Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4ed45413-5d05-4a62-b756-1f16aacf1cb3.roa
File:                     4ed45413-5d05-4a62-b756-1f16aacf1cb3.roa (raw, json)
Hash identifier:          MNEWm8OodnCiCHWRDKaUvbO8GsOH6u+haasqOBV1Rb4=
Subject key identifier:   C8:C2:B2:B2:24:2A:BC:08:41:7A:9F:2E:EC:67:34:E6:CF:5F:72:55
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       7AEF9613DDCAC2B1BCC7AFFE393DB474A6FAE010
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4ed45413-5d05-4a62-b756-1f16aacf1cb3.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.48.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Sep 2023 23:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:ef:96:13:dd:ca:c2:b1:bc:c7:af:fe:39:3d:b4:74:a6:fa:e0:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=941ced498b9ec4b619b478598e59df25752a7494ab13fdbab580a725a886b822, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:68:71:62:1e:8c:64:7a:ee:49:53:eb:56:2e:
                    83:47:df:d0:04:7a:c4:70:5d:31:83:9a:a5:d7:e5:
                    c7:3c:cc:66:0d:33:77:9a:6e:9f:e9:99:22:79:29:
                    76:ac:c2:2b:38:37:26:32:8b:8e:f7:bb:95:3a:d9:
                    5f:27:10:9b:bb:90:5e:82:b9:06:3b:9a:8a:23:ce:
                    34:98:60:70:23:7f:d0:44:dc:47:01:99:09:df:ef:
                    f7:36:b8:8a:a1:fa:4b:a9:ce:76:bb:ca:68:86:d1:
                    03:a8:bd:5d:75:cc:c8:61:48:b6:d2:2d:b0:3a:0a:
                    18:e2:1d:52:2e:39:b9:e4:b5:9e:d1:fb:b8:05:29:
                    65:20:93:46:c6:26:46:2d:21:4f:4b:9e:94:ea:39:
                    d9:b5:f6:00:ea:f7:fa:e4:6f:c0:cb:b4:e1:aa:e8:
                    e6:a2:fe:25:16:f6:4f:41:f9:51:de:e9:6c:35:8c:
                    31:b7:90:9b:bb:8d:eb:bb:76:e1:0c:d7:5e:f0:f7:
                    32:21:78:14:dc:26:b7:ac:5b:e0:f1:c3:7f:05:75:
                    95:42:8e:43:73:67:ec:7a:2e:c0:0b:4f:40:7a:19:
                    8d:a7:61:ea:f5:a4:ab:19:81:af:b4:a7:5e:72:41:
                    c5:3a:a5:0b:c3:90:0c:12:83:57:96:f5:5a:08:6a:
                    d5:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:C2:B2:B2:24:2A:BC:08:41:7A:9F:2E:EC:67:34:E6:CF:5F:72:55
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4ed45413-5d05-4a62-b756-1f16aacf1cb3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.48.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         37:20:f1:d6:08:a8:66:c5:3d:57:d8:af:53:74:1a:b9:4d:77:
         20:ab:dd:65:0e:6a:ea:60:52:fd:41:e2:33:37:e0:fd:b8:e5:
         a3:76:9c:97:75:52:c1:e1:37:7a:07:71:8d:94:54:ee:2d:b2:
         1d:18:05:6b:35:45:ba:df:f6:4d:f9:d1:e3:43:60:87:8a:35:
         b2:8a:15:25:ae:af:6d:0e:a0:73:ec:15:8e:66:6f:49:ae:26:
         68:eb:4f:42:6e:fa:9a:b2:76:70:71:bf:c3:72:7e:c2:ff:16:
         07:26:49:3d:23:97:6f:d0:a5:9a:c4:ed:5c:c6:cb:09:ce:cb:
         c2:44:b6:78:4f:0b:6a:53:6a:d6:01:a5:19:b1:18:30:42:f4:
         6f:02:b2:2e:e2:3c:ec:4a:e4:15:7f:9e:1a:11:1b:fe:51:b5:
         08:7a:96:9e:85:f4:3b:9c:c9:6c:df:a6:ef:7e:57:c8:67:c1:
         7c:ca:35:3d:73:e7:35:7e:b1:11:ae:63:3b:e6:42:eb:c1:9a:
         ea:cf:4a:a7:ed:8c:72:f7:8b:39:77:aa:b1:f6:c5:b2:62:fa:
         4a:29:b1:01:8a:f1:49:26:6d:60:1c:06:4f:45:56:f4:13:c8:
         ae:45:a6:75:d1:50:cb:f7:ed:f4:91:97:81:60:7c:88:5a:8c:
         c5:4b:cf:b2
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUeu+WE93KwrG8x6/+OT20dKb64BAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDk0MWNlZDQ5OGI5ZWM0YjYxOWI0Nzg1OThlNTlkZjI1NzUyYTc0OTRhYjEz
ZmRiYWI1ODBhNzI1YTg4NmI4MjIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANxocWIejGR67klT61Yug0ff0AR6xHBdMYOapdflxzzMZg0zd5pun+mZInkp
dqzCKzg3JjKLjve7lTrZXycQm7uQXoK5BjuaiiPONJhgcCN/0ETcRwGZCd/v9za4
iqH6S6nOdrvKaIbRA6i9XXXMyGFIttItsDoKGOIdUi45ueS1ntH7uAUpZSCTRsYm
Ri0hT0uelOo52bX2AOr3+uRvwMu04aro5qL+JRb2T0H5Ud7pbDWMMbeQm7uN67t2
4QzXXvD3MiF4FNwmt6xb4PHDfwV1lUKOQ3Nn7HouwAtPQHoZjadh6vWkqxmBr7Sn
XnJBxTqlC8OQDBKDV5b1Wghq1VUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTIwrKy
JCq8CEF6ny7sZzTmz19yVTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NGVkNDU0MTMtNWQwNS00YTYyLWI3NTYtMWYxNmFhY2YxY2IzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATMwMA0G
CSqGSIb3DQEBCwUAA4IBAQA3IPHWCKhmxT1X2K9TdBq5TXcgq91lDmrqYFL9QeIz
N+D9uOWjdpyXdVLB4Td6B3GNlFTuLbIdGAVrNUW63/ZN+dHjQ2CHijWyihUlrq9t
DqBz7BWOZm9JriZo609CbvqasnZwcb/Dcn7C/xYHJkk9I5dv0KWaxO1cxssJzsvC
RLZ4TwtqU2rWAaUZsRgwQvRvArIu4jzsSuQVf54aERv+UbUIepaehfQ7nMls36bv
flfIZ8F8yjU9c+c1frERrmM75kLrwZrqz0qn7Yxy94s5d6qx9sWyYvpKKbEBivFJ
Jm1gHAZPRVb0E8iuRaZ10VDL9+30kZeBYHyIWozFS8+y
-----END CERTIFICATE-----
Generated at Fri Sep 8 00:38:22 2023 by rpki-client on console-ams.rpki-client.org