Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dd037aef-fb5d-4fe4-8126-0957b823de58.roa
File:                     dd037aef-fb5d-4fe4-8126-0957b823de58.roa (raw, json)
Hash identifier:          Pbiklz6lI0/50D8w7PAmgaH5ZPn5VRhFYlMfFFJ20To=
Subject key identifier:   10:61:C0:E2:84:A3:F7:15:0C:54:01:AE:FE:E8:A8:6E:C1:CE:AC:3C
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6CFFC8467C2B443727C6FA38BE868CB3DC3FB337
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dd037aef-fb5d-4fe4-8126-0957b823de58.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a01:578:1100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:ff:c8:46:7c:2b:44:37:27:c6:fa:38:be:86:8c:b3:dc:3f:b3:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=caa58141e4530b7720c94de0f0b85a1ed0b97f1c31c41411a7f13a1c12a923c2, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:27:2c:49:04:0d:54:97:d4:d4:1d:f9:4f:2a:
                    7b:06:81:28:63:48:82:be:f9:9a:c0:90:78:56:e4:
                    85:fd:a9:de:8a:6c:a1:8d:10:bf:43:66:10:c7:85:
                    b2:06:6f:2b:76:6b:cc:3e:6d:da:64:d8:80:2f:74:
                    b5:79:12:58:3b:e2:c7:21:9a:9a:6b:05:91:b7:57:
                    97:d2:af:24:19:bf:ba:ea:66:10:31:13:c3:b9:0e:
                    d8:78:5e:5f:9a:59:6c:a9:ac:50:03:d4:e2:4e:ef:
                    c8:88:a7:82:9b:ee:f8:4e:83:3a:ef:17:3b:57:38:
                    f7:d7:7e:ab:a9:9f:8a:fc:28:46:51:37:7c:25:e9:
                    91:6a:bc:ac:8a:10:9b:d9:c5:da:df:76:5f:f7:ab:
                    45:fe:1f:f0:7e:b7:93:39:9d:23:fb:4d:ae:12:66:
                    d1:cd:40:00:91:55:d9:33:fe:bf:a9:cd:9d:2f:b5:
                    e2:1b:15:0a:5c:39:1d:64:c7:72:11:fa:66:3c:80:
                    b1:77:22:de:55:c8:18:40:5c:71:9f:81:c1:48:a2:
                    1a:7a:be:3b:d2:d9:8b:d8:55:7f:10:e6:08:01:77:
                    26:03:48:a1:1a:b2:98:08:31:a8:f1:9d:22:ca:21:
                    ee:6d:8e:53:f8:2b:0e:34:dd:a2:3a:64:30:10:e9:
                    8b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:61:C0:E2:84:A3:F7:15:0C:54:01:AE:FE:E8:A8:6E:C1:CE:AC:3C
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dd037aef-fb5d-4fe4-8126-0957b823de58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578:1100::/40

    Signature Algorithm: sha256WithRSAEncryption
         3a:11:5d:ab:f3:70:96:44:e4:68:7a:43:48:69:aa:46:86:8a:
         2b:78:9f:41:a5:d1:63:fb:cb:2e:0b:39:32:db:9a:5f:ac:e3:
         74:b6:c3:57:a6:57:ef:b6:9d:c2:ae:cf:36:98:2d:4f:60:d6:
         91:b6:bd:96:b4:6b:3f:56:a7:b9:14:cd:44:cb:c4:01:a8:89:
         bf:e2:e2:37:f6:87:c4:d5:8e:19:5a:1e:2c:26:e7:60:22:9d:
         78:80:fc:ca:b3:0f:e6:5d:8b:ae:7a:19:fa:21:d7:a8:b5:22:
         e6:23:da:7c:6a:2b:24:6e:c4:28:a6:1a:03:ad:69:2c:be:57:
         92:a8:d1:4d:c7:55:1f:98:18:bd:91:cd:d6:27:4f:09:47:d5:
         0f:cc:90:3b:d2:5f:2a:ab:df:09:d3:55:46:dc:74:f3:3e:88:
         07:35:1b:b2:f8:05:96:4f:df:9c:ba:eb:c7:d8:64:b4:53:f4:
         32:d9:be:b5:25:de:4f:dd:42:16:fe:b3:f6:36:d6:be:36:9f:
         ae:61:bf:d3:1a:9f:91:2c:36:ab:3b:58:7e:19:3c:6e:88:c9:
         b3:30:f3:32:9d:2c:f7:1c:5a:43:53:90:0a:f1:09:7d:cb:ed:
         11:fa:d8:25:94:38:d2:fc:84:89:18:93:5f:f0:c7:82:2e:1d:
         c6:9d:7a:de
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbP/IRnwrRDcnxvo4voaMs9w/szcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGNhYTU4MTQxZTQ1MzBiNzcyMGM5NGRlMGYwYjg1YTFlZDBiOTdmMWMzMWM0
MTQxMWE3ZjEzYTFjMTJhOTIzYzIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOcnLEkEDVSX1NQd+U8qewaBKGNIgr75msCQeFbkhf2p3opsoY0Qv0NmEMeF
sgZvK3ZrzD5t2mTYgC90tXkSWDvixyGammsFkbdXl9KvJBm/uupmEDETw7kO2Hhe
X5pZbKmsUAPU4k7vyIingpvu+E6DOu8XO1c499d+q6mfivwoRlE3fCXpkWq8rIoQ
m9nF2t92X/erRf4f8H63kzmdI/tNrhJm0c1AAJFV2TP+v6nNnS+14hsVClw5HWTH
chH6ZjyAsXci3lXIGEBccZ+BwUiiGnq+O9LZi9hVfxDmCAF3JgNIoRqymAgxqPGd
Isoh7m2OU/grDjTdojpkMBDpi7MCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQQYcDi
hKP3FQxUAa7+6Khuwc6sPDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGQwMzdhZWYtZmI1ZC00ZmU0LTgxMjYtMDk1N2I4MjNkZTU4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoBBXgR
MA0GCSqGSIb3DQEBCwUAA4IBAQA6EV2r83CWRORoekNIaapGhooreJ9BpdFj+8su
Czky25pfrON0tsNXplfvtp3Crs82mC1PYNaRtr2WtGs/Vqe5FM1Ey8QBqIm/4uI3
9ofE1Y4ZWh4sJudgIp14gPzKsw/mXYuuehn6IdeotSLmI9p8aiskbsQophoDrWks
vleSqNFNx1UfmBi9kc3WJ08JR9UPzJA70l8qq98J01VG3HTzPogHNRuy+AWWT9+c
uuvH2GS0U/Qy2b61Jd5P3UIW/rP2Nta+Np+uYb/TGp+RLDarO1h+GTxuiMmzMPMy
nSz3HFpDU5AK8Ql9y+0R+tgllDjS/ISJGJNf8MeCLh3GnXre
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:42 2024 by rpki-client on console-ams.rpki-client.org