Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5112f144-85b1-4c62-8729-84d86ff353a1.roa
File:                     5112f144-85b1-4c62-8729-84d86ff353a1.roa (raw, json)
Hash identifier:          b5OXUQA4GNNwO+/1CoFpaVSbHKg80nVc94ZpQttZrKg=
Subject key identifier:   B8:D2:0A:9C:E9:1E:B5:E0:01:20:30:A8:DD:30:C6:BA:89:90:2D:9D
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       498FB51D4C12C74C672EC6D6383530A49E7CAF9A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5112f144-85b1-4c62-8729-84d86ff353a1.roa
Signing time:             Wed 06 Sep 2023 00:00:00 +0000
ROA not before:           Wed 06 Sep 2023 00:00:00 +0000
ROA not after:            Wed 11 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        84.48.128.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Sep 2023 17:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:8f:b5:1d:4c:12:c7:4c:67:2e:c6:d6:38:35:30:a4:9e:7c:af:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  6 00:00:00 2023 GMT
            Not After : Oct 11 23:59:59 2023 GMT
        Subject: serialNumber=735d3c83a96ecca87bb220c32ecaf79a75d48c7174ec5c0a02f1c02713bf967a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a9:f7:64:a9:60:e8:5d:52:28:40:c5:4b:f7:
                    fc:5c:de:e5:cf:b5:3b:49:1c:99:3d:94:86:3b:f3:
                    01:58:87:29:dd:fc:af:0b:a6:e7:c7:c9:f7:ad:24:
                    0d:43:4d:1d:fd:b9:3e:93:1c:08:e5:f8:8e:91:29:
                    66:35:e3:76:77:47:75:c2:38:96:2b:55:81:c5:b2:
                    ee:fc:f9:1e:70:99:cf:62:2d:52:52:d4:dc:ec:b0:
                    3d:48:17:ff:66:48:17:86:54:b2:7e:29:c3:04:db:
                    76:52:a9:c1:96:18:fe:20:5e:b8:88:0a:ad:60:94:
                    ae:51:9d:34:17:5c:b0:e1:46:9a:e7:50:76:09:a5:
                    dc:96:51:84:17:02:ba:b1:f1:3e:b9:b4:40:d9:f8:
                    77:bb:9d:53:bf:3e:b9:22:39:7c:48:c1:13:66:15:
                    b0:ac:85:3c:d6:00:81:75:4f:38:a9:39:51:5a:a8:
                    5b:f4:f0:30:c6:54:c0:e4:3e:9e:84:15:56:c8:c0:
                    ba:81:0e:a0:98:8c:b4:0b:20:82:f7:bf:50:0d:69:
                    22:bb:63:37:ba:be:7f:d9:e3:fc:03:b8:85:89:f2:
                    4b:c3:18:35:f4:2d:71:4e:af:20:63:6f:94:58:e2:
                    ea:ee:d1:38:7b:4a:71:50:24:22:2c:ad:21:3f:12:
                    cb:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:D2:0A:9C:E9:1E:B5:E0:01:20:30:A8:DD:30:C6:BA:89:90:2D:9D
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5112f144-85b1-4c62-8729-84d86ff353a1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.48.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         4d:7e:5f:96:98:8a:49:5b:d3:9e:10:09:8e:28:a5:4e:a8:33:
         ff:a2:5d:79:0a:5d:96:32:c5:07:c9:23:14:6e:1b:70:21:e2:
         c3:1f:a6:96:ba:cc:56:c6:55:db:58:5c:0f:a9:65:1f:00:b7:
         bc:8e:fb:d6:09:18:3d:b8:b8:17:7e:fd:fb:03:42:7c:10:19:
         10:16:f2:b8:bd:f3:f6:2f:ad:8e:57:9f:2b:e8:db:ad:32:01:
         2d:a2:0b:92:41:38:fb:05:5a:77:8f:63:89:1c:b1:b8:d0:af:
         2a:30:dd:6c:06:75:cf:3e:4f:78:5a:fe:f8:66:36:00:f8:44:
         b4:86:12:d9:4b:bc:84:e3:4a:c6:a1:87:fa:f4:ae:f5:8b:bb:
         aa:75:3d:4a:9b:b1:f3:a0:66:13:01:a7:2e:57:85:29:65:ef:
         09:9a:bc:ab:84:a3:69:47:11:94:f0:87:0f:71:c6:55:44:55:
         ea:d9:71:66:9b:26:26:7a:56:e2:3e:0f:49:00:aa:23:ee:cd:
         b7:e9:28:2a:0c:db:3b:2e:c7:63:a2:9b:c2:57:c0:50:0a:5f:
         d1:15:67:89:29:77:e9:3e:2f:d7:18:18:de:58:10:d2:e0:d8:
         a3:8c:40:13:24:71:01:13:67:4f:6e:57:7f:32:76:23:31:0c:
         c0:bc:39:33
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUSY+1HUwSx0xnLsbWODUwpJ58r5owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDYwMDAwMDBaFw0yMzEwMTEyMzU5NTlaMHoxSTBHBgNV
BAUTQDczNWQzYzgzYTk2ZWNjYTg3YmIyMjBjMzJlY2FmNzlhNzVkNDhjNzE3NGVj
NWMwYTAyZjFjMDI3MTNiZjk2N2ExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM6p92SpYOhdUihAxUv3/Fze5c+1O0kcmT2UhjvzAViHKd38rwum58fJ960k
DUNNHf25PpMcCOX4jpEpZjXjdndHdcI4litVgcWy7vz5HnCZz2ItUlLU3OywPUgX
/2ZIF4ZUsn4pwwTbdlKpwZYY/iBeuIgKrWCUrlGdNBdcsOFGmudQdgml3JZRhBcC
urHxPrm0QNn4d7udU78+uSI5fEjBE2YVsKyFPNYAgXVPOKk5UVqoW/TwMMZUwOQ+
noQVVsjAuoEOoJiMtAsggve/UA1pIrtjN7q+f9nj/AO4hYnyS8MYNfQtcU6vIGNv
lFji6u7ROHtKcVAkIiytIT8Sy5kCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBS40gqc
6R614AEgMKjdMMa6iZAtnTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NTExMmYxNDQtODViMS00YzYyLTg3MjktODRkODZmZjM1M2ExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB1QwgDAN
BgkqhkiG9w0BAQsFAAOCAQEATX5flpiKSVvTnhAJjiilTqgz/6JdeQpdljLFB8kj
FG4bcCHiwx+mlrrMVsZV21hcD6llHwC3vI771gkYPbi4F379+wNCfBAZEBbyuL3z
9i+tjlefK+jbrTIBLaILkkE4+wVad49jiRyxuNCvKjDdbAZ1zz5PeFr++GY2APhE
tIYS2Uu8hONKxqGH+vSu9Yu7qnU9Spux86BmEwGnLleFKWXvCZq8q4SjaUcRlPCH
D3HGVURV6tlxZpsmJnpW4j4PSQCqI+7Nt+koKgzbOy7HY6KbwlfAUApf0RVniSl3
6T4v1xgY3lgQ0uDYo4xAEyRxARNnT25XfzJ2IzEMwLw5Mw==
-----END CERTIFICATE-----
Generated at Wed Sep 6 00:20:49 2023 by rpki-client on console-fra.rpki-client.org