Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dd037aef-fb5d-4fe4-8126-0957b823de58.roa
File:                     dd037aef-fb5d-4fe4-8126-0957b823de58.roa (raw, json)
Hash identifier:          k9YSWl4SNQnqt0Bf71xXJ3dFxAlQ/aM7YItTrjgSoG8=
Subject key identifier:   1C:CE:22:D7:10:F0:CF:D6:12:36:59:FC:EB:D9:97:0B:39:1B:9E:EA
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       21898036B4961E50E975BE757FEF0862A32C4A86
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dd037aef-fb5d-4fe4-8126-0957b823de58.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a01:578:1100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:89:80:36:b4:96:1e:50:e9:75:be:75:7f:ef:08:62:a3:2c:4a:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=72b4385de60ebc9f35b9b6a3b38c78845164a9a3b6a83a238f511426d778e2f9, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:3c:35:3d:54:ed:6e:fa:2a:5b:ae:83:f4:25:
                    83:16:46:04:29:36:25:7b:7e:a7:92:ef:9d:dd:d8:
                    96:4e:1b:3b:eb:9a:f6:e8:18:ce:92:32:a6:cb:c1:
                    34:f0:f9:78:1d:01:25:55:eb:dc:56:a3:12:00:5a:
                    f8:a4:26:24:d2:15:bc:04:4f:b9:ee:7c:33:63:7e:
                    91:da:94:3f:68:e9:aa:d9:b3:bc:ba:e8:7e:80:39:
                    40:3e:f4:89:0e:9a:0b:58:45:ce:65:f6:27:08:3c:
                    b5:92:1e:82:0b:cc:61:5a:43:e3:16:21:93:87:36:
                    3b:f7:e1:25:61:d2:ff:74:3e:d3:e6:51:77:b2:c1:
                    d9:c4:ed:23:af:b2:a6:1d:1e:63:c4:6a:d3:f7:e2:
                    83:ae:59:69:a6:6c:bc:7b:8b:62:07:52:dc:93:96:
                    24:ce:06:ae:b1:7c:ff:de:91:c6:64:ce:17:68:ff:
                    0b:0b:8f:19:bd:78:bd:29:b9:47:ea:e5:a1:5f:aa:
                    f8:39:0a:9b:7a:43:05:53:98:1c:d5:f0:3f:26:3d:
                    da:91:8f:ed:c7:37:93:23:7d:c8:0c:53:b4:81:f4:
                    af:60:4c:87:40:64:a8:a1:f4:bc:b5:ab:c8:4c:26:
                    46:84:37:f3:71:66:5d:fa:13:1b:4f:86:7f:18:bb:
                    34:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:CE:22:D7:10:F0:CF:D6:12:36:59:FC:EB:D9:97:0B:39:1B:9E:EA
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dd037aef-fb5d-4fe4-8126-0957b823de58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578:1100::/40

    Signature Algorithm: sha256WithRSAEncryption
         06:28:b1:38:ba:b3:1d:36:96:19:3d:df:af:e9:09:78:01:cc:
         b1:6a:ba:00:0b:bb:7a:82:c2:9a:5c:54:52:c1:60:3f:d7:a2:
         44:83:fe:f7:07:a7:e9:69:8d:c4:94:5b:89:ec:ad:96:f2:c0:
         7f:25:04:6e:0c:2f:58:9a:73:38:b7:fe:c9:6c:cf:8f:f2:94:
         ee:54:fc:d5:90:7b:61:50:8d:cf:26:db:60:dd:fc:70:26:51:
         44:ab:f5:d3:c4:31:1f:94:18:99:72:01:71:fc:c3:fc:f9:f4:
         bf:11:3c:29:89:ad:ed:85:95:e4:ad:f8:7d:70:54:1a:3a:02:
         df:cd:1c:b3:82:80:dc:5c:cd:73:c7:f1:50:67:6f:aa:c4:51:
         be:8c:67:2e:b3:0f:83:c5:c6:0c:77:0f:dd:82:b5:ef:d4:4a:
         92:3b:48:a2:bf:9e:17:eb:ab:ff:56:d8:e8:86:c0:73:6e:19:
         2f:36:96:a1:16:a3:29:e7:f8:a3:5e:8d:7c:be:99:ee:e8:27:
         26:78:c6:0b:54:44:c1:92:cc:90:58:ed:86:fc:6f:80:2e:93:
         24:b6:8a:8f:43:80:6e:f0:59:f3:7d:f8:53:e0:0e:07:4a:63:
         a9:22:3e:00:de:65:75:58:e8:08:83:9a:fc:0e:fe:cc:5b:1a:
         2e:e7:f9:65
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIYmANrSWHlDpdb51f+8IYqMsSoYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDcyYjQzODVkZTYwZWJjOWYzNWI5YjZhM2IzOGM3ODg0NTE2NGE5YTNiNmE4
M2EyMzhmNTExNDI2ZDc3OGUyZjkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKs8NT1U7W76Kluug/QlgxZGBCk2JXt+p5Lvnd3Ylk4bO+ua9ugYzpIypsvB
NPD5eB0BJVXr3FajEgBa+KQmJNIVvARPue58M2N+kdqUP2jpqtmzvLrofoA5QD70
iQ6aC1hFzmX2Jwg8tZIeggvMYVpD4xYhk4c2O/fhJWHS/3Q+0+ZRd7LB2cTtI6+y
ph0eY8Rq0/fig65ZaaZsvHuLYgdS3JOWJM4GrrF8/96RxmTOF2j/CwuPGb14vSm5
R+rloV+q+DkKm3pDBVOYHNXwPyY92pGP7cc3kyN9yAxTtIH0r2BMh0BkqKH0vLWr
yEwmRoQ383FmXfoTG0+Gfxi7NK8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQcziLX
EPDP1hI2Wfzr2ZcLORue6jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGQwMzdhZWYtZmI1ZC00ZmU0LTgxMjYtMDk1N2I4MjNkZTU4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoBBXgR
MA0GCSqGSIb3DQEBCwUAA4IBAQAGKLE4urMdNpYZPd+v6Ql4AcyxaroAC7t6gsKa
XFRSwWA/16JEg/73B6fpaY3ElFuJ7K2W8sB/JQRuDC9YmnM4t/7JbM+P8pTuVPzV
kHthUI3PJttg3fxwJlFEq/XTxDEflBiZcgFx/MP8+fS/ETwpia3thZXkrfh9cFQa
OgLfzRyzgoDcXM1zx/FQZ2+qxFG+jGcusw+DxcYMdw/dgrXv1EqSO0iiv54X66v/
VtjohsBzbhkvNpahFqMp5/ijXo18vpnu6CcmeMYLVETBksyQWO2G/G+ALpMktoqP
Q4Bu8FnzffhT4A4HSmOpIj4A3mV1WOgIg5r8Dv7MWxou5/ll
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:47:32 2023 by rpki-client on console-fra.rpki-client.org