Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa
File:                     7dc90e26-05aa-40c8-bbd0-967e095d6485.roa (raw, json)
Hash identifier:          8W+IcBRcf38hTQuDrvkhKuHwVMt1OMopL+y/gDyyqxE=
Subject key identifier:   E1:50:4B:2F:73:2B:C3:5F:53:EA:05:1E:A2:14:D0:FF:FF:5E:0C:43
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       71B257CDA148F8174A331F92A022F713D09D3DA4
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa
Signing time:             Tue 03 Oct 2023 00:00:00 +0000
ROA not before:           Tue 03 Oct 2023 00:00:00 +0000
ROA not after:            Tue 07 Nov 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        143.65.0.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Oct 2023 08:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:b2:57:cd:a1:48:f8:17:4a:33:1f:92:a0:22:f7:13:d0:9d:3d:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Oct  3 00:00:00 2023 GMT
            Not After : Nov  7 23:59:59 2023 GMT
        Subject: serialNumber=b9003bbfb0ed7f3bc1302066d2e8c8e90d4fcf64f2ddbe15727bf6553ca34968, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:6a:80:b5:a2:b8:30:c8:e9:02:0c:09:c1:33:
                    1c:8e:19:1e:1e:77:d0:75:df:b0:b6:ab:70:7f:12:
                    1a:36:11:cb:69:93:95:5c:1a:83:24:e1:76:62:2a:
                    c4:ed:6b:73:db:7f:9c:0a:d2:97:03:36:e9:5d:bd:
                    54:5d:cf:b4:bd:76:09:03:5a:b1:9e:a8:a4:d5:30:
                    c0:de:8e:15:29:36:b2:41:e3:ae:e7:7d:b1:6c:64:
                    32:0f:67:e3:ac:b6:e2:1a:0d:0d:e5:43:b2:bb:05:
                    97:2f:be:27:7b:aa:ae:80:e8:75:18:b1:94:f2:ca:
                    77:c8:47:bf:3e:19:3e:93:12:f7:23:96:fd:0a:f8:
                    4c:f6:11:6a:0f:4d:45:ce:2f:3b:71:fc:40:21:12:
                    9d:c4:b4:52:c3:2d:0f:a7:b0:9b:df:b9:18:26:71:
                    eb:41:66:f3:a0:f4:68:37:97:3f:3e:73:da:20:f6:
                    f7:6a:fe:5e:d3:d8:92:ab:d7:ab:b0:8a:8e:dd:1e:
                    36:9b:30:e7:62:bf:ce:36:c9:88:6e:0a:a6:e0:01:
                    14:8b:76:06:f4:c5:50:d4:9f:82:ad:e9:02:92:34:
                    5e:a4:d5:37:27:ca:38:6a:e7:c6:d8:2e:9b:64:cd:
                    28:b7:d4:65:5e:15:8a:ee:da:91:a3:bf:bb:75:e2:
                    7b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:50:4B:2F:73:2B:C3:5F:53:EA:05:1E:A2:14:D0:FF:FF:5E:0C:43
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.65.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         14:9e:34:e2:a9:d1:0c:83:50:57:5d:f3:2a:a5:8e:64:e8:5f:
         03:b1:51:59:60:42:dd:35:17:ca:c2:de:a4:ce:a7:43:da:46:
         04:96:a1:f6:81:e2:27:db:09:1b:f9:1e:cb:ae:b5:3e:e1:0a:
         0c:8e:a2:0c:3e:5b:b3:6c:ea:9d:8c:5b:8f:a7:ff:71:b8:4e:
         f0:a2:a9:b2:9b:d0:f8:63:38:14:20:7c:c1:11:f6:3b:6b:74:
         90:85:1e:bf:92:07:7a:25:b2:4f:18:09:4e:3c:2a:d0:10:3b:
         b7:96:3f:49:bd:5d:8d:e6:cc:19:bd:1b:99:72:98:3d:6a:78:
         c6:96:de:28:1d:b7:eb:88:c4:d6:93:6d:e5:77:73:ab:e5:eb:
         7a:2e:8a:69:25:76:6f:88:99:29:9e:8f:9c:c8:65:47:13:9e:
         ed:26:c9:49:65:b1:4d:52:49:cc:d7:25:33:64:ff:e2:7d:8c:
         39:b6:08:aa:d7:44:cf:f0:f4:96:5e:48:94:53:2f:3d:13:5f:
         9f:d8:3c:28:bf:e6:e3:52:f5:84:87:5d:92:0e:60:2b:1c:13:
         54:47:b0:ef:7c:7d:71:de:7a:63:0e:5f:91:e5:f0:1b:6e:4c:
         9c:c6:5d:6d:4b:0b:d2:da:2b:53:41:19:28:21:4c:17:61:7e:
         53:c3:f8:b2
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUcbJXzaFI+BdKMx+SoCL3E9CdPaQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzEwMDMwMDAwMDBaFw0yMzExMDcyMzU5NTlaMHoxSTBHBgNV
BAUTQGI5MDAzYmJmYjBlZDdmM2JjMTMwMjA2NmQyZThjOGU5MGQ0ZmNmNjRmMmRk
YmUxNTcyN2JmNjU1M2NhMzQ5NjgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAONqgLWiuDDI6QIMCcEzHI4ZHh530HXfsLarcH8SGjYRy2mTlVwagyThdmIq
xO1rc9t/nArSlwM26V29VF3PtL12CQNasZ6opNUwwN6OFSk2skHjrud9sWxkMg9n
46y24hoNDeVDsrsFly++J3uqroDodRixlPLKd8hHvz4ZPpMS9yOW/Qr4TPYRag9N
Rc4vO3H8QCESncS0UsMtD6ewm9+5GCZx60Fm86D0aDeXPz5z2iD292r+XtPYkqvX
q7CKjt0eNpsw52K/zjbJiG4KpuABFIt2BvTFUNSfgq3pApI0XqTVNyfKOGrnxtgu
m2TNKLfUZV4Viu7akaO/u3Xie60CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBThUEsv
cyvDX1PqBR6iFND//14MQzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
N2RjOTBlMjYtMDVhYS00MGM4LWJiZDAtOTY3ZTA5NWQ2NDg1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB49BADAN
BgkqhkiG9w0BAQsFAAOCAQEAFJ404qnRDINQV13zKqWOZOhfA7FRWWBC3TUXysLe
pM6nQ9pGBJah9oHiJ9sJG/key661PuEKDI6iDD5bs2zqnYxbj6f/cbhO8KKpspvQ
+GM4FCB8wRH2O2t0kIUev5IHeiWyTxgJTjwq0BA7t5Y/Sb1djebMGb0bmXKYPWp4
xpbeKB2364jE1pNt5Xdzq+Xrei6KaSV2b4iZKZ6PnMhlRxOe7SbJSWWxTVJJzNcl
M2T/4n2MObYIqtdEz/D0ll5IlFMvPRNfn9g8KL/m41L1hIddkg5gKxwTVEew73x9
cd56Yw5fkeXwG25MnMZdbUsL0torU0EZKCFMF2F+U8P4sg==
-----END CERTIFICATE-----
Generated at Tue Oct 3 15:51:55 2023 by rpki-client on console-ams.rpki-client.org