Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/44bb00cc-3dee-4cf6-8de9-2febfa0f0f6d.roa
File:                     44bb00cc-3dee-4cf6-8de9-2febfa0f0f6d.roa (raw, json)
Hash identifier:          69oL7hzqUwVupiHJXDj0j5na7Tj9HmiE6CmVLpDnp0I=
Subject key identifier:   D7:ED:DA:55:B9:39:97:95:9B:5A:53:66:3A:CB:9B:64:91:73:E6:88
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       1D3904320DD1EA6FF124FA2637B1706CF9F58F0A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/44bb00cc-3dee-4cf6-8de9-2febfa0f0f6d.roa
Signing time:             Wed 06 Sep 2023 00:00:00 +0000
ROA not before:           Wed 06 Sep 2023 00:00:00 +0000
ROA not after:            Wed 11 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.244.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Sep 2023 17:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:39:04:32:0d:d1:ea:6f:f1:24:fa:26:37:b1:70:6c:f9:f5:8f:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  6 00:00:00 2023 GMT
            Not After : Oct 11 23:59:59 2023 GMT
        Subject: serialNumber=aa00a7d998239f2da13a93fb74dcf924a5e5eb48af85a09e6c9a387c6ba8f93b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:c4:0a:8c:ad:c9:fb:70:bc:65:d8:23:e3:b9:
                    c5:60:1a:2c:d2:a3:05:7b:7f:61:ae:47:47:74:4f:
                    76:98:0c:dd:48:cb:a5:a7:83:a6:d9:cf:22:25:f3:
                    53:0b:43:b2:29:a8:f0:d7:71:ef:79:db:96:52:91:
                    18:97:15:95:e0:3d:a2:b1:a1:2d:22:97:1c:b6:70:
                    cb:83:74:92:da:b0:02:74:3d:cb:00:4c:38:fb:66:
                    2c:6d:ac:d1:4d:78:84:32:89:0d:bf:dd:96:ea:3e:
                    f7:d0:35:63:c1:39:f0:28:6c:72:06:f1:9d:53:63:
                    53:5c:28:14:96:cb:9f:91:de:82:e1:da:f1:58:f1:
                    24:4b:d2:72:4a:d5:11:cf:a1:fe:86:19:00:9b:53:
                    91:6c:49:67:f1:38:e3:06:ac:8b:9a:8b:10:ff:f4:
                    52:da:85:80:be:36:f0:dd:de:f6:70:9f:0d:1c:0c:
                    30:80:05:48:70:90:d3:f0:2e:0d:f4:ff:cb:c2:8c:
                    90:d6:06:3e:36:e4:fd:4c:20:fb:8e:40:74:b6:94:
                    18:48:dc:0d:75:59:8e:36:28:c8:75:91:a1:15:30:
                    e9:2e:b6:ff:f5:e8:e9:9c:76:62:e6:cc:63:00:48:
                    01:e7:af:17:cc:e6:1f:a5:9f:a6:dd:b2:50:f4:0f:
                    84:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:ED:DA:55:B9:39:97:95:9B:5A:53:66:3A:CB:9B:64:91:73:E6:88
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/44bb00cc-3dee-4cf6-8de9-2febfa0f0f6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.244.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         b6:c0:50:0d:18:cb:48:68:fe:86:ab:66:07:c1:93:6c:c1:0d:
         c3:ba:23:99:14:6b:77:a5:e6:ea:64:f0:d4:a9:ce:e7:8b:cc:
         13:a8:d0:d9:17:ca:10:3b:1b:58:1f:8c:93:29:41:e8:39:c6:
         e3:f5:16:45:79:b3:ab:8d:db:ee:b8:3c:ce:f7:5d:7d:61:85:
         5c:39:e0:94:f6:c5:32:56:7a:07:62:ea:b1:1f:7f:94:0f:fe:
         88:32:c9:31:07:cb:61:99:c0:97:b4:87:de:52:cb:83:72:a9:
         02:4d:45:93:69:81:b1:09:b5:fc:e6:fd:db:94:d7:a2:d9:f8:
         79:c6:d4:dc:b8:17:43:00:3a:1b:c2:2d:1a:4c:67:3b:e5:4f:
         f1:34:86:e7:00:10:26:b4:f2:dc:bc:51:df:1b:a0:7c:53:1a:
         f9:32:fe:52:87:41:6d:40:80:78:cd:b6:1d:9a:35:10:a6:0e:
         d0:66:a0:fe:57:fd:ea:9a:b0:56:a6:e2:79:76:ac:3d:3d:92:
         91:3e:0f:b9:71:51:0a:46:f7:a3:dc:82:d4:38:da:8f:2a:b7:
         93:aa:95:01:27:23:95:ac:73:ec:f3:be:8c:f1:15:8b:70:37:
         26:3f:ef:cd:28:6a:be:bf:cd:c1:de:2c:47:f7:92:b7:77:76:
         3d:42:74:9e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUHTkEMg3R6m/xJPomN7FwbPn1jwowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDYwMDAwMDBaFw0yMzEwMTEyMzU5NTlaMHoxSTBHBgNV
BAUTQGFhMDBhN2Q5OTgyMzlmMmRhMTNhOTNmYjc0ZGNmOTI0YTVlNWViNDhhZjg1
YTA5ZTZjOWEzODdjNmJhOGY5M2IxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOnECoytyftwvGXYI+O5xWAaLNKjBXt/Ya5HR3RPdpgM3UjLpaeDptnPIiXz
UwtDsimo8Ndx73nbllKRGJcVleA9orGhLSKXHLZwy4N0ktqwAnQ9ywBMOPtmLG2s
0U14hDKJDb/dluo+99A1Y8E58ChscgbxnVNjU1woFJbLn5HeguHa8VjxJEvSckrV
Ec+h/oYZAJtTkWxJZ/E44wasi5qLEP/0UtqFgL428N3e9nCfDRwMMIAFSHCQ0/Au
DfT/y8KMkNYGPjbk/Uwg+45AdLaUGEjcDXVZjjYoyHWRoRUw6S62//Xo6Zx2YubM
YwBIAeevF8zmH6Wfpt2yUPQPhPUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTX7dpV
uTmXlZtaU2Y6y5tkkXPmiDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDRiYjAwY2MtM2RlZS00Y2Y2LThkZTktMmZlYmZhMGYwZjZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATP0MA0G
CSqGSIb3DQEBCwUAA4IBAQC2wFANGMtIaP6Gq2YHwZNswQ3DuiOZFGt3pebqZPDU
qc7ni8wTqNDZF8oQOxtYH4yTKUHoOcbj9RZFebOrjdvuuDzO9119YYVcOeCU9sUy
VnoHYuqxH3+UD/6IMskxB8thmcCXtIfeUsuDcqkCTUWTaYGxCbX85v3blNei2fh5
xtTcuBdDADobwi0aTGc75U/xNIbnABAmtPLcvFHfG6B8Uxr5Mv5Sh0FtQIB4zbYd
mjUQpg7QZqD+V/3qmrBWpuJ5dqw9PZKRPg+5cVEKRvej3ILUONqPKreTqpUBJyOV
rHPs876M8RWLcDcmP+/NKGq+v83B3ixH95K3d3Y9QnSe
-----END CERTIFICATE-----
Generated at Wed Sep 6 00:20:49 2023 by rpki-client on console-fra.rpki-client.org