMjJhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoBBXgQ
EDANBgkqhkiG9w0BAQsFAAOCAQEAZcfe6bMoGmHEUfViUGr8MoLBHanpAbcVlFGM
5PcV3NYAzXWjPVsAeK78jh4MeXSpioXjIRNVRTKxJ0xHdbj0gSnAj/oIEgQ5Zidd
oLibrEC/fo1NXjFF4oowtbIISyYNouo5QXs3I0nfEVuBJB2H0Yz56eQJA3lByK2b
RQcTvr4VsBnOMpY/wyqN5DHkfFTiGdHkdeR36twOe+wbKe67c3BHWAGPCuXq3f0E
DHOrfvZYe6A9GN1FiKEQhW1vjbpVfJ0pWTvsAdeRfoFAqsnzv+ldUSc7PNhZ43Vp
u8uytIIaFKFNCP8OICSpdmwiOPTo5iemPsIuN1rIpO3S0/Zk/Q==
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:38:21 2024 by rpki-client on console-fra.rpki-client.org