Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7a9d4970-8e9c-4d11-a1c6-772a571334fd.roa
File:                     7a9d4970-8e9c-4d11-a1c6-772a571334fd.roa (raw, json)
Hash identifier:          qc624kcXBeE9Xi7kkY+R/X95K5eKPoDqGQWCFjcO1R8=
Subject key identifier:   BC:40:91:01:E3:AD:69:71:A7:A8:16:B6:9B:F1:99:5A:38:C8:47:1C
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       298E2B2A42E24338D21E3AACEFF7179366E35464
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7a9d4970-8e9c-4d11-a1c6-772a571334fd.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        185.143.16.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Sep 2023 23:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:8e:2b:2a:42:e2:43:38:d2:1e:3a:ac:ef:f7:17:93:66:e3:54:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=b9cecd72a750d89d86bbefd7cb8fb268cdb0a4ddbca4f678f8ceb937de09bdc2, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:04:cf:98:4c:be:69:68:bf:96:ea:64:98:b7:
                    e5:49:3c:50:2c:e0:d3:3f:18:b3:cc:a3:13:e5:40:
                    3f:23:a0:d7:e0:16:e4:9b:f2:ef:67:75:03:0d:42:
                    b8:30:a0:ec:ae:90:77:3e:2c:4c:7c:d8:ab:5a:70:
                    a0:11:e9:e2:a0:ea:8b:86:87:9f:b4:1d:31:37:16:
                    c0:e9:c5:e2:55:95:05:b8:bd:2d:6f:32:80:c2:3b:
                    8e:dc:77:a2:1b:e5:ff:07:66:2f:74:5d:16:0d:37:
                    73:68:f0:ee:29:58:5e:ed:22:cf:22:ed:70:78:a1:
                    6a:d8:5b:70:c8:07:8b:02:7d:a0:fe:9e:30:d1:71:
                    28:f7:4f:c4:24:23:64:a3:1e:b4:e8:93:29:8d:d6:
                    e2:6e:45:43:05:ac:23:68:e7:19:10:2f:a8:78:e5:
                    59:f8:2f:3d:a4:44:84:d6:a4:7a:94:63:f6:a2:cd:
                    a3:98:46:ce:1e:4a:dc:04:6a:31:97:76:d6:23:99:
                    6b:46:48:7c:73:e9:ca:a9:4a:be:f9:b5:fc:89:30:
                    09:43:45:5e:c9:a6:9a:b1:74:0f:d1:b1:0f:06:64:
                    8c:11:8e:34:90:33:66:47:7d:6e:20:17:92:de:c6:
                    2c:bd:86:3d:f7:70:c5:52:18:de:cd:ae:b3:21:31:
                    8e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:40:91:01:E3:AD:69:71:A7:A8:16:B6:9B:F1:99:5A:38:C8:47:1C
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7a9d4970-8e9c-4d11-a1c6-772a571334fd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:aa:48:0c:e3:38:a5:08:13:a8:7d:11:fd:41:4c:46:bb:7d:
         92:9f:67:ad:51:f2:1e:38:18:84:12:cd:9b:fe:64:7c:c1:0f:
         ac:72:27:a3:a4:04:22:77:1d:81:2a:d2:10:07:6f:5a:12:2c:
         90:1e:4f:40:15:77:41:31:c6:67:1d:c6:90:a4:e9:a1:78:29:
         00:ee:39:47:74:b7:e3:f3:09:63:ec:a3:5e:9f:fc:71:97:9f:
         b7:54:41:77:35:a4:c2:2e:68:da:e9:ec:98:60:37:42:b7:fc:
         6a:ff:94:6c:78:a3:5e:b6:33:35:a5:5f:45:3b:60:b2:e4:85:
         42:be:13:07:3e:ff:4a:d7:53:f1:1d:12:44:3b:74:a0:55:d3:
         1b:71:50:13:48:dd:de:c1:40:89:70:e4:74:ba:8a:12:ac:d4:
         bb:82:fb:7c:de:9e:12:d9:6a:50:29:d1:6b:d8:65:bb:67:1d:
         cd:1a:0c:cf:74:28:2f:36:3b:98:55:b5:46:84:7f:6b:df:a8:
         60:c6:88:49:f5:64:b8:9f:b5:44:6f:dc:8c:f3:6e:88:13:74:
         c3:d2:4e:f8:03:65:16:b3:6c:6d:ac:aa:21:c3:ca:fd:93:37:
         2a:79:6f:eb:0c:36:2e:16:44:37:1a:2e:59:0a:eb:76:0c:ee:
         cb:e9:c8:7e
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUKY4rKkLiQzjSHjqs7/cXk2bjVGQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQGI5Y2VjZDcyYTc1MGQ4OWQ4NmJiZWZkN2NiOGZiMjY4Y2RiMGE0ZGRiY2E0
ZjY3OGY4Y2ViOTM3ZGUwOWJkYzIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKMEz5hMvmlov5bqZJi35Uk8UCzg0z8Ys8yjE+VAPyOg1+AW5Jvy72d1Aw1C
uDCg7K6Qdz4sTHzYq1pwoBHp4qDqi4aHn7QdMTcWwOnF4lWVBbi9LW8ygMI7jtx3
ohvl/wdmL3RdFg03c2jw7ilYXu0izyLtcHihathbcMgHiwJ9oP6eMNFxKPdPxCQj
ZKMetOiTKY3W4m5FQwWsI2jnGRAvqHjlWfgvPaREhNakepRj9qLNo5hGzh5K3ARq
MZd21iOZa0ZIfHPpyqlKvvm1/IkwCUNFXsmmmrF0D9GxDwZkjBGONJAzZkd9biAX
kt7GLL2GPfdwxVIY3s2usyExjr0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBS8QJEB
461pcaeoFrab8ZlaOMhHHDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
N2E5ZDQ5NzAtOGU5Yy00ZDExLWExYzYtNzcyYTU3MTMzNGZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArmPEDAN
BgkqhkiG9w0BAQsFAAOCAQEAE6pIDOM4pQgTqH0R/UFMRrt9kp9nrVHyHjgYhBLN
m/5kfMEPrHIno6QEIncdgSrSEAdvWhIskB5PQBV3QTHGZx3GkKTpoXgpAO45R3S3
4/MJY+yjXp/8cZeft1RBdzWkwi5o2unsmGA3Qrf8av+UbHijXrYzNaVfRTtgsuSF
Qr4TBz7/StdT8R0SRDt0oFXTG3FQE0jd3sFAiXDkdLqKEqzUu4L7fN6eEtlqUCnR
a9hlu2cdzRoMz3QoLzY7mFW1RoR/a9+oYMaISfVkuJ+1RG/cjPNuiBN0w9JO+ANl
FrNsbayqIcPK/ZM3Knlv6ww2LhZENxouWQrrdgzuy+nIfg==
-----END CERTIFICATE-----
Generated at Fri Sep 8 00:23:34 2023 by rpki-client on console-fra.rpki-client.org