Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/8551266c-ef98-4dd7-801f-d816ee2eeade.roa
File:                     8551266c-ef98-4dd7-801f-d816ee2eeade.roa (raw, json)
Hash identifier:          os9szWcVi+iEGr3hpamI/+ToqxIW8cVHp1hJlog8TyI=
Subject key identifier:   B4:2B:20:F0:64:8F:6E:1B:C3:E9:74:02:39:5E:FC:40:D1:76:1A:9B
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       0D7765C3F387ED7B4A4001D6DE07D99969580528
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/8551266c-ef98-4dd7-801f-d816ee2eeade.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.176.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:77:65:c3:f3:87:ed:7b:4a:40:01:d6:de:07:d9:99:69:58:05:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=7a74b91419bd04c67e89a5fe88ceb43ab82eb0f8b7ead6bac1fbdf098c1bc86e, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:49:62:5c:59:2e:9f:cb:5b:c1:d4:2b:43:1d:
                    98:c4:e0:fc:b7:a0:1c:29:fb:b4:b2:ab:d5:79:6d:
                    36:7e:2e:d8:33:c4:6d:3f:a3:83:5a:52:f6:81:87:
                    bc:7d:c4:b7:41:9c:b5:e9:36:43:20:e2:b7:fb:cb:
                    85:29:3b:7d:87:a2:48:f8:8f:8a:16:a4:e5:28:c4:
                    10:46:05:d7:68:ea:b4:29:4a:01:fb:f3:c3:5a:84:
                    e0:21:57:bf:ed:71:99:1a:14:e7:c9:cb:3c:79:aa:
                    ed:e1:fb:43:fd:ff:1d:ce:78:7d:12:66:57:92:2a:
                    00:9c:f6:af:da:78:1c:f7:49:9d:f6:2e:a8:02:12:
                    c9:88:f1:ff:58:6e:2b:24:a4:e5:8f:74:46:b7:12:
                    f0:22:a8:e2:b5:0c:97:66:e6:93:97:8f:26:67:ed:
                    98:82:d8:92:f9:43:d7:56:ee:38:7c:ed:ff:65:20:
                    ae:d5:5e:3c:4c:98:ae:03:84:49:ab:ad:cc:93:43:
                    78:a4:67:60:6a:a3:63:9c:70:f5:9c:3b:9d:26:77:
                    47:ab:1c:33:65:bb:86:95:1c:3b:06:c7:93:e0:cb:
                    6f:23:ea:6f:06:7a:9e:9e:73:99:66:f4:1b:13:51:
                    d1:1d:4b:a2:6a:43:b8:5f:68:bd:a5:cc:79:5c:96:
                    83:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:2B:20:F0:64:8F:6E:1B:C3:E9:74:02:39:5E:FC:40:D1:76:1A:9B
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/8551266c-ef98-4dd7-801f-d816ee2eeade.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.176.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         63:ed:00:e6:a1:32:cf:5f:ac:a0:54:ea:0f:c2:4c:58:41:9b:
         8c:a8:90:a0:99:47:5d:42:73:e2:8a:95:15:60:fa:94:1b:4c:
         33:99:10:ee:d4:6d:53:1a:fb:ab:55:82:1f:14:f0:7b:37:ea:
         c3:f4:7e:49:96:f2:a4:4f:b5:d7:41:91:c0:8b:ae:8b:55:6d:
         a1:ed:55:25:1c:da:77:4b:67:63:ec:4a:81:a3:c9:f3:a5:3a:
         95:ac:bd:4a:73:eb:d0:64:08:d9:b8:22:57:e2:fb:50:ff:64:
         9b:cb:2e:a8:a4:56:03:13:7d:0f:99:13:9a:bf:75:20:a3:5c:
         10:9c:c8:b2:5f:8a:cb:8e:c4:57:0a:c4:4b:7f:95:de:a3:32:
         ac:0e:ca:d7:fd:e7:08:71:03:88:cf:77:57:ec:00:43:db:a4:
         a6:41:25:cb:25:22:0c:a3:72:e6:fb:f1:af:d2:a7:fd:6b:61:
         8e:11:5c:96:b5:b8:7a:f0:b1:75:23:a9:85:4f:1b:94:16:88:
         ff:6e:14:9b:28:6f:9b:a5:19:9a:9c:3b:93:8d:53:01:09:ac:
         25:10:8f:2c:a3:65:f6:bb:1a:b7:85:09:7b:8c:5f:30:6d:be:
         9f:e2:b4:13:ec:e6:cc:f7:ca:8e:e6:15:12:71:8a:27:01:7c:
         9c:87:57:7d
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUDXdlw/OH7XtKQAHW3gfZmWlYBSgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDdhNzRiOTE0MTliZDA0YzY3ZTg5YTVmZTg4Y2ViNDNhYjgyZWIwZjhiN2Vh
ZDZiYWMxZmJkZjA5OGMxYmM4NmUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKFJYlxZLp/LW8HUK0MdmMTg/LegHCn7tLKr1XltNn4u2DPEbT+jg1pS9oGH
vH3Et0Gctek2QyDit/vLhSk7fYeiSPiPihak5SjEEEYF12jqtClKAfvzw1qE4CFX
v+1xmRoU58nLPHmq7eH7Q/3/Hc54fRJmV5IqAJz2r9p4HPdJnfYuqAISyYjx/1hu
KySk5Y90RrcS8CKo4rUMl2bmk5ePJmftmILYkvlD11buOHzt/2UgrtVePEyYrgOE
SautzJNDeKRnYGqjY5xw9Zw7nSZ3R6scM2W7hpUcOwbHk+DLbyPqbwZ6np5zmWb0
GxNR0R1LompDuF9ovaXMeVyWg8cCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS0KyDw
ZI9uG8PpdAI5XvxA0XYamzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODU1MTI2NmMtZWY5OC00ZGQ3LTgwMWYtZDgxNmVlMmVlYWRlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOwMA0G
CSqGSIb3DQEBCwUAA4IBAQBj7QDmoTLPX6ygVOoPwkxYQZuMqJCgmUddQnPiipUV
YPqUG0wzmRDu1G1TGvurVYIfFPB7N+rD9H5JlvKkT7XXQZHAi66LVW2h7VUlHNp3
S2dj7EqBo8nzpTqVrL1Kc+vQZAjZuCJX4vtQ/2Sbyy6opFYDE30PmROav3Ugo1wQ
nMiyX4rLjsRXCsRLf5XeozKsDsrX/ecIcQOIz3dX7ABD26SmQSXLJSIMo3Lm+/Gv
0qf9a2GOEVyWtbh68LF1I6mFTxuUFoj/bhSbKG+bpRmanDuTjVMBCawlEI8so2X2
uxq3hQl7jF8wbb6f4rQT7ObM98qO5hUScYonAXych1d9
-----END CERTIFICATE-----
Generated at Fri Sep 8 16:38:26 2023 by rpki-client on console-fra.rpki-client.org