Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0cdce43b-0ed9-46d0-bf13-e6d99a26e097.roa
File:                     0cdce43b-0ed9-46d0-bf13-e6d99a26e097.roa (raw, json)
Hash identifier:          A4QWyx/ZH+FInvS8IHCjYAfOJ8Jl+G9/9lo/BvW54TA=
Subject key identifier:   F3:14:81:4D:1C:73:BB:65:42:1D:60:55:89:C7:28:B9:F8:CF:04:18
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       55DE1CFFE8317973E87E62729CEB9C63224BC9E1
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0cdce43b-0ed9-46d0-bf13-e6d99a26e097.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        193.57.170.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:de:1c:ff:e8:31:79:73:e8:7e:62:72:9c:eb:9c:63:22:4b:c9:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=2055403b8ff36d9ada1cd579429545372cd4f853460ee4292059a282f0fd3ade, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:7a:74:88:ae:45:d8:a6:89:4f:e2:5e:30:10:
                    9a:48:a9:d0:9c:05:b3:47:07:5c:d3:1c:98:cd:a8:
                    ba:a3:d0:c4:d7:31:89:40:ff:ba:c6:c9:1a:9f:00:
                    83:5e:9a:85:b7:8d:ee:15:c9:ea:8d:1c:11:07:12:
                    99:a3:9d:d5:8a:a4:f9:e5:4d:c9:12:53:ca:ae:d8:
                    d2:5c:07:43:93:80:06:1e:17:aa:49:a9:53:8d:41:
                    9b:2f:90:3b:54:60:e7:b8:70:44:ec:ec:b0:ab:68:
                    36:96:85:6a:5a:e9:a1:6f:0e:79:32:97:ee:f3:63:
                    86:95:13:dd:20:a5:af:9a:ee:a2:a1:86:b1:9f:ff:
                    6f:4a:5b:72:f9:49:1e:36:cf:78:5e:d8:c5:e3:8f:
                    4f:1f:91:29:a7:15:57:97:4d:e6:59:5e:52:6d:2b:
                    3f:18:4f:eb:a1:ac:fb:f2:3e:40:fd:e7:81:a6:39:
                    65:d8:83:06:3c:ec:81:a5:55:c5:fb:c6:7a:06:75:
                    41:bd:19:59:3d:ec:39:c4:06:85:3e:97:03:bf:b5:
                    23:5e:09:a7:bb:73:35:a9:9c:97:14:9b:13:c6:61:
                    21:73:ba:bf:b2:23:b3:f1:c1:5f:34:dd:11:0d:73:
                    c1:3f:33:3f:16:c7:0b:4f:17:7b:18:cc:9c:f5:5b:
                    5a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:14:81:4D:1C:73:BB:65:42:1D:60:55:89:C7:28:B9:F8:CF:04:18
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0cdce43b-0ed9-46d0-bf13-e6d99a26e097.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:19:cf:4a:b1:ff:60:73:0f:c5:bc:4c:1f:2f:14:68:4b:40:
         16:60:a6:e6:d3:60:8a:3c:71:df:2d:84:0b:41:4d:88:65:57:
         99:aa:cf:39:f8:49:37:9e:29:60:7f:14:6d:65:e3:69:ac:1e:
         1c:6f:f6:01:b7:ff:04:c2:14:39:bb:6b:5b:fd:a3:48:23:f0:
         5a:df:e9:cf:26:4f:13:10:43:a2:9d:da:e0:27:2d:5f:ea:9f:
         f9:1f:b4:b8:43:db:18:94:8e:7e:17:a3:db:b6:98:12:df:ba:
         f7:5a:79:75:4f:c8:9e:ff:c0:9f:4d:35:d2:94:39:f6:9c:e9:
         09:cd:53:d4:3a:e8:39:43:1d:a7:78:81:80:bd:ec:db:1d:04:
         6c:52:34:6b:f0:d2:a4:a3:68:e2:22:a9:25:38:1e:b5:cb:6c:
         36:cd:71:d6:00:73:b6:3c:fa:16:a2:e0:3e:ec:d7:c2:18:07:
         4f:ac:98:82:cf:dd:a8:0e:b7:1d:2a:7a:45:a6:3c:18:83:df:
         a9:01:a8:e7:73:33:f5:94:e4:1e:e8:a2:35:44:6b:cb:da:2e:
         9a:ad:84:dc:e7:92:71:25:db:cc:1e:77:37:63:42:0e:a4:f1:
         1d:d7:86:bd:ab:b2:4d:9b:9c:be:86:d7:57:e9:07:36:f0:ca:
         f0:e4:80:f8
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUVd4c/+gxeXPofmJynOucYyJLyeEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDIwNTU0MDNiOGZmMzZkOWFkYTFjZDU3OTQyOTU0NTM3MmNkNGY4NTM0NjBl
ZTQyOTIwNTlhMjgyZjBmZDNhZGUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALV6dIiuRdimiU/iXjAQmkip0JwFs0cHXNMcmM2ouqPQxNcxiUD/usbJGp8A
g16ahbeN7hXJ6o0cEQcSmaOd1Yqk+eVNyRJTyq7Y0lwHQ5OABh4XqkmpU41Bmy+Q
O1Rg57hwROzssKtoNpaFalrpoW8OeTKX7vNjhpUT3SClr5ruoqGGsZ//b0pbcvlJ
HjbPeF7YxeOPTx+RKacVV5dN5lleUm0rPxhP66Gs+/I+QP3ngaY5ZdiDBjzsgaVV
xfvGegZ1Qb0ZWT3sOcQGhT6XA7+1I14Jp7tzNamclxSbE8ZhIXO6v7Ijs/HBXzTd
EQ1zwT8zPxbHC08XexjMnPVbWiUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTzFIFN
HHO7ZUIdYFWJxyi5+M8EGDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MGNkY2U0M2ItMGVkOS00NmQwLWJmMTMtZTZkOTlhMjZlMDk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcE5qjAN
BgkqhkiG9w0BAQsFAAOCAQEAYhnPSrH/YHMPxbxMHy8UaEtAFmCm5tNgijxx3y2E
C0FNiGVXmarPOfhJN54pYH8UbWXjaaweHG/2Abf/BMIUObtrW/2jSCPwWt/pzyZP
ExBDop3a4CctX+qf+R+0uEPbGJSOfhej27aYEt+691p5dU/Inv/An0010pQ59pzp
Cc1T1DroOUMdp3iBgL3s2x0EbFI0a/DSpKNo4iKpJTgetctsNs1x1gBztjz6FqLg
PuzXwhgHT6yYgs/dqA63HSp6RaY8GIPfqQGo53Mz9ZTkHuiiNURry9oumq2E3OeS
cSXbzB53N2NCDqTxHdeGvauyTZucvobXV+kHNvDK8OSA+A==
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:41:27 2023 by rpki-client on console-ams.rpki-client.org