Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9ebfa348-5910-4667-b4db-cfb5bb3acbc8.roa
File:                     9ebfa348-5910-4667-b4db-cfb5bb3acbc8.roa (raw, json)
Hash identifier:          jhGg7lq7qpx0LLJGBiDPsIc+Nv9mwDu3vXw0Rjm9dX8=
Subject key identifier:   9A:7B:E8:5A:C6:B5:03:6D:69:D2:24:28:6A:C7:ED:22:8E:3A:6D:B3
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       14D6ACCD65B5441B758BEEDAFB927147F82A8F6A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9ebfa348-5910-4667-b4db-cfb5bb3acbc8.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.188.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:d6:ac:cd:65:b5:44:1b:75:8b:ee:da:fb:92:71:47:f8:2a:8f:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=ef7e92ac042b19dbb713005dd4bf7d73a5c76868a5e14ffa688ea55ba137df86, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:57:24:53:09:ac:2f:c0:58:c4:6d:29:f3:cb:
                    b5:e2:c0:ee:28:2b:2b:86:15:dc:4d:20:5b:8c:e8:
                    c3:04:e2:ee:87:d9:cb:c3:85:d6:8e:2c:4f:3d:b4:
                    37:c8:84:e7:d9:e1:e9:36:86:54:a8:b4:c7:fd:80:
                    a2:9a:9c:bc:49:24:5e:24:93:c9:09:64:2b:88:97:
                    83:54:09:6e:fa:52:1f:ad:13:21:90:36:0c:76:9a:
                    57:78:34:e3:df:fa:62:67:b0:c9:f5:32:41:70:c2:
                    98:88:af:0a:e6:28:b1:39:f8:79:2c:87:b0:5f:6d:
                    a0:1c:9c:63:43:4f:65:e6:81:66:ec:8a:ad:46:6e:
                    61:d0:85:c5:a6:be:48:23:4b:9f:46:ae:80:bc:8c:
                    13:97:2d:a2:fe:0a:c4:4e:9d:d1:d0:3a:8b:89:12:
                    37:33:4a:c7:f3:b0:49:cb:b4:08:86:e3:79:8b:e3:
                    67:1c:bd:2f:92:30:d6:8a:62:57:fe:96:c5:a0:e7:
                    7e:18:cd:d2:5a:64:e8:d1:b9:3a:4b:bc:a3:ad:25:
                    d3:3f:2d:f5:d3:d6:52:df:d6:c7:64:3c:c5:ee:19:
                    a7:71:6d:ae:08:72:88:e2:af:da:09:5c:7e:a9:78:
                    4e:3a:3d:3c:ff:9f:76:65:35:e3:95:5b:40:05:43:
                    e1:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:7B:E8:5A:C6:B5:03:6D:69:D2:24:28:6A:C7:ED:22:8E:3A:6D:B3
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9ebfa348-5910-4667-b4db-cfb5bb3acbc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.188.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         5f:90:70:ee:fe:6d:3e:47:07:f4:c4:00:97:e4:53:98:26:f1:
         1d:8a:d2:45:b0:43:ac:c6:1c:35:87:fb:b2:77:57:7e:df:8f:
         6f:ea:42:58:be:f3:ce:33:1e:2e:18:5b:75:1c:d1:c6:36:78:
         87:58:85:ef:6e:f2:12:07:27:93:6a:65:94:ed:46:37:65:30:
         cf:de:f2:32:16:b7:e2:b3:24:ed:f8:f7:5d:1f:53:2d:21:3d:
         30:ef:25:73:a4:64:36:e7:7a:84:a5:c7:db:cc:ec:33:28:3e:
         8f:d2:98:f7:46:da:59:b4:a3:1f:5c:ae:3d:a4:8e:80:b4:39:
         d2:4e:27:8f:4e:4d:bb:15:ea:a6:6c:d1:6f:11:02:39:c6:a7:
         d3:fd:28:35:cc:dd:ef:34:0c:a5:7d:77:ab:b2:c1:b7:47:ad:
         c7:c4:ac:12:3f:40:cf:e6:3c:70:1e:fc:a3:e5:68:58:11:61:
         bb:f9:13:7d:55:fe:5a:b3:b7:b7:a0:87:c2:1c:b5:cd:55:d6:
         01:6a:45:1c:8f:33:21:b7:31:a9:63:f5:35:8c:7d:df:45:9a:
         40:13:80:eb:ed:16:c0:4c:47:f0:19:c0:e7:c9:19:0b:99:f3:
         68:74:92:3c:c8:08:01:0c:77:9b:cd:94:13:6d:5e:ca:df:46:
         3f:52:88:35
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUFNaszWW1RBt1i+7a+5JxR/gqj2owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQGVmN2U5MmFjMDQyYjE5ZGJiNzEzMDA1ZGQ0YmY3ZDczYTVjNzY4NjhhNWUx
NGZmYTY4OGVhNTViYTEzN2RmODYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK5XJFMJrC/AWMRtKfPLteLA7igrK4YV3E0gW4zowwTi7ofZy8OF1o4sTz20
N8iE59nh6TaGVKi0x/2AopqcvEkkXiSTyQlkK4iXg1QJbvpSH60TIZA2DHaaV3g0
49/6YmewyfUyQXDCmIivCuYosTn4eSyHsF9toBycY0NPZeaBZuyKrUZuYdCFxaa+
SCNLn0augLyME5ctov4KxE6d0dA6i4kSNzNKx/OwScu0CIbjeYvjZxy9L5Iw1opi
V/6WxaDnfhjN0lpk6NG5Oku8o60l0z8t9dPWUt/Wx2Q8xe4Zp3FtrghyiOKv2glc
fql4Tjo9PP+fdmU145VbQAVD4dcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSae+ha
xrUDbWnSJChqx+0ijjptszAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWViZmEzNDgtNTkxMC00NjY3LWI0ZGItY2ZiNWJiM2FjYmM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATO8MA0G
CSqGSIb3DQEBCwUAA4IBAQBfkHDu/m0+Rwf0xACX5FOYJvEditJFsEOsxhw1h/uy
d1d+349v6kJYvvPOMx4uGFt1HNHGNniHWIXvbvISByeTamWU7UY3ZTDP3vIyFrfi
syTt+PddH1MtIT0w7yVzpGQ253qEpcfbzOwzKD6P0pj3RtpZtKMfXK49pI6AtDnS
TiePTk27FeqmbNFvEQI5xqfT/Sg1zN3vNAylfXerssG3R63HxKwSP0DP5jxwHvyj
5WhYEWG7+RN9Vf5as7e3oIfCHLXNVdYBakUcjzMhtzGpY/U1jH3fRZpAE4Dr7RbA
TEfwGcDnyRkLmfNodJI8yAgBDHebzZQTbV7K30Y/Uog1
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:41:28 2023 by rpki-client on console-ams.rpki-client.org