Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5bd93f6c-9c20-4393-a8f8-1424eaa1dcbe.roa
File:                     5bd93f6c-9c20-4393-a8f8-1424eaa1dcbe.roa (raw, json)
Hash identifier:          FQep+pXnu1LKu+MA6lv5p5g2KG4LLu3OsDfXr0PlcrU=
Subject key identifier:   76:D8:C9:EC:39:B6:07:52:EF:7C:1B:4D:ED:34:79:D3:DE:F3:FF:B0
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       68D9602BD53A9317160A3C9D16193A1EB746B9E6
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5bd93f6c-9c20-4393-a8f8-1424eaa1dcbe.roa
Signing time:             Mon 11 Sep 2023 00:00:00 +0000
ROA not before:           Mon 11 Sep 2023 00:00:00 +0000
ROA not after:            Mon 16 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.20.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Sep 2023 14:37:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:d9:60:2b:d5:3a:93:17:16:0a:3c:9d:16:19:3a:1e:b7:46:b9:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 11 00:00:00 2023 GMT
            Not After : Oct 16 23:59:59 2023 GMT
        Subject: serialNumber=eb08d887d492b0b4320d7312da8386fa0e5ee4408f98c7df2f0563d8dc1012a4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:5a:17:c7:63:57:27:9c:8c:ef:a9:1f:41:4d:
                    14:9f:46:d8:57:ae:b3:e6:b8:7e:16:90:93:f6:9f:
                    5d:8e:3e:b2:68:20:7c:8a:cc:02:2f:36:56:c5:47:
                    a5:c1:cc:85:0b:0b:94:ae:7b:16:06:63:fa:62:fc:
                    cd:48:72:73:db:41:7a:3d:22:9a:50:09:13:51:e3:
                    5b:1f:82:53:1b:2c:30:d5:8e:3e:c3:33:15:7d:01:
                    30:18:3f:86:d8:4e:b3:34:6d:f5:a7:17:e9:8e:64:
                    a8:13:0f:a3:5c:47:0a:b6:30:1c:3c:29:8d:ad:8d:
                    8e:2f:59:7d:a6:b8:b9:4d:dc:76:09:a4:bf:7e:c7:
                    c7:14:88:70:cd:d0:42:ab:4a:32:ee:32:ef:b7:67:
                    50:e6:25:f6:ff:b6:bb:59:d7:c6:23:48:78:98:da:
                    1a:db:63:c1:ad:77:af:88:87:93:d0:1d:a7:cc:35:
                    99:93:70:93:14:9c:14:bc:d2:1a:09:ee:af:1f:7c:
                    a4:03:6a:88:20:0c:bb:8b:74:61:be:98:bb:df:5f:
                    09:b2:49:f9:3e:ef:d6:c1:56:d2:34:39:98:d5:2a:
                    3f:64:4f:a8:ae:54:e4:b1:77:35:0c:3d:0d:90:ba:
                    9f:e6:7e:34:9c:7d:b9:cf:5a:59:ae:33:bb:50:8a:
                    9e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:D8:C9:EC:39:B6:07:52:EF:7C:1B:4D:ED:34:79:D3:DE:F3:FF:B0
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5bd93f6c-9c20-4393-a8f8-1424eaa1dcbe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.20.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5f:c8:d6:d2:43:7b:4c:af:75:44:b6:af:a2:c3:d9:e8:c7:83:
         9d:44:ed:07:e2:c4:94:df:6f:f8:88:a0:ac:f1:21:d3:58:a0:
         10:e9:59:4e:52:6d:c9:f8:7d:0a:f5:c4:bb:39:c7:e4:ab:3d:
         97:d5:34:13:5d:2a:73:43:90:53:94:a6:1d:31:7a:a3:5a:f8:
         fa:b1:55:df:9e:ad:bb:df:87:4f:2c:cf:76:83:f8:0e:52:46:
         b5:2a:31:7a:7f:a9:29:2a:9b:05:cb:33:c9:6a:50:56:44:1a:
         a4:52:75:de:b3:8a:c2:74:7e:47:bb:e2:b9:4f:fc:0d:bd:43:
         b3:bb:7b:b9:69:ef:c6:21:14:4a:e2:b6:fb:7d:c2:ac:23:a5:
         3c:c1:53:e1:ba:2f:1d:54:c9:26:53:83:f3:54:cf:fa:55:bf:
         d6:c9:1e:e5:55:bd:a6:d5:39:e0:6f:c9:77:83:48:b3:38:ec:
         55:e9:88:99:88:7e:dc:4c:35:30:38:b6:51:32:54:94:e2:e4:
         15:78:53:31:58:68:1f:fd:fc:55:ec:6f:9b:56:c4:9e:59:7a:
         1f:34:b8:30:50:a8:6e:87:18:1d:33:f6:eb:6a:3d:ac:3b:84:
         98:8a:d1:1c:45:dd:cf:e0:5d:d1:26:e8:ab:d0:e2:b3:68:a1:
         11:43:56:e3
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUaNlgK9U6kxcWCjydFhk6HrdGueYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MTEwMDAwMDBaFw0yMzEwMTYyMzU5NTlaMHoxSTBHBgNV
BAUTQGViMDhkODg3ZDQ5MmIwYjQzMjBkNzMxMmRhODM4NmZhMGU1ZWU0NDA4Zjk4
YzdkZjJmMDU2M2Q4ZGMxMDEyYTQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJaF8djVyecjO+pH0FNFJ9G2Feus+a4fhaQk/afXY4+smggfIrMAi82VsVH
pcHMhQsLlK57FgZj+mL8zUhyc9tBej0imlAJE1HjWx+CUxssMNWOPsMzFX0BMBg/
hthOszRt9acX6Y5kqBMPo1xHCrYwHDwpja2Nji9Zfaa4uU3cdgmkv37HxxSIcM3Q
QqtKMu4y77dnUOYl9v+2u1nXxiNIeJjaGttjwa13r4iHk9Adp8w1mZNwkxScFLzS
Ggnurx98pANqiCAMu4t0Yb6Yu99fCbJJ+T7v1sFW0jQ5mNUqP2RPqK5U5LF3NQw9
DZC6n+Z+NJx9uc9aWa4zu1CKnhsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBR22Mns
ObYHUu98G03tNHnT3vP/sDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NWJkOTNmNmMtOWMyMC00MzkzLWE4ZjgtMTQyNGVhYTFkY2JlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMUMA0G
CSqGSIb3DQEBCwUAA4IBAQBfyNbSQ3tMr3VEtq+iw9nox4OdRO0H4sSU32/4iKCs
8SHTWKAQ6VlOUm3J+H0K9cS7Ocfkqz2X1TQTXSpzQ5BTlKYdMXqjWvj6sVXfnq27
34dPLM92g/gOUka1KjF6f6kpKpsFyzPJalBWRBqkUnXes4rCdH5Hu+K5T/wNvUOz
u3u5ae/GIRRK4rb7fcKsI6U8wVPhui8dVMkmU4PzVM/6Vb/WyR7lVb2m1Tngb8l3
g0izOOxV6YiZiH7cTDUwOLZRMlSU4uQVeFMxWGgf/fxV7G+bVsSeWXofNLgwUKhu
hxgdM/braj2sO4SYitEcRd3P4F3RJuir0OKzaKERQ1bj
-----END CERTIFICATE-----
Generated at Mon Sep 11 16:32:02 2023 by rpki-client on console-fra.rpki-client.org