Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0f648163-e886-4951-999f-6a050d9c305f.roa
File:                     0f648163-e886-4951-999f-6a050d9c305f.roa (raw, json)
Hash identifier:          FtPWEUfFwEXgqQWWWVlXveu1+uZZsNvW3cYXWTSWHn0=
Subject key identifier:   B8:4D:EF:86:23:C9:D1:74:FC:46:51:D6:31:34:93:80:7A:6C:67:44
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       71F7591A801E7404676D714608AE1F55F8F97083
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0f648163-e886-4951-999f-6a050d9c305f.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.0.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:f7:59:1a:80:1e:74:04:67:6d:71:46:08:ae:1f:55:f8:f9:70:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=237fcfb5765453e0192c9710bdc1a7a102c34bb9629d50b475eef4f57c1cb531, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:8c:d0:30:14:da:1e:7d:02:4f:10:22:5d:a3:
                    82:71:53:7e:1b:3c:c9:cb:21:fd:e1:9e:90:ba:6c:
                    39:5b:28:61:15:ac:0b:42:1c:12:59:b5:7c:0d:c9:
                    d8:e4:c8:7a:36:83:a9:cf:68:d9:34:c9:68:87:99:
                    17:1e:dd:79:8f:0e:1e:b7:26:e0:cb:1c:e0:5c:60:
                    bc:f2:33:11:6a:d4:c8:b2:a4:00:36:76:28:d6:2f:
                    f7:6f:10:71:40:b0:5b:64:32:61:fa:57:d2:43:89:
                    2d:02:91:df:44:09:25:f6:9f:86:af:44:d8:3d:ce:
                    99:56:8b:8e:8c:90:74:5e:bd:71:7d:dd:d1:56:66:
                    cb:0f:ed:f4:76:74:52:b4:2a:7e:b7:e3:b0:03:81:
                    f7:f5:8c:b3:54:8b:93:4a:6a:eb:95:aa:08:81:5b:
                    10:19:1f:f4:63:67:32:d3:4d:42:19:f3:50:32:d2:
                    81:f9:2a:2b:6a:ef:18:19:65:60:38:05:6c:98:5e:
                    c1:73:d4:9e:be:74:a7:9c:06:da:79:e0:6d:53:c9:
                    5f:e4:a9:ed:01:f7:85:92:ec:4f:98:36:ee:75:fa:
                    25:79:da:2d:e4:ea:a8:76:ac:93:12:a6:92:ef:24:
                    47:5c:1f:0c:e4:80:fe:d3:3b:45:b0:d0:ff:ed:9b:
                    34:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:4D:EF:86:23:C9:D1:74:FC:46:51:D6:31:34:93:80:7A:6C:67:44
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0f648163-e886-4951-999f-6a050d9c305f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.0.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2b:68:aa:30:c8:81:f7:0e:c6:49:72:57:3d:29:0c:35:13:e0:
         3f:56:fc:02:8e:b1:c5:3f:af:35:68:88:ad:ab:65:26:5a:03:
         7f:22:69:2d:5f:23:78:b6:be:d3:41:f2:a4:a1:ce:55:56:a9:
         c1:a2:52:9a:7b:ab:a8:9d:d8:67:a9:1a:eb:27:19:49:13:67:
         49:20:e0:20:14:88:27:c0:f5:91:8e:58:33:b6:37:ce:0f:70:
         20:1d:a7:1d:17:78:cb:a6:69:fc:e3:0d:cf:68:df:c8:58:e6:
         34:0b:b5:3d:07:5f:6f:4c:0d:cd:a6:70:94:70:31:b8:2d:42:
         e0:3e:8e:4f:82:ac:1f:69:12:dd:3a:30:e2:71:83:a3:2c:4b:
         d9:93:25:44:c5:22:a4:99:a8:58:8e:60:c4:d0:2b:c6:a2:f4:
         0b:c4:01:78:2a:9a:81:78:28:31:0f:77:88:a8:25:39:bd:05:
         9b:ab:50:23:79:0b:59:80:91:2a:29:bd:f6:9e:b8:74:32:22:
         84:5e:13:8a:69:57:42:a1:17:87:a8:21:d8:66:71:37:57:f5:
         33:dd:4f:4c:af:4c:c8:8a:02:0f:0b:1b:df:aa:cb:dc:d2:10:
         4b:a9:8a:b0:5f:ca:56:c9:19:3a:52:91:c1:b1:07:14:10:e5:
         a3:1e:7b:ff
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUcfdZGoAedARnbXFGCK4fVfj5cIMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDIzN2ZjZmI1NzY1NDUzZTAxOTJjOTcxMGJkYzFhN2ExMDJjMzRiYjk2Mjlk
NTBiNDc1ZWVmNGY1N2MxY2I1MzExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKuM0DAU2h59Ak8QIl2jgnFTfhs8ycsh/eGekLpsOVsoYRWsC0IcElm1fA3J
2OTIejaDqc9o2TTJaIeZFx7deY8OHrcm4Msc4FxgvPIzEWrUyLKkADZ2KNYv928Q
cUCwW2QyYfpX0kOJLQKR30QJJfafhq9E2D3OmVaLjoyQdF69cX3d0VZmyw/t9HZ0
UrQqfrfjsAOB9/WMs1SLk0pq65WqCIFbEBkf9GNnMtNNQhnzUDLSgfkqK2rvGBll
YDgFbJhewXPUnr50p5wG2nngbVPJX+Sp7QH3hZLsT5g27nX6JXnaLeTqqHaskxKm
ku8kR1wfDOSA/tM7RbDQ/+2bNDcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS4Te+G
I8nRdPxGUdYxNJOAemxnRDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MGY2NDgxNjMtZTg4Ni00OTUxLTk5OWYtNmEwNTBkOWMzMDVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMAMA0G
CSqGSIb3DQEBCwUAA4IBAQAraKowyIH3DsZJclc9KQw1E+A/VvwCjrHFP681aIit
q2UmWgN/ImktXyN4tr7TQfKkoc5VVqnBolKae6uondhnqRrrJxlJE2dJIOAgFIgn
wPWRjlgztjfOD3AgHacdF3jLpmn84w3PaN/IWOY0C7U9B19vTA3NpnCUcDG4LULg
Po5PgqwfaRLdOjDicYOjLEvZkyVExSKkmahYjmDE0CvGovQLxAF4KpqBeCgxD3eI
qCU5vQWbq1AjeQtZgJEqKb32nrh0MiKEXhOKaVdCoReHqCHYZnE3V/Uz3U9Mr0zI
igIPCxvfqsvc0hBLqYqwX8pWyRk6UpHBsQcUEOWjHnv/
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:47:31 2023 by rpki-client on console-fra.rpki-client.org