Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa
File:                     9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa (raw, json)
Hash identifier:          cz33Vh748y0xtlpdnuXbqBks/5nLZQlp6xbFrhW3Hq0=
Subject key identifier:   0C:25:FD:9E:B0:38:26:72:38:C8:A4:19:E4:5B:F5:FC:D6:9C:71:6C
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       4E60BDE658514BF880AAD5DC34668B6E4104E3FA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.139.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:60:bd:e6:58:51:4b:f8:80:aa:d5:dc:34:66:8b:6e:41:04:e3:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=8708c143708a3ce09f95b0acf480e5538a465231c9b51f882f244454922cc795, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:5d:fd:85:9c:d9:93:6f:3c:77:f3:45:73:b3:
                    3e:1a:89:fe:40:dc:55:71:05:2b:05:85:32:2a:1a:
                    55:b7:a8:74:34:ee:8a:0e:b9:0b:68:5f:3c:68:12:
                    21:30:9a:09:e0:ea:29:47:26:8a:40:df:e1:46:7a:
                    bf:48:92:02:4b:ed:e7:ff:12:00:e3:df:f5:c8:9d:
                    e2:13:c5:db:4f:8f:ed:b8:c6:fd:b7:7b:c0:73:0a:
                    b9:d1:56:5e:d7:94:a5:ec:69:fb:44:26:c6:17:3c:
                    ff:04:1a:a1:46:d0:3c:8f:b4:1e:7f:83:f9:12:52:
                    91:28:e6:90:fb:eb:02:6a:f8:a8:0c:68:50:4d:e3:
                    7e:75:87:19:41:c5:22:21:b1:a8:b1:07:b9:3e:7f:
                    6b:ff:d1:f2:94:65:ce:02:71:b1:e7:55:37:e9:99:
                    a9:9d:8d:7d:5e:0a:11:5f:35:0a:68:86:e2:b9:42:
                    e4:c6:03:cc:45:e7:54:03:23:a1:25:a5:e3:3a:df:
                    14:ad:e8:50:3a:ea:d0:94:14:d0:ad:0c:55:db:c7:
                    b8:f4:d3:6f:8c:88:bb:9e:a5:ff:a2:13:46:bf:bb:
                    c4:cf:ca:e4:b2:db:91:58:d5:83:3a:c8:8b:79:5d:
                    ee:9f:42:21:08:17:25:be:5a:18:06:a9:38:6f:67:
                    03:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:25:FD:9E:B0:38:26:72:38:C8:A4:19:E4:5B:F5:FC:D6:9C:71:6C
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.139.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         72:0f:d0:9a:a5:71:ba:04:18:c5:0a:0f:ec:c2:d8:56:6d:59:
         2d:d4:0e:1c:ea:7a:34:ef:6f:62:6d:a9:7a:4e:ff:06:8d:77:
         72:a4:e3:c8:90:9c:91:5f:a3:ea:9b:a2:ad:80:b9:1c:97:1e:
         3b:13:fd:e9:26:8f:2c:2d:9c:27:63:42:d9:f5:5f:6c:91:3a:
         0b:88:4e:23:5f:fc:7c:15:d6:33:53:e3:46:a2:f0:e4:6e:5a:
         61:1a:57:44:31:b4:9b:1e:55:0f:65:97:cc:a8:05:36:f0:6f:
         dc:68:9b:cb:ea:63:8f:5a:dd:6c:74:0f:42:f0:8d:28:27:a1:
         f6:83:49:a6:57:fb:77:19:f1:a0:85:93:79:bf:ff:03:63:51:
         88:14:ea:20:d3:e5:c7:c8:a8:ea:69:d5:1c:7e:7b:54:5c:77:
         43:73:f1:13:de:70:25:20:b8:98:a9:16:aa:ec:56:65:00:90:
         40:85:a9:25:59:9d:8d:b0:ab:eb:31:d8:14:a6:ec:e3:dc:69:
         7a:6d:ce:d2:34:83:80:fb:9d:75:6e:ae:82:00:22:3e:e3:25:
         e6:64:ec:0c:f3:5a:31:69:5d:e1:c8:51:20:b7:2b:99:ad:51:
         d7:a5:3b:e2:8f:03:d1:14:4c:2c:64:b5:9a:1e:e2:91:1d:18:
         41:be:57:a5
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUTmC95lhRS/iAqtXcNGaLbkEE4/owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDg3MDhjMTQzNzA4YTNjZTA5Zjk1YjBhY2Y0ODBlNTUzOGE0NjUyMzFjOWI1
MWY4ODJmMjQ0NDU0OTIyY2M3OTUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALJd/YWc2ZNvPHfzRXOzPhqJ/kDcVXEFKwWFMioaVbeodDTuig65C2hfPGgS
ITCaCeDqKUcmikDf4UZ6v0iSAkvt5/8SAOPf9cid4hPF20+P7bjG/bd7wHMKudFW
XteUpexp+0Qmxhc8/wQaoUbQPI+0Hn+D+RJSkSjmkPvrAmr4qAxoUE3jfnWHGUHF
IiGxqLEHuT5/a//R8pRlzgJxsedVN+mZqZ2NfV4KEV81CmiG4rlC5MYDzEXnVAMj
oSWl4zrfFK3oUDrq0JQU0K0MVdvHuPTTb4yIu56l/6ITRr+7xM/K5LLbkVjVgzrI
i3ld7p9CIQgXJb5aGAapOG9nA6MCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQMJf2e
sDgmcjjIpBnkW/X81pxxbDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWEzZWFlNWMtMDI3ZS00YzM4LWFiOGUtMzMwYjNlNWJhZDk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOLMA0G
CSqGSIb3DQEBCwUAA4IBAQByD9CapXG6BBjFCg/swthWbVkt1A4c6no0729ibal6
Tv8GjXdypOPIkJyRX6Pqm6KtgLkclx47E/3pJo8sLZwnY0LZ9V9skToLiE4jX/x8
FdYzU+NGovDkblphGldEMbSbHlUPZZfMqAU28G/caJvL6mOPWt1sdA9C8I0oJ6H2
g0mmV/t3GfGghZN5v/8DY1GIFOog0+XHyKjqadUcfntUXHdDc/ET3nAlILiYqRaq
7FZlAJBAhaklWZ2NsKvrMdgUpuzj3Gl6bc7SNIOA+511bq6CACI+4yXmZOwM81ox
aV3hyFEgtyuZrVHXpTvijwPRFEwsZLWaHuKRHRhBvlel
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:41:28 2023 by rpki-client on console-ams.rpki-client.org