Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
File:                     397b5a86-52b0-4a8c-87de-e6da77812b46.roa (raw, json)
Hash identifier:          Z8zOUqyNmGnnDbKsDSo7lBor2aaKN+sGh7uyfXh6ZEs=
Subject key identifier:   EC:F9:41:11:12:9F:7C:75:A2:C3:07:C0:98:F7:5E:F6:A3:D4:7D:63
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       69D98C3EDFEEDB416129C4084384ED7263FF3994
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.248.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:d9:8c:3e:df:ee:db:41:61:29:c4:08:43:84:ed:72:63:ff:39:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=fa131bde6a0039b9bc5356ab107a64e0068bfc16f807390a14fbbaf8f36ad32b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:3b:90:aa:2f:a1:c3:5b:af:0e:59:e3:20:dd:
                    57:5c:0e:42:6d:99:d7:8b:23:81:e1:10:be:0d:b3:
                    7a:e3:03:cb:07:44:9f:26:1c:5d:45:5b:5e:c3:da:
                    88:cc:e4:f3:53:ca:e5:ef:86:fa:4d:1a:a0:37:4d:
                    bb:7d:5f:bf:3d:39:3d:d3:4a:28:0c:45:f6:23:09:
                    2e:b4:51:89:d2:05:41:1d:41:28:d7:b6:d3:b9:ac:
                    33:82:58:37:ef:31:02:51:8d:9e:a9:b1:0c:4f:4b:
                    4f:d4:8e:e2:28:3f:a8:d6:36:65:a8:76:d6:78:66:
                    de:8c:65:2c:e5:fc:48:fe:19:27:0a:ca:86:e7:76:
                    ee:86:2c:e3:46:7d:02:64:0f:9c:17:e0:ab:c8:4c:
                    4b:0e:09:11:d7:bc:8b:e3:ec:e4:a1:28:ae:84:cd:
                    da:46:f1:25:ab:a8:f3:2e:95:89:53:48:fd:72:d4:
                    62:60:ca:57:78:1f:a9:31:82:6c:54:f9:cd:b8:57:
                    04:2b:82:fd:80:57:37:d4:d9:1a:fd:b6:9b:04:46:
                    5c:48:26:3c:41:98:3b:d2:70:b7:db:9f:33:1c:20:
                    f4:b8:c9:a2:9f:f8:2f:23:de:7d:2d:dd:44:a5:ea:
                    9f:dc:49:35:37:ab:f9:a9:cd:cf:a5:1f:54:a8:2a:
                    49:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:F9:41:11:12:9F:7C:75:A2:C3:07:C0:98:F7:5E:F6:A3:D4:7D:63
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.248.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         59:5b:e6:fe:10:12:ec:fc:ef:cc:80:62:db:34:ef:46:7e:54:
         c8:59:84:a3:0e:b0:b2:60:91:a7:45:9a:00:29:9f:b0:0b:f2:
         2b:d5:70:20:a8:cd:dc:c7:ec:c0:4b:f1:a0:dc:34:aa:76:0d:
         f2:76:68:b5:2a:49:9b:41:94:9f:d3:7e:ea:92:ce:85:f0:6d:
         88:a4:8b:70:ff:27:0e:ab:fb:01:5b:50:66:9a:e1:6b:16:f9:
         2a:33:6c:a2:28:86:ff:57:32:ed:48:a0:96:de:74:42:c5:8b:
         04:7a:28:e1:62:b8:ce:fa:3e:a8:c7:66:71:cf:0d:ef:0c:fc:
         c5:c2:87:35:ea:6a:33:58:99:34:6c:83:b8:4d:44:b2:bb:d4:
         13:45:2a:85:dc:15:01:8b:84:5f:e8:e3:94:f9:7f:20:2a:f0:
         2f:66:28:70:a6:52:b8:56:d2:07:7f:0f:d6:a1:9f:23:16:90:
         92:3d:35:4f:97:75:46:f5:5a:32:e2:b5:2c:26:3d:b9:8f:b1:
         31:92:89:91:b1:68:52:5e:95:ba:26:72:cc:f2:ac:dc:2d:e0:
         e6:5b:76:39:f2:77:d8:d4:1a:65:15:ea:dd:3e:12:f7:95:4f:
         fe:98:1b:46:ec:ac:6b:62:06:8b:c0:ef:dc:a8:cf:39:b7:01:
         b9:8e:1e:ba
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUadmMPt/u20FhKcQIQ4TtcmP/OZQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQGZhMTMxYmRlNmEwMDM5YjliYzUzNTZhYjEwN2E2NGUwMDY4YmZjMTZmODA3
MzkwYTE0ZmJiYWY4ZjM2YWQzMmIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMo7kKovocNbrw5Z4yDdV1wOQm2Z14sjgeEQvg2zeuMDywdEnyYcXUVbXsPa
iMzk81PK5e+G+k0aoDdNu31fvz05PdNKKAxF9iMJLrRRidIFQR1BKNe207msM4JY
N+8xAlGNnqmxDE9LT9SO4ig/qNY2Zah21nhm3oxlLOX8SP4ZJwrKhud27oYs40Z9
AmQPnBfgq8hMSw4JEde8i+Ps5KEoroTN2kbxJauo8y6ViVNI/XLUYmDKV3gfqTGC
bFT5zbhXBCuC/YBXN9TZGv22mwRGXEgmPEGYO9Jwt9ufMxwg9LjJop/4LyPefS3d
RKXqn9xJNTer+anNz6UfVKgqSe0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTs+UER
Ep98daLDB8CY9172o9R9YzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Mzk3YjVhODYtNTJiMC00YThjLTg3ZGUtZTZkYTc3ODEyYjQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATP4MA0G
CSqGSIb3DQEBCwUAA4IBAQBZW+b+EBLs/O/MgGLbNO9GflTIWYSjDrCyYJGnRZoA
KZ+wC/Ir1XAgqM3cx+zAS/Gg3DSqdg3ydmi1KkmbQZSf037qks6F8G2IpItw/ycO
q/sBW1BmmuFrFvkqM2yiKIb/VzLtSKCW3nRCxYsEeijhYrjO+j6ox2Zxzw3vDPzF
woc16mozWJk0bIO4TUSyu9QTRSqF3BUBi4Rf6OOU+X8gKvAvZihwplK4VtIHfw/W
oZ8jFpCSPTVPl3VG9Voy4rUsJj25j7ExkomRsWhSXpW6JnLM8qzcLeDmW3Y58nfY
1BplFerdPhL3lU/+mBtG7KxrYgaLwO/cqM85twG5jh66
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:47:31 2023 by rpki-client on console-fra.rpki-client.org