Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/52763e98-2920-46fc-8dad-f7cba491e994.roa
File:                     52763e98-2920-46fc-8dad-f7cba491e994.roa (raw, json)
Hash identifier:          OgGxB4Jc8ouUDQteVfjDvCnAsAu3qssb2oKGTjJu/zw=
Subject key identifier:   FA:46:C7:86:53:BE:97:CA:ED:EE:E4:F5:24:69:D9:75:18:7C:6B:29
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       69BE5BA68A8349E2CF464B67A0B74B083BF08757
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/52763e98-2920-46fc-8dad-f7cba491e994.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a01:578:1200::/39 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:be:5b:a6:8a:83:49:e2:cf:46:4b:67:a0:b7:4b:08:3b:f0:87:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=fc954f8a94c5a8bf4cc9e7a77175d53309d57eec177e2cc9a0028505f6319edc, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:87:81:c7:dd:cf:9b:6d:12:d5:f8:b1:76:2c:
                    22:bc:0e:c6:11:86:4d:a4:4a:de:ba:39:8f:99:3a:
                    ce:d3:9d:da:f8:fe:82:72:a1:aa:f7:23:f3:0c:33:
                    64:bd:81:40:9e:8f:1a:1d:28:dd:05:76:e8:fa:b4:
                    96:69:4c:54:ba:f8:1a:b6:e2:d4:f8:6c:e7:ac:af:
                    54:04:c1:2e:74:8c:6e:0a:b5:4d:75:a9:90:16:6f:
                    7f:5a:b0:72:66:63:0d:2a:55:7a:f4:87:65:32:5d:
                    49:44:b4:81:80:73:2a:21:64:b0:5d:25:a1:b0:93:
                    22:8a:9f:d1:fb:c5:9a:90:27:66:a2:7b:4b:23:1e:
                    89:57:22:7c:e1:56:88:a3:23:c5:e0:32:c6:e8:41:
                    60:57:75:56:14:db:93:d2:68:2b:d2:9e:84:e5:fa:
                    e3:96:2a:15:d7:63:a5:4b:e0:d8:5c:80:c6:c5:44:
                    8b:eb:ca:4f:8e:c4:d2:50:fb:73:c4:6c:aa:c4:85:
                    e2:dc:a7:1e:51:77:88:29:2d:50:6d:b9:32:54:87:
                    7e:47:3c:34:06:7b:24:92:9e:52:7c:1e:f2:eb:bd:
                    27:e5:67:33:50:9e:91:e3:97:f0:25:58:59:c3:85:
                    49:d3:44:4f:49:d9:ac:db:c8:9b:c3:9d:e1:7d:74:
                    95:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:46:C7:86:53:BE:97:CA:ED:EE:E4:F5:24:69:D9:75:18:7C:6B:29
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/52763e98-2920-46fc-8dad-f7cba491e994.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578:1200::/39

    Signature Algorithm: sha256WithRSAEncryption
         3f:cd:9b:3f:3e:cd:81:46:f4:ee:22:55:e7:a4:01:e7:44:81:
         38:3c:b5:b8:67:ff:6c:cf:d9:1c:ea:f3:2e:8b:21:95:d3:3c:
         90:07:70:8e:9a:f5:90:73:b9:26:ef:a5:39:f0:bf:40:1b:0f:
         68:4e:25:16:92:c7:9d:5d:4b:2a:18:ac:30:8e:6b:09:92:2d:
         e6:84:12:f8:6e:1a:5f:f9:26:8b:cf:76:62:c6:7d:3e:2c:65:
         95:d3:1c:aa:ec:49:e7:89:cd:bc:2a:10:d9:b9:2b:64:2b:8e:
         f8:82:c7:1d:5e:aa:67:34:f4:16:c3:c4:77:21:5d:bc:8a:af:
         18:8a:51:7c:15:1c:50:41:2d:ab:c3:4c:74:ff:ce:e6:c0:6c:
         47:62:b9:a4:db:ae:d9:ff:12:d9:37:78:c6:f5:25:da:6c:63:
         96:42:69:1c:ba:1e:62:da:d2:1a:e5:53:70:a6:f4:f1:4e:cf:
         14:06:21:89:d9:06:08:21:46:32:9e:6b:6c:a2:00:9f:89:55:
         cd:db:74:4c:88:24:5f:62:fa:d7:70:d0:3c:9b:68:92:76:8f:
         2f:7f:e3:98:b3:59:bf:0e:b8:ff:93:a3:27:06:04:c4:d9:81:
         66:6b:76:78:16:d8:91:e0:67:59:00:58:32:a3:6b:47:9b:0a:
         b6:2b:39:86
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUab5bpoqDSeLPRktnoLdLCDvwh1cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQGZjOTU0ZjhhOTRjNWE4YmY0Y2M5ZTdhNzcxNzVkNTMzMDlkNTdlZWMxNzdl
MmNjOWEwMDI4NTA1ZjYzMTllZGMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJaHgcfdz5ttEtX4sXYsIrwOxhGGTaRK3ro5j5k6ztOd2vj+gnKhqvcj8wwz
ZL2BQJ6PGh0o3QV26Pq0lmlMVLr4Grbi1Phs56yvVATBLnSMbgq1TXWpkBZvf1qw
cmZjDSpVevSHZTJdSUS0gYBzKiFksF0lobCTIoqf0fvFmpAnZqJ7SyMeiVcifOFW
iKMjxeAyxuhBYFd1VhTbk9JoK9KehOX645YqFddjpUvg2FyAxsVEi+vKT47E0lD7
c8RsqsSF4tynHlF3iCktUG25MlSHfkc8NAZ7JJKeUnwe8uu9J+VnM1CekeOX8CVY
WcOFSdNET0nZrNvIm8Od4X10lSsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT6RseG
U76Xyu3u5PUkadl1GHxrKTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NTI3NjNlOTgtMjkyMC00NmZjLThkYWQtZjdjYmE0OTFlOTk0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGASoBBXgS
MA0GCSqGSIb3DQEBCwUAA4IBAQA/zZs/Ps2BRvTuIlXnpAHnRIE4PLW4Z/9sz9kc
6vMuiyGV0zyQB3COmvWQc7km76U58L9AGw9oTiUWksedXUsqGKwwjmsJki3mhBL4
bhpf+SaLz3Zixn0+LGWV0xyq7Ennic28KhDZuStkK474gscdXqpnNPQWw8R3IV28
iq8YilF8FRxQQS2rw0x0/87mwGxHYrmk267Z/xLZN3jG9SXabGOWQmkcuh5i2tIa
5VNwpvTxTs8UBiGJ2QYIIUYynmtsogCfiVXN23RMiCRfYvrXcNA8m2iSdo8vf+OY
s1m/Drj/k6MnBgTE2YFma3Z4FtiR4GdZAFgyo2tHmwq2KzmG
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:19:12 2023 by rpki-client on console-fra.rpki-client.org