Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/70f878ce-a193-47ae-b517-318c2b88892f.roa
File:                     70f878ce-a193-47ae-b517-318c2b88892f.roa (raw, json)
Hash identifier:          kk/mtcWC1rXCbQDPUrYkBP+sQXxqsfcpyI4JLsYog70=
Subject key identifier:   17:1C:E7:47:1C:23:D3:A4:7C:1B:9E:C4:F1:D8:8C:41:CD:7C:58:DA
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       41E75A373F385688451DF93DBFBCA744E34C9CB6
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/70f878ce-a193-47ae-b517-318c2b88892f.roa
Signing time:             Fri 22 Sep 2023 00:00:00 +0000
ROA not before:           Fri 22 Sep 2023 00:00:00 +0000
ROA not after:            Fri 27 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.0.96.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Sep 2023 11:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:e7:5a:37:3f:38:56:88:45:1d:f9:3d:bf:bc:a7:44:e3:4c:9c:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 22 00:00:00 2023 GMT
            Not After : Oct 27 23:59:59 2023 GMT
        Subject: serialNumber=4176d3bd943111cf60b87f3b990c0879d94cb7087b1e429398c5057470d70cab, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c8:bf:d3:82:54:1e:d7:a6:db:55:be:45:53:
                    80:92:7e:14:54:81:88:00:f9:52:53:00:ab:01:94:
                    d9:8d:54:e1:f2:d2:f0:44:c9:19:1d:7f:5a:db:8b:
                    fb:ac:3f:dc:fc:4a:4b:34:bf:42:23:6b:26:fd:a3:
                    4e:b8:ba:f4:b0:6d:fa:0a:35:55:5f:c0:c7:2d:d9:
                    ca:aa:94:a4:19:a6:c8:68:eb:04:d9:bf:2a:ab:dc:
                    a3:1f:2a:64:35:6d:15:77:d0:40:e9:45:27:b2:5c:
                    b2:1e:ad:38:38:c0:c5:15:73:27:59:74:32:19:9a:
                    30:1d:e7:19:c2:2d:2d:26:a2:3a:3c:20:73:96:e0:
                    16:74:5f:6e:a1:f0:4f:00:12:b9:b2:86:34:dd:10:
                    c1:3b:f0:47:c0:ca:91:bc:5b:17:f0:ff:79:b4:9d:
                    22:4e:a0:1a:4a:fe:4a:26:76:ce:84:ce:1b:9e:d2:
                    89:01:ac:eb:6a:9e:ce:48:01:89:86:7a:2a:41:9f:
                    8e:13:00:f6:fe:e5:ae:46:e4:8a:13:ad:fb:d5:8e:
                    32:65:7d:17:50:b6:b2:e0:c6:9c:df:99:e2:d9:b3:
                    c0:cd:d3:19:f5:6c:b7:b7:a6:fa:e8:7e:03:f1:88:
                    8c:37:c1:70:a8:fb:e9:c1:49:0e:1c:50:5a:04:11:
                    be:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:1C:E7:47:1C:23:D3:A4:7C:1B:9E:C4:F1:D8:8C:41:CD:7C:58:DA
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/70f878ce-a193-47ae-b517-318c2b88892f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.0.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         bc:a3:82:85:49:c2:2c:cb:9e:4d:3e:62:3f:5f:64:c6:35:22:
         1d:13:6a:3d:a4:a7:eb:9d:b3:27:66:b3:49:08:0f:94:8f:ee:
         64:0f:03:19:96:ff:93:73:3f:89:04:23:5b:50:d4:98:b1:ab:
         aa:03:a5:31:f2:63:9b:a5:0b:ae:8b:e3:28:1c:67:83:27:41:
         4c:f5:b8:b8:50:d8:20:c1:20:3c:c4:c7:af:0f:13:21:15:d8:
         6f:04:fd:4d:ec:7e:a0:4c:b1:4c:9c:9a:8b:f4:f7:45:b7:a5:
         f8:0e:40:53:21:47:2a:b2:3a:57:a2:91:17:4c:cb:a8:dd:ad:
         9b:b0:28:bc:50:f1:64:73:ba:87:a4:4e:04:cd:20:29:47:82:
         2d:b8:83:61:80:b4:c1:2a:e8:cb:91:90:b3:05:d3:0e:84:63:
         9e:12:5c:03:39:06:bc:7d:34:3f:37:2d:24:2e:70:d5:0b:b9:
         d9:bb:d3:37:07:df:05:0f:de:76:26:8b:eb:27:a2:a0:dd:71:
         2b:10:d4:1c:cd:3b:14:55:22:d4:7b:ed:22:61:0e:79:06:32:
         44:46:8f:36:cc:ee:07:8f:8f:b8:bb:e9:a6:33:21:ab:5b:08:
         33:13:02:d9:de:f0:f2:95:0d:69:df:fa:44:27:58:2e:52:e6:
         96:a7:4f:19
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUQedaNz84VohFHfk9v7ynRONMnLYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MjIwMDAwMDBaFw0yMzEwMjcyMzU5NTlaMHoxSTBHBgNV
BAUTQDQxNzZkM2JkOTQzMTExY2Y2MGI4N2YzYjk5MGMwODc5ZDk0Y2I3MDg3YjFl
NDI5Mzk4YzUwNTc0NzBkNzBjYWIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMDIv9OCVB7XpttVvkVTgJJ+FFSBiAD5UlMAqwGU2Y1U4fLS8ETJGR1/WtuL
+6w/3PxKSzS/QiNrJv2jTri69LBt+go1VV/Axy3ZyqqUpBmmyGjrBNm/Kqvcox8q
ZDVtFXfQQOlFJ7Jcsh6tODjAxRVzJ1l0MhmaMB3nGcItLSaiOjwgc5bgFnRfbqHw
TwASubKGNN0QwTvwR8DKkbxbF/D/ebSdIk6gGkr+SiZ2zoTOG57SiQGs62qezkgB
iYZ6KkGfjhMA9v7lrkbkihOt+9WOMmV9F1C2suDGnN+Z4tmzwM3TGfVst7em+uh+
A/GIjDfBcKj76cFJDhxQWgQRvikCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQXHOdH
HCPTpHwbnsTx2IxBzXxY2jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NzBmODc4Y2UtYTE5My00N2FlLWI1MTctMzE4YzJiODg4OTJmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAYDAN
BgkqhkiG9w0BAQsFAAOCAQEAvKOChUnCLMueTT5iP19kxjUiHRNqPaSn652zJ2az
SQgPlI/uZA8DGZb/k3M/iQQjW1DUmLGrqgOlMfJjm6ULrovjKBxngydBTPW4uFDY
IMEgPMTHrw8TIRXYbwT9Tex+oEyxTJyai/T3Rbel+A5AUyFHKrI6V6KRF0zLqN2t
m7AovFDxZHO6h6ROBM0gKUeCLbiDYYC0wSroy5GQswXTDoRjnhJcAzkGvH00Pzct
JC5w1Qu52bvTNwffBQ/ediaL6yeioN1xKxDUHM07FFUi1HvtImEOeQYyREaPNszu
B4+PuLvppjMhq1sIMxMC2d7w8pUNad/6RCdYLlLmlqdPGQ==
-----END CERTIFICATE-----
Generated at Fri Sep 22 17:21:14 2023 by rpki-client on console-ams.rpki-client.org