Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa
File:                     9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa (raw, json)
Hash identifier:          C3YnlC55PWT7YsKj2S3bURBTiWvNu79nz1HVU/kdU/0=
Subject key identifier:   DE:FC:05:44:36:63:24:71:75:A0:62:0F:83:A4:08:78:E2:17:C3:A8
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       2239BF158782BEC13BA327F239AA6977C902952B
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa
Signing time:             Thu 16 Mar 2023 00:00:00 +0000
ROA not before:           Thu 16 Mar 2023 00:00:00 +0000
ROA not after:            Thu 20 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.74.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Mar 2023 21:42:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:39:bf:15:87:82:be:c1:3b:a3:27:f2:39:aa:69:77:c9:02:95:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 16 00:00:00 2023 GMT
            Not After : Apr 20 23:59:59 2023 GMT
        Subject: serialNumber=2e83ba33c387f8aeef12efc622e14a61035562c83db5cbe3732107625fca82df, CN=c336411a-6651-4f13-8ef9-de681c7c9444, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:f9:84:e2:51:13:6a:be:7e:d1:af:84:84:b3:
                    67:b1:2f:65:49:4a:51:b3:25:a4:bb:89:83:a8:3b:
                    2b:93:f2:d3:78:ee:7a:7b:10:43:18:55:e5:ad:8f:
                    8c:fd:23:bd:e2:25:dc:ff:05:79:1c:58:fd:8f:e0:
                    71:e1:e0:51:db:36:40:d4:c5:8e:a6:0c:a8:ba:b7:
                    81:31:30:5f:f0:47:72:0b:ef:c3:0a:b5:0d:52:9a:
                    04:94:22:29:61:01:b2:f4:86:2d:e0:96:7e:cb:66:
                    2d:d8:0b:d1:94:8b:5a:cb:47:ae:cf:d0:ba:b3:4f:
                    53:0a:7a:04:ef:3c:46:39:8b:02:34:55:6f:fe:fe:
                    fb:4f:59:fa:d8:0f:bd:9d:2e:07:dd:ca:6b:6c:8f:
                    b9:04:31:6d:27:83:46:bb:3a:6e:c7:82:a7:57:1d:
                    c7:fe:1b:10:8b:89:84:88:8e:c5:08:96:42:72:fa:
                    47:9b:dc:92:f5:bd:6c:c3:f3:d7:93:41:0e:fc:65:
                    7d:e9:5b:fa:d0:49:5d:75:2d:c9:c5:16:41:77:75:
                    01:e6:3e:e6:0f:0b:41:93:17:3f:cd:25:df:96:a0:
                    d7:ce:59:44:a5:62:cc:cb:20:78:03:04:33:77:e2:
                    f9:c1:cd:ff:2e:8c:c1:87:d4:6c:e6:4d:a9:4b:50:
                    0d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                DE:FC:05:44:36:63:24:71:75:A0:62:0F:83:A4:08:78:E2:17:C3:A8
            X509v3 Authority Key Identifier: 
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.74.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ae:24:8c:27:0a:68:22:e6:ce:67:bc:40:50:9c:2a:28:ca:8b:
         50:5f:ad:86:41:43:c8:ba:de:46:21:02:bb:52:83:d4:c5:93:
         95:9f:3e:c6:66:8f:db:48:ec:b3:2e:5b:76:96:31:f3:76:47:
         26:c9:1e:f5:43:23:f7:cc:c7:e6:1d:2a:f6:84:01:1c:52:03:
         6e:2e:9b:6f:05:cc:1c:3e:8f:a4:cc:d1:0a:a6:64:fc:25:c0:
         41:c3:68:88:6c:d3:ab:90:1f:56:a1:10:5f:0a:da:77:31:72:
         24:19:4e:b4:36:0a:6f:eb:66:3c:79:77:ed:81:5d:4d:fe:c3:
         dd:6d:96:e1:1f:2c:f7:09:0e:af:7c:38:e4:bb:33:16:be:00:
         85:af:b7:40:da:0f:fe:cf:61:e9:3d:7f:80:3c:17:fd:ff:7f:
         b7:19:b2:56:49:58:bd:86:92:a2:5f:9d:6f:9f:38:0a:c8:9c:
         92:d7:56:e3:01:26:09:46:14:51:dc:38:ca:22:6c:88:7f:3a:
         6a:05:08:6b:43:92:fe:b1:04:83:c7:34:6d:65:75:2c:15:05:
         e5:27:4f:7d:a0:03:47:60:1e:bd:47:ce:fa:47:d9:a6:e2:ae:
         92:3d:92:00:00:c5:95:d1:b8:09:81:b7:eb:07:1d:55:6f:5c:
         3a:4d:96:6d
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgIUIjm/FYeCvsE7oyfyOappd8kClSswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzAzMTYwMDAwMDBaFw0yMzA0MjAyMzU5NTlaMIGlMUkwRwYD
VQQFE0AyZTgzYmEzM2MzODdmOGFlZWYxMmVmYzYyMmUxNGE2MTAzNTU2MmM4M2Ri
NWNiZTM3MzIxMDc2MjVmY2E4MmRmMS0wKwYDVQQDEyRjMzM2NDExYS02NjUxLTRm
MTMtOGVmOS1kZTY4MWM3Yzk0NDQxFDASBgNVBAsTC0FtYXpvbiBSUEtJMRMwEQYD
VQQKEwpBbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
ivmE4lETar5+0a+EhLNnsS9lSUpRsyWku4mDqDsrk/LTeO56exBDGFXlrY+M/SO9
4iXc/wV5HFj9j+Bx4eBR2zZA1MWOpgyoureBMTBf8EdyC+/DCrUNUpoElCIpYQGy
9IYt4JZ+y2Yt2AvRlItay0euz9C6s09TCnoE7zxGOYsCNFVv/v77T1n62A+9nS4H
3cprbI+5BDFtJ4NGuzpux4KnVx3H/hsQi4mEiI7FCJZCcvpHm9yS9b1sw/PXk0EO
/GV96Vv60ElddS3JxRZBd3UB5j7mDwtBkxc/zSXflqDXzllEpWLMyyB4AwQzd+L5
wc3/LozBh9Rs5k2pS1AN2QIDAQABo4ICIDCCAhwwHQYDVR0OBBYEFN78BUQ2YyRx
daBiD4OkCHjiF8OoMB8GA1UdIwQYMBaAFEU/R0Y1TirRXOfr2Nwh+WwOXIfPMA4G
A1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvUlQ5SFJqVk9LdEZj
NS12WTNDSDViQTVjaDg4LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsGAQUF
BzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20v
dm9sdW1lLzk2N2EyNTVjLWQ2ODAtNDJkMy05ZWMzLWVjYjNmOWRhMDg4Yy85ZTU2
NTEwYi01ZjFjLTQ3ZjYtOGE1NC0yZWY5Yzk2YzU3MmMucm9hMIGIBgNVHR8EgYAw
fjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
X2xBaTVUSERzUWRQWUE5bm1FVDZvbEh1VmM4LmNybDAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAM0owDQYJKoZI
hvcNAQELBQADggEBAK4kjCcKaCLmzme8QFCcKijKi1BfrYZBQ8i63kYhArtSg9TF
k5WfPsZmj9tI7LMuW3aWMfN2RybJHvVDI/fMx+YdKvaEARxSA24um28FzBw+j6TM
0QqmZPwlwEHDaIhs06uQH1ahEF8K2ncxciQZTrQ2Cm/rZjx5d+2BXU3+w91tluEf
LPcJDq98OOS7Mxa+AIWvt0DaD/7PYek9f4A8F/3/f7cZslZJWL2GkqJfnW+fOArI
nJLXVuMBJglGFFHcOMoibIh/OmoFCGtDkv6xBIPHNG1ldSwVBeUnT32gA0dgHr1H
zvpH2abirpI9kgAAxZXRuAmBt+sHHVVvXDpNlm0=
-----END CERTIFICATE-----
Generated at Thu Mar 16 00:30:03 2023 by rpki-client on console-fra.rpki-client.org