Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/286f881c-8fa0-4200-ada2-20a0cc49038e.roa
File:                     286f881c-8fa0-4200-ada2-20a0cc49038e.roa (raw, json)
Hash identifier:          z89fFv7AAnWk/kVnNx6w+KHHBlAUNlMZsV3y3hUDYbk=
Subject key identifier:   71:5E:75:3C:88:D3:40:80:83:09:F4:A4:6E:88:D3:DF:32:7B:02:08
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       10C4450BA793DFB83800C4B1C0B4586993734859
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/286f881c-8fa0-4200-ada2-20a0cc49038e.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.166.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:c4:45:0b:a7:93:df:b8:38:00:c4:b1:c0:b4:58:69:93:73:48:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=584b7e0bd6be162b46b99c5cb8f125e06c4cb7418957078ccdae826bd3d97e01, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:16:f2:18:5f:6d:51:7c:b9:69:ca:35:7a:6f:
                    04:83:66:74:71:aa:c8:98:c3:6e:25:1a:a7:9a:13:
                    4a:86:92:0d:05:69:e2:54:bc:ab:24:31:4c:90:13:
                    58:03:98:4c:23:b7:da:c3:1c:bb:e9:d0:0b:ed:7d:
                    83:b8:bd:55:01:94:0e:9a:13:4e:37:02:51:16:46:
                    50:ef:27:b7:66:04:ee:36:ec:35:4e:d5:42:e6:99:
                    69:7d:a4:6a:a3:64:8e:0b:97:79:1e:f3:5f:5b:2e:
                    4e:06:0c:7f:2f:64:14:07:1e:2c:44:ac:07:b9:ad:
                    67:b9:28:69:b0:ae:38:13:4d:de:6b:8a:55:b9:87:
                    64:9e:22:62:23:e2:ff:f2:37:ca:3b:01:35:af:00:
                    87:eb:2b:dc:04:29:b8:b5:43:31:43:5c:e0:67:f5:
                    97:60:9d:18:fe:c8:be:0f:65:82:b4:e4:2e:9c:ba:
                    9e:7c:aa:04:f5:49:e9:fd:61:6f:0b:02:8d:a5:fc:
                    2a:04:0a:1b:55:47:ba:d0:7d:72:b9:6e:a0:4d:06:
                    5c:44:ea:69:92:c0:54:ed:7d:9e:af:d2:64:d3:56:
                    52:ad:ea:56:b3:4a:67:0d:41:56:55:36:18:21:76:
                    da:09:96:80:39:1c:0a:d2:99:07:fc:2d:32:ce:1a:
                    58:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:5E:75:3C:88:D3:40:80:83:09:F4:A4:6E:88:D3:DF:32:7B:02:08
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/286f881c-8fa0-4200-ada2-20a0cc49038e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.166.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         73:28:c1:4e:6a:81:ae:0a:13:83:92:30:78:50:ee:78:69:08:
         9e:3c:7c:bc:dd:cf:e2:7e:b9:66:4b:f4:70:0f:b8:6e:6f:22:
         69:42:86:35:f5:94:a9:d5:c3:cc:47:72:22:24:81:fa:9f:02:
         e5:19:aa:29:7a:a6:c2:6f:25:10:f1:43:04:db:f6:dd:2f:82:
         04:db:54:a0:74:54:b5:75:dd:a3:63:d7:4d:88:a7:b2:10:8f:
         a8:10:d1:77:67:fc:ee:6c:9b:e2:4f:90:04:4b:6c:44:72:7c:
         e3:ce:ae:7f:8b:31:4c:f6:73:80:70:31:68:d6:f1:3e:dd:d3:
         17:d6:0e:e3:ca:87:ac:39:d9:70:9d:a3:a7:a7:08:f4:39:99:
         3d:55:d6:a8:37:d2:af:1f:20:13:9e:f0:e7:2f:48:ba:cc:f0:
         21:c4:64:4f:b9:85:8f:11:bb:a0:6c:76:88:24:3b:98:d4:18:
         9e:49:a5:86:a7:39:f0:f5:10:8c:fd:a3:5e:b1:66:80:22:d0:
         27:e1:95:f1:43:d2:e2:41:64:e1:23:25:76:78:5a:62:cb:91:
         88:66:db:ca:a5:5d:39:d2:9c:a8:3a:4d:1e:4f:93:dc:29:5a:
         fd:c9:b4:71:d8:48:a6:eb:e0:4e:2f:d0:87:3b:d4:bc:63:5c:
         33:d0:97:25
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUEMRFC6eT37g4AMSxwLRYaZNzSFkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDU4NGI3ZTBiZDZiZTE2MmI0NmI5OWM1Y2I4ZjEyNWUwNmM0Y2I3NDE4OTU3
MDc4Y2NkYWU4MjZiZDNkOTdlMDExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANYW8hhfbVF8uWnKNXpvBINmdHGqyJjDbiUap5oTSoaSDQVp4lS8qyQxTJAT
WAOYTCO32sMcu+nQC+19g7i9VQGUDpoTTjcCURZGUO8nt2YE7jbsNU7VQuaZaX2k
aqNkjguXeR7zX1suTgYMfy9kFAceLESsB7mtZ7koabCuOBNN3muKVbmHZJ4iYiPi
//I3yjsBNa8Ah+sr3AQpuLVDMUNc4Gf1l2CdGP7Ivg9lgrTkLpy6nnyqBPVJ6f1h
bwsCjaX8KgQKG1VHutB9crluoE0GXETqaZLAVO19nq/SZNNWUq3qVrNKZw1BVlU2
GCF22gmWgDkcCtKZB/wtMs4aWG8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRxXnU8
iNNAgIMJ9KRuiNPfMnsCCDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Mjg2Zjg4MWMtOGZhMC00MjAwLWFkYTItMjBhMGNjNDkwMzhlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOmMA0G
CSqGSIb3DQEBCwUAA4IBAQBzKMFOaoGuChODkjB4UO54aQiePHy83c/ifrlmS/Rw
D7hubyJpQoY19ZSp1cPMR3IiJIH6nwLlGaopeqbCbyUQ8UME2/bdL4IE21SgdFS1
dd2jY9dNiKeyEI+oENF3Z/zubJviT5AES2xEcnzjzq5/izFM9nOAcDFo1vE+3dMX
1g7jyoesOdlwnaOnpwj0OZk9VdaoN9KvHyATnvDnL0i6zPAhxGRPuYWPEbugbHaI
JDuY1BieSaWGpznw9RCM/aNesWaAItAn4ZXxQ9LiQWThIyV2eFpiy5GIZtvKpV05
0pyoOk0eT5PcKVr9ybRx2Eim6+BOL9CHO9S8Y1wz0Jcl
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:47:31 2023 by rpki-client on console-fra.rpki-client.org