Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a08b99a-284f-4e69-83b1-fbfba94e7f22.roa
File:                     9a08b99a-284f-4e69-83b1-fbfba94e7f22.roa (raw, json)
Hash identifier:          dhfOALuzU7KUyaWyveP4Vkb6PPMWGc8RtPJYqfvVVKY=
Subject key identifier:   BA:5B:B6:65:6E:9B:B8:C9:D7:B3:D5:E3:74:B5:B2:1D:9E:80:C6:6B
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       1B398EEBC766020CE6D081518FF34D77B01CF28B
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a08b99a-284f-4e69-83b1-fbfba94e7f22.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        145.55.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:39:8e:eb:c7:66:02:0c:e6:d0:81:51:8f:f3:4d:77:b0:1c:f2:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=8e6da2ea71dc7783d7567a1b2d08a9f7383c097088d8ee88acab35d4181c3f72, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:74:f8:8a:7c:2e:b7:37:9f:e6:be:4b:b6:34:
                    c5:4d:33:9a:28:5a:29:38:d8:e5:ee:ec:28:58:34:
                    8a:bc:6c:8c:e0:d1:d1:50:48:03:6f:16:71:e2:d7:
                    ac:98:f5:eb:0d:4b:2e:14:16:61:e1:45:df:13:d0:
                    68:26:45:9a:d4:08:f1:3b:0c:96:ba:56:92:09:c5:
                    0c:d9:1f:ee:1f:78:9d:c8:2b:b7:40:24:96:fa:ce:
                    c9:c9:10:9d:eb:48:f5:06:a4:d1:20:46:b5:ac:18:
                    3e:20:20:d3:5e:03:43:62:66:e5:b8:39:93:3d:96:
                    b4:9b:94:c0:78:b7:ea:09:32:e4:c6:f6:1f:dd:4c:
                    47:b0:15:e4:95:0c:49:4d:00:7d:4c:a1:e7:6f:74:
                    51:79:a1:bf:09:02:94:4e:8f:09:42:47:03:80:17:
                    df:fa:44:9e:28:50:da:d8:bb:37:c9:32:4d:e7:76:
                    c6:f3:20:21:3a:73:25:82:9d:0e:a6:39:4d:4e:0d:
                    f3:6d:b5:b5:0e:5b:98:85:a8:27:92:6c:03:f4:77:
                    1f:d4:44:72:d6:25:d0:f4:f8:80:7d:e0:7b:00:e8:
                    cc:9d:bd:37:56:74:0b:91:0a:d3:ef:57:4f:0e:b7:
                    ed:fe:ba:f2:43:2f:d4:64:bd:59:f3:23:41:e7:4d:
                    b6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:5B:B6:65:6E:9B:B8:C9:D7:B3:D5:E3:74:B5:B2:1D:9E:80:C6:6B
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a08b99a-284f-4e69-83b1-fbfba94e7f22.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.55.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         54:5f:2d:04:00:3d:b5:18:7f:82:43:3e:81:da:4a:d1:fc:c4:
         c8:2f:b1:09:50:77:5d:90:29:94:99:a3:74:44:dc:cb:c3:da:
         e8:87:c1:63:32:1a:ea:fe:d0:0d:77:1d:af:43:b5:47:7c:b6:
         9e:c2:ad:5e:58:40:da:74:34:a8:66:2c:dc:30:1f:08:65:43:
         60:9b:43:19:bd:f6:9f:a8:9f:ff:5a:4e:0e:5d:79:35:b3:54:
         dc:fe:49:6c:84:7a:ef:b1:e6:2a:87:4e:34:01:ae:c3:7c:eb:
         16:35:fd:39:b1:95:18:ce:1c:a8:78:d4:0e:73:4d:05:ea:1c:
         2d:c3:7f:09:04:31:c3:5a:06:04:62:f9:b9:d5:f0:5b:4f:f1:
         97:e0:ce:0a:d2:01:f9:54:a5:d2:51:40:a1:19:e6:ce:d4:12:
         63:75:9e:87:4a:1e:86:60:d3:0b:53:3f:10:bd:66:d9:e6:73:
         0d:e2:27:84:e3:8b:19:7c:f7:c1:a1:8a:f7:4a:34:8e:64:af:
         84:1e:1a:83:7b:27:7a:4f:8e:df:44:dc:83:d6:c0:45:99:c2:
         13:54:23:98:a5:1d:22:a9:22:39:3d:cf:b9:a6:ba:ce:b1:dc:
         4a:07:14:73:20:0f:61:6c:b1:a2:7a:99:3b:fd:15:d9:aa:8d:
         75:f8:16:21
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUGzmO68dmAgzm0IFRj/NNd7Ac8oswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDhlNmRhMmVhNzFkYzc3ODNkNzU2N2ExYjJkMDhhOWY3MzgzYzA5NzA4OGQ4
ZWU4OGFjYWIzNWQ0MTgxYzNmNzIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJJ0+Ip8Lrc3n+a+S7Y0xU0zmihaKTjY5e7sKFg0irxsjODR0VBIA28WceLX
rJj16w1LLhQWYeFF3xPQaCZFmtQI8TsMlrpWkgnFDNkf7h94ncgrt0AklvrOyckQ
netI9Qak0SBGtawYPiAg014DQ2Jm5bg5kz2WtJuUwHi36gky5Mb2H91MR7AV5JUM
SU0AfUyh5290UXmhvwkClE6PCUJHA4AX3/pEnihQ2ti7N8kyTed2xvMgITpzJYKd
DqY5TU4N8221tQ5bmIWoJ5JsA/R3H9REctYl0PT4gH3gewDozJ29N1Z0C5EK0+9X
Tw637f668kMv1GS9WfMjQedNtncCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS6W7Zl
bpu4ydez1eN0tbIdnoDGazAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWEwOGI5OWEtMjg0Zi00ZTY5LTgzYjEtZmJmYmE5NGU3ZjIyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJE3MA0G
CSqGSIb3DQEBCwUAA4IBAQBUXy0EAD21GH+CQz6B2krR/MTIL7EJUHddkCmUmaN0
RNzLw9roh8FjMhrq/tANdx2vQ7VHfLaewq1eWEDadDSoZizcMB8IZUNgm0MZvfaf
qJ//Wk4OXXk1s1Tc/klshHrvseYqh040Aa7DfOsWNf05sZUYzhyoeNQOc00F6hwt
w38JBDHDWgYEYvm51fBbT/GX4M4K0gH5VKXSUUChGebO1BJjdZ6HSh6GYNMLUz8Q
vWbZ5nMN4ieE44sZfPfBoYr3SjSOZK+EHhqDeyd6T47fRNyD1sBFmcITVCOYpR0i
qSI5Pc+5prrOsdxKBxRzIA9hbLGiepk7/RXZqo11+BYh
-----END CERTIFICATE-----
Generated at Fri Sep 8 16:38:26 2023 by rpki-client on console-fra.rpki-client.org