Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0fed6a9b-dfef-4f11-831b-8067302411ff.roa
File:                     0fed6a9b-dfef-4f11-831b-8067302411ff.roa (raw, json)
Hash identifier:          1D9wxCB5xlIvn1/C6wr5KHpShykxnIQ4Hl2R+kwdl/k=
Subject key identifier:   DA:9E:D6:40:E9:5E:DD:E8:67:92:D0:69:E2:86:5E:51:15:10:90:84
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       7FD3F0EED790527DB72C8C8E6407E5FB2092D932
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0fed6a9b-dfef-4f11-831b-8067302411ff.roa
Signing time:             Mon 18 Sep 2023 00:00:00 +0000
ROA not before:           Mon 18 Sep 2023 00:00:00 +0000
ROA not after:            Mon 23 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        83.118.228.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 19 Sep 2023 14:22:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:d3:f0:ee:d7:90:52:7d:b7:2c:8c:8e:64:07:e5:fb:20:92:d9:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 18 00:00:00 2023 GMT
            Not After : Oct 23 23:59:59 2023 GMT
        Subject: serialNumber=cb900ce85fe34bfea4633687bc123a9a06d08b61f3b448e8c2a7298668bb2a6a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3c:69:35:82:21:e9:57:f5:79:2a:18:49:24:
                    a5:b9:85:90:b4:c5:66:a5:b1:13:3d:8f:a7:62:6d:
                    a4:76:ae:91:47:7b:55:ab:c0:e2:6e:51:f3:bd:f6:
                    cf:7d:b0:98:fa:2e:e7:23:54:99:86:15:98:4f:40:
                    c9:cd:d2:f0:c0:1f:1e:03:ff:7c:4b:31:a1:dd:2b:
                    82:24:17:c8:6a:91:62:69:8c:54:6f:ca:41:39:a7:
                    d9:f0:9e:5e:d1:fa:c1:e6:2a:1f:7a:47:85:b3:91:
                    82:0a:8f:3a:82:6a:3b:a8:d5:06:63:d4:d2:9d:05:
                    b6:d1:88:21:f5:4e:af:b1:04:1f:9c:dd:d6:14:d4:
                    79:7f:b5:3e:d1:07:9d:f9:2a:0a:b4:60:8f:67:57:
                    7d:9a:96:b1:84:07:d6:58:d0:ff:ee:e7:a2:4c:b0:
                    13:9d:10:1c:b3:75:bc:0c:b9:28:3a:ce:14:0a:54:
                    05:bb:4a:82:e6:de:09:b8:34:02:c8:8a:69:8f:b5:
                    dd:7a:a2:25:24:57:09:21:81:cc:ab:7d:7c:ed:02:
                    ec:d0:a8:da:24:9e:58:7f:c6:24:27:ae:9e:76:22:
                    a3:21:5b:7d:34:d6:ae:04:ef:30:0d:c8:35:21:43:
                    e4:3b:c2:84:f2:f3:12:38:45:40:96:f7:13:0e:f0:
                    17:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:9E:D6:40:E9:5E:DD:E8:67:92:D0:69:E2:86:5E:51:15:10:90:84
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0fed6a9b-dfef-4f11-831b-8067302411ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.118.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:45:e4:04:b2:60:c2:8d:7a:9a:14:c4:d9:10:b8:75:94:35:
         ba:f3:c8:53:93:d2:99:39:a9:44:1b:2a:67:f5:eb:40:32:7e:
         71:b1:f7:cc:47:7f:67:8c:85:a8:23:a2:9b:94:4e:5b:c9:38:
         d4:3d:cb:7a:4d:17:aa:35:87:7f:46:93:0a:03:dd:45:34:b5:
         ff:d0:52:29:b8:d5:89:ed:b0:6d:6d:4a:bf:4b:5e:7e:25:dc:
         9b:95:84:2e:3e:22:77:6c:d4:f3:4f:55:38:c3:93:f0:15:e4:
         a9:57:a1:2f:cc:44:c1:d9:b4:9a:85:5e:a7:dd:9f:5d:e1:90:
         c5:b1:28:dc:af:45:28:3d:31:71:c0:64:d1:05:19:5d:39:f9:
         72:3a:b9:99:07:05:0b:1a:83:3d:6f:e1:c2:eb:b8:a9:a3:54:
         f1:b0:d0:19:62:a7:99:0e:3b:ab:69:12:7f:6f:3f:9e:e0:8d:
         6d:4c:5a:76:2b:7a:f0:22:72:63:67:9a:87:51:68:1f:d6:e1:
         dc:ac:06:77:34:be:8d:70:24:c3:af:82:f1:a0:df:2f:16:a3:
         7f:b9:68:f0:e3:78:80:57:48:14:1d:1e:cc:54:50:0b:c7:99:
         be:e7:26:03:aa:05:f3:56:75:35:e6:63:c1:38:3d:1a:3d:6c:
         eb:50:b0:62
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUf9Pw7teQUn23LIyOZAfl+yCS2TIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MTgwMDAwMDBaFw0yMzEwMjMyMzU5NTlaMHoxSTBHBgNV
BAUTQGNiOTAwY2U4NWZlMzRiZmVhNDYzMzY4N2JjMTIzYTlhMDZkMDhiNjFmM2I0
NDhlOGMyYTcyOTg2NjhiYjJhNmExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKI8aTWCIelX9XkqGEkkpbmFkLTFZqWxEz2Pp2JtpHaukUd7VavA4m5R8732
z32wmPou5yNUmYYVmE9Ayc3S8MAfHgP/fEsxod0rgiQXyGqRYmmMVG/KQTmn2fCe
XtH6weYqH3pHhbORggqPOoJqO6jVBmPU0p0FttGIIfVOr7EEH5zd1hTUeX+1PtEH
nfkqCrRgj2dXfZqWsYQH1ljQ/+7nokywE50QHLN1vAy5KDrOFApUBbtKgubeCbg0
AsiKaY+13XqiJSRXCSGBzKt9fO0C7NCo2iSeWH/GJCeunnYioyFbfTTWrgTvMA3I
NSFD5DvChPLzEjhFQJb3Ew7wF2cCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTantZA
6V7d6GeS0Gnihl5RFRCQhDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MGZlZDZhOWItZGZlZi00ZjExLTgzMWItODA2NzMwMjQxMWZmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlN25DAN
BgkqhkiG9w0BAQsFAAOCAQEAk0XkBLJgwo16mhTE2RC4dZQ1uvPIU5PSmTmpRBsq
Z/XrQDJ+cbH3zEd/Z4yFqCOim5ROW8k41D3Lek0XqjWHf0aTCgPdRTS1/9BSKbjV
ie2wbW1Kv0tefiXcm5WELj4id2zU809VOMOT8BXkqVehL8xEwdm0moVep92fXeGQ
xbEo3K9FKD0xccBk0QUZXTn5cjq5mQcFCxqDPW/hwuu4qaNU8bDQGWKnmQ47q2kS
f28/nuCNbUxadit68CJyY2eah1FoH9bh3KwGdzS+jXAkw6+C8aDfLxajf7lo8ON4
gFdIFB0ezFRQC8eZvucmA6oF81Z1NeZjwTg9Gj1s61CwYg==
-----END CERTIFICATE-----
Generated at Mon Sep 18 16:16:57 2023 by rpki-client on console-fra.rpki-client.org