Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/63e023f1-83fd-412f-8365-33afe1ac80af.roa
File:                     63e023f1-83fd-412f-8365-33afe1ac80af.roa (raw, json)
Hash identifier:          BI8lOjVihOQO1hABVeOKSLAmqC6hwfX4SCit15mfDZc=
Subject key identifier:   85:4A:37:C5:7A:79:CA:2C:C0:46:E4:B1:C3:B1:64:D9:B0:BE:98:60
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       3362E83A376266BB5835F5E1FF342C3269221376
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/63e023f1-83fd-412f-8365-33afe1ac80af.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.160.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:62:e8:3a:37:62:66:bb:58:35:f5:e1:ff:34:2c:32:69:22:13:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=820451e793f4bd761fbd38190e27f80279baee6fa404c3185c526713e1bf2ab4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0f:19:c6:f2:89:55:62:72:c2:d9:fe:51:e5:
                    93:35:a5:2f:84:27:ea:07:ea:94:71:f8:23:6d:54:
                    db:1b:ec:23:31:99:3f:ba:28:fd:b6:57:60:ba:dd:
                    63:23:cd:ba:1e:fe:86:a2:25:f7:da:bd:62:9e:f6:
                    97:87:8e:e7:c2:cb:a2:a4:1d:95:ef:50:1f:20:18:
                    9a:7f:44:ad:b0:52:4b:33:9d:54:6a:f4:02:dd:a2:
                    1c:2d:42:78:df:15:93:09:bb:c8:1f:95:98:e3:5c:
                    bd:a8:49:04:83:7e:a7:a8:21:7e:f4:ca:0c:0e:93:
                    76:02:bf:99:53:c4:76:0f:1f:37:28:a9:b3:44:42:
                    89:76:d1:49:dd:07:d6:d7:3a:ba:9c:2b:c6:63:63:
                    c4:d0:09:15:af:17:1f:6a:f2:97:23:44:7f:90:b8:
                    72:40:46:5e:45:13:c1:6e:50:49:0d:03:4e:10:37:
                    c7:93:2b:a8:ed:d7:68:01:56:d6:36:41:5c:dc:3b:
                    fc:0c:3a:e6:5f:59:be:08:a3:11:0a:f8:cb:92:bb:
                    b4:6d:ea:f0:23:d1:e7:a8:40:04:0c:27:06:ed:13:
                    d9:04:06:7f:a7:cf:1d:bc:68:c7:fe:e6:c5:dc:cb:
                    ed:74:bb:cf:4d:2a:08:25:de:a2:62:b9:8c:91:19:
                    e9:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:4A:37:C5:7A:79:CA:2C:C0:46:E4:B1:C3:B1:64:D9:B0:BE:98:60
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/63e023f1-83fd-412f-8365-33afe1ac80af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.160.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ba:70:a5:7f:00:8c:af:1f:5d:a6:c3:56:90:30:50:fb:3b:a0:
         7b:63:42:f9:c0:34:cf:79:19:32:a6:02:4b:fb:af:a5:60:56:
         e7:b0:77:50:8f:16:d1:d6:51:9c:dd:60:07:ec:f6:b6:2e:e9:
         b7:a6:9c:39:ba:68:b4:4e:76:1e:0d:27:48:dd:89:de:15:d0:
         64:5f:83:d4:df:3b:9c:72:9c:ec:b3:8a:7f:83:a7:b2:69:a9:
         cd:5c:08:78:bc:75:d9:12:d3:6c:68:a9:1f:5d:45:48:fe:a1:
         76:45:bf:1d:40:17:61:64:c0:06:0e:ed:99:75:d0:06:4f:25:
         15:6b:9c:1c:55:43:37:b5:af:b3:ac:54:35:71:ee:fe:4e:ce:
         68:9c:8a:df:83:e2:49:99:f1:ab:b4:d7:3d:16:1b:35:e8:b4:
         e1:66:91:80:a8:84:50:4c:71:9b:86:83:5b:ed:d9:88:25:98:
         17:eb:4e:fb:3f:88:5b:1b:e3:56:3e:5e:33:26:cc:df:49:fa:
         17:05:13:a0:d6:c1:7c:ae:c1:40:5d:8e:1b:48:b1:8e:15:c8:
         62:d5:af:7d:fd:7b:e3:e9:3d:2b:14:70:a5:db:3b:85:0f:9a:
         cb:13:00:33:0e:9d:0c:cc:74:e8:5f:04:ee:99:b7:24:6d:15:
         76:b1:3c:60
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUM2LoOjdiZrtYNfXh/zQsMmkiE3YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDgyMDQ1MWU3OTNmNGJkNzYxZmJkMzgxOTBlMjdmODAyNzliYWVlNmZhNDA0
YzMxODVjNTI2NzEzZTFiZjJhYjQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKkPGcbyiVVicsLZ/lHlkzWlL4Qn6gfqlHH4I21U2xvsIzGZP7oo/bZXYLrd
YyPNuh7+hqIl99q9Yp72l4eO58LLoqQdle9QHyAYmn9ErbBSSzOdVGr0At2iHC1C
eN8Vkwm7yB+VmONcvahJBIN+p6ghfvTKDA6TdgK/mVPEdg8fNyips0RCiXbRSd0H
1tc6upwrxmNjxNAJFa8XH2rylyNEf5C4ckBGXkUTwW5QSQ0DThA3x5MrqO3XaAFW
1jZBXNw7/Aw65l9ZvgijEQr4y5K7tG3q8CPR56hABAwnBu0T2QQGf6fPHbxox/7m
xdzL7XS7z00qCCXeomK5jJEZ6ZUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSFSjfF
ennKLMBG5LHDsWTZsL6YYDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjNlMDIzZjEtODNmZC00MTJmLTgzNjUtMzNhZmUxYWM4MGFmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOgMA0G
CSqGSIb3DQEBCwUAA4IBAQC6cKV/AIyvH12mw1aQMFD7O6B7Y0L5wDTPeRkypgJL
+6+lYFbnsHdQjxbR1lGc3WAH7Pa2Lum3ppw5umi0TnYeDSdI3YneFdBkX4PU3zuc
cpzss4p/g6eyaanNXAh4vHXZEtNsaKkfXUVI/qF2Rb8dQBdhZMAGDu2ZddAGTyUV
a5wcVUM3ta+zrFQ1ce7+Ts5onIrfg+JJmfGrtNc9Fhs16LThZpGAqIRQTHGbhoNb
7dmIJZgX6077P4hbG+NWPl4zJszfSfoXBROg1sF8rsFAXY4bSLGOFchi1a99/Xvj
6T0rFHCl2zuFD5rLEwAzDp0MzHToXwTumbckbRV2sTxg
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:41:27 2023 by rpki-client on console-ams.rpki-client.org