Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2fc6a253-dc60-4611-8bc0-f4b11851ccf1.roa
File:                     2fc6a253-dc60-4611-8bc0-f4b11851ccf1.roa (raw, json)
Hash identifier:          fZCX4XSMJv4hc4QIQgGohXEuol6ZIFXPDz+bs7cd4OI=
Subject key identifier:   B6:62:83:0C:F7:38:0A:06:30:9C:92:EC:48:26:F2:E2:08:40:7A:57
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       7DC6DFEA38655D1B9031F10E403BABBDAA59F329
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2fc6a253-dc60-4611-8bc0-f4b11851ccf1.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.127.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:c6:df:ea:38:65:5d:1b:90:31:f1:0e:40:3b:ab:bd:aa:59:f3:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=8a91146d60c900f394a38bc31d2e786f864e18f88d13cb64be9a5b64aa063484, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1c:d8:18:84:7d:4c:44:a3:d8:f8:c0:28:a8:
                    67:22:95:70:8c:06:c1:20:fc:ba:e6:c4:ee:f8:7f:
                    82:20:bf:95:7d:d8:45:9c:ef:19:ed:19:e5:a1:86:
                    66:92:0d:1b:94:0e:d8:58:21:86:33:ae:cb:ca:8c:
                    a9:b7:36:8b:76:6d:3a:d9:3e:ac:4b:3e:53:0b:eb:
                    ee:2c:92:0a:08:80:66:9d:9f:b4:14:ad:30:b2:29:
                    31:0d:97:64:da:ec:f2:18:5d:e5:ca:2a:5f:0f:b2:
                    d2:03:fb:f6:96:cd:b4:23:5d:7d:f8:b6:e3:be:9f:
                    2c:8c:9a:34:a7:10:37:a8:d9:ec:00:a8:cf:07:c2:
                    dd:df:79:41:c5:24:4e:55:5e:94:ea:c3:23:9e:18:
                    40:a7:41:d5:e0:08:af:8b:fb:49:9a:68:98:aa:85:
                    8d:60:68:d4:66:b2:1c:d8:df:3d:36:6b:f8:53:5b:
                    64:14:d6:9e:05:2e:58:8b:65:3c:d0:ff:ce:28:75:
                    61:ef:7c:06:d8:6c:ec:bf:0a:dd:54:42:3a:b7:cb:
                    cd:35:3b:46:a5:1f:25:5f:bd:08:66:29:c4:05:39:
                    8c:1e:98:ac:e8:59:dd:13:8f:17:72:de:f7:bb:77:
                    01:30:e0:1f:65:ce:e6:77:4b:ec:9a:7b:f6:86:ef:
                    ca:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:62:83:0C:F7:38:0A:06:30:9C:92:EC:48:26:F2:E2:08:40:7A:57
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2fc6a253-dc60-4611-8bc0-f4b11851ccf1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.127.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4d:59:3b:9c:ba:0c:bc:f5:e0:45:76:86:ff:89:14:e4:d6:07:
         eb:22:c8:5a:84:bd:13:66:38:d1:83:cb:fc:43:fd:70:5d:3e:
         a8:f0:92:77:c1:72:49:c8:7a:c8:9c:ff:f1:b5:63:78:15:02:
         ea:58:da:41:00:82:a1:0e:ff:9a:0f:65:92:ad:0c:11:1d:6f:
         83:c9:fe:5b:cf:6b:4f:cb:6a:de:c1:20:9d:ad:39:76:4b:03:
         56:cc:30:27:87:b9:21:0b:09:03:ae:0d:95:9a:77:f5:5d:6f:
         06:67:73:5d:21:1a:e0:ad:b3:58:3b:4e:6a:33:cf:f5:ce:59:
         9f:e7:27:be:6e:34:3a:a4:0c:c2:e0:27:dc:16:14:95:04:83:
         4a:40:25:23:ec:5b:9c:23:7b:e9:bf:54:c3:63:43:84:ab:b2:
         e9:c7:f9:fa:28:b6:41:dc:9c:23:33:e9:f9:eb:bb:bb:ef:1d:
         32:da:5f:b6:73:87:54:2a:13:fe:1d:ef:5e:b6:ac:72:fc:b6:
         2a:09:e5:c3:36:93:f8:62:95:bd:2b:80:3c:e9:25:9e:a2:05:
         c6:2e:86:a5:76:a7:ac:2a:ba:cc:8a:93:65:03:6a:f6:6d:b2:
         58:0e:95:06:80:fd:4a:bf:44:13:68:97:21:98:92:f5:b0:97:
         6b:25:09:af
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUfcbf6jhlXRuQMfEOQDurvapZ8ykwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDhhOTExNDZkNjBjOTAwZjM5NGEzOGJjMzFkMmU3ODZmODY0ZTE4Zjg4ZDEz
Y2I2NGJlOWE1YjY0YWEwNjM0ODQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL4c2BiEfUxEo9j4wCioZyKVcIwGwSD8uubE7vh/giC/lX3YRZzvGe0Z5aGG
ZpING5QO2FghhjOuy8qMqbc2i3ZtOtk+rEs+Uwvr7iySCgiAZp2ftBStMLIpMQ2X
ZNrs8hhd5coqXw+y0gP79pbNtCNdffi2476fLIyaNKcQN6jZ7ACozwfC3d95QcUk
TlVelOrDI54YQKdB1eAIr4v7SZpomKqFjWBo1GayHNjfPTZr+FNbZBTWngUuWItl
PND/zih1Ye98Bths7L8K3VRCOrfLzTU7RqUfJV+9CGYpxAU5jB6YrOhZ3ROPF3Le
97t3ATDgH2XO5ndL7Jp79obvyoECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS2YoMM
9zgKBjCckuxIJvLiCEB6VzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MmZjNmEyNTMtZGM2MC00NjExLThiYzAtZjRiMTE4NTFjY2YxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADN/MA0G
CSqGSIb3DQEBCwUAA4IBAQBNWTucugy89eBFdob/iRTk1gfrIshahL0TZjjRg8v8
Q/1wXT6o8JJ3wXJJyHrInP/xtWN4FQLqWNpBAIKhDv+aD2WSrQwRHW+Dyf5bz2tP
y2rewSCdrTl2SwNWzDAnh7khCwkDrg2Vmnf1XW8GZ3NdIRrgrbNYO05qM8/1zlmf
5ye+bjQ6pAzC4CfcFhSVBINKQCUj7FucI3vpv1TDY0OEq7Lpx/n6KLZB3JwjM+n5
67u77x0y2l+2c4dUKhP+He9etqxy/LYqCeXDNpP4YpW9K4A86SWeogXGLoaldqes
KrrMipNlA2r2bbJYDpUGgP1Kv0QTaJchmJL1sJdrJQmv
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:41:27 2023 by rpki-client on console-ams.rpki-client.org