Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa
File:                     9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa (raw, json)
Hash identifier:          z44aX133Wsmjb9U8s2vjgCUR/+Fih6bTlNrLrK6QJyQ=
Subject key identifier:   7A:4E:F6:DC:D0:C9:B8:DB:32:A7:21:F5:EB:E4:62:A5:87:23:5E:B1
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6C9AEAF5574390C24998BDA17DD2D0AD81EB5638
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.74.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Sep 2023 23:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:9a:ea:f5:57:43:90:c2:49:98:bd:a1:7d:d2:d0:ad:81:eb:56:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=8f3ce5db704b7363467d6a00e75912a7325e1f27e91de39cf24604925bf801ba, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:d4:22:88:22:71:4b:8a:a3:61:45:79:a0:cf:
                    de:90:80:52:07:21:f9:19:dd:30:a9:b8:76:6e:1b:
                    ca:11:55:af:ac:36:0b:0c:c4:25:a2:01:5f:6a:76:
                    7a:ed:de:d2:ba:03:ef:57:66:29:07:ec:05:56:2f:
                    59:66:64:01:ed:6c:7f:b1:49:e5:88:31:d5:1c:3d:
                    f2:2c:da:0b:06:a9:08:0b:7b:34:99:ad:58:c7:b7:
                    6c:fa:2b:c6:b4:48:36:30:85:70:90:dc:48:d2:db:
                    7d:b1:3f:fe:93:f4:3d:ff:7e:f4:2a:f9:a6:6e:a4:
                    fe:09:f5:2b:6f:66:95:cb:e1:b8:36:f5:33:70:3d:
                    88:f2:e0:57:5b:5d:2d:72:b5:fd:dd:72:d3:78:0f:
                    68:dc:f8:09:26:b3:ed:ab:cb:18:bf:a3:df:bd:26:
                    46:45:49:86:10:62:90:4c:81:64:a8:ed:50:5e:15:
                    78:d7:1c:1a:00:38:e0:1d:8d:eb:c7:54:f2:b6:a3:
                    ec:9b:6b:76:38:f0:88:fd:e4:8c:1b:16:18:07:5c:
                    18:d8:c9:9f:74:78:e2:cf:de:63:4f:a0:37:d2:2c:
                    8b:5d:db:fa:2a:cc:e1:57:82:56:27:82:cd:37:b2:
                    ae:1a:41:7f:77:f8:10:78:10:0a:03:8e:81:de:af:
                    63:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:4E:F6:DC:D0:C9:B8:DB:32:A7:21:F5:EB:E4:62:A5:87:23:5E:B1
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.74.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1e:ad:5e:b7:0e:a1:5c:7a:7e:3c:3f:20:d1:7a:0b:04:77:40:
         b7:b4:43:41:56:3f:b7:4b:7f:d4:15:e7:5e:1a:dc:be:a0:63:
         e0:31:3a:1f:d5:5b:df:3d:ca:c1:ce:71:a8:86:d3:c7:8a:5a:
         d6:ae:3e:65:cb:67:dc:df:4e:55:b6:4a:8f:83:af:e8:27:f5:
         eb:9e:99:7f:ce:fd:60:18:d0:a1:9d:bb:53:d7:10:d1:66:da:
         ee:5c:80:b8:db:2a:24:c2:37:2e:05:80:fb:6a:57:3e:03:ab:
         7c:a7:0e:d5:be:d5:2d:6c:1c:06:d2:1e:b2:16:f8:a1:a5:65:
         25:11:73:96:a9:82:b8:e5:ab:f0:78:5c:6f:40:be:d5:a5:a5:
         b5:ca:c1:0f:d4:52:fc:9f:4d:22:76:df:0e:d4:2c:97:e8:ae:
         70:7a:6f:56:9d:21:df:47:14:e4:98:2b:ec:5f:01:c1:90:fc:
         8f:44:39:db:19:26:bd:70:69:42:6c:f3:d8:ae:3c:19:ef:a4:
         e2:d3:ab:a6:aa:e8:59:93:d6:68:ea:12:0e:f9:7c:bb:82:8d:
         8b:90:8e:1f:bd:b6:d7:0c:83:9c:00:b9:98:af:0d:53:ec:59:
         e1:0f:c7:9d:39:da:c8:e4:be:55:bc:ae:51:6d:ab:23:f7:45:
         62:65:d3:3a
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUbJrq9VdDkMJJmL2hfdLQrYHrVjgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDhmM2NlNWRiNzA0YjczNjM0NjdkNmEwMGU3NTkxMmE3MzI1ZTFmMjdlOTFk
ZTM5Y2YyNDYwNDkyNWJmODAxYmExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANDUIogicUuKo2FFeaDP3pCAUgch+RndMKm4dm4byhFVr6w2CwzEJaIBX2p2
eu3e0roD71dmKQfsBVYvWWZkAe1sf7FJ5Ygx1Rw98izaCwapCAt7NJmtWMe3bPor
xrRINjCFcJDcSNLbfbE//pP0Pf9+9Cr5pm6k/gn1K29mlcvhuDb1M3A9iPLgV1td
LXK1/d1y03gPaNz4CSaz7avLGL+j370mRkVJhhBikEyBZKjtUF4VeNccGgA44B2N
68dU8raj7JtrdjjwiP3kjBsWGAdcGNjJn3R44s/eY0+gN9Isi13b+irM4VeCVieC
zTeyrhpBf3f4EHgQCgOOgd6vYzECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBR6Tvbc
0Mm42zKnIfXr5GKlhyNesTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWU1NjUxMGItNWYxYy00N2Y2LThhNTQtMmVmOWM5NmM1NzJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNKMA0G
CSqGSIb3DQEBCwUAA4IBAQAerV63DqFcen48PyDRegsEd0C3tENBVj+3S3/UFede
Gty+oGPgMTof1VvfPcrBznGohtPHilrWrj5ly2fc305VtkqPg6/oJ/Xrnpl/zv1g
GNChnbtT1xDRZtruXIC42yokwjcuBYD7alc+A6t8pw7VvtUtbBwG0h6yFvihpWUl
EXOWqYK45avweFxvQL7VpaW1ysEP1FL8n00idt8O1CyX6K5wem9WnSHfRxTkmCvs
XwHBkPyPRDnbGSa9cGlCbPPYrjwZ76Ti06umquhZk9Zo6hIO+Xy7go2LkI4fvbbX
DIOcALmYrw1T7FnhD8edOdrI5L5VvK5Rbasj90ViZdM6
-----END CERTIFICATE-----
Generated at Fri Sep 8 00:38:22 2023 by rpki-client on console-ams.rpki-client.org