Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa
File:                     c2c395e2-491c-4141-ba1e-1b3717841063.roa (raw, json)
Hash identifier:          hAU27TU8SvSmD7EnSEMnAg1dnb+8WlwEgOLFhC4QZpE=
Subject key identifier:   E0:15:B9:DE:C1:7B:D0:B4:1A:81:BB:6F:3B:B0:32:7A:23:7C:D5:DA
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       7426D0250F4DEDD5FD570FB475DAA29157459C7B
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa
Signing time:             Tue 03 Oct 2023 00:00:00 +0000
ROA not before:           Tue 03 Oct 2023 00:00:00 +0000
ROA not after:            Tue 07 Nov 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.152.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Oct 2023 08:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:26:d0:25:0f:4d:ed:d5:fd:57:0f:b4:75:da:a2:91:57:45:9c:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Oct  3 00:00:00 2023 GMT
            Not After : Nov  7 23:59:59 2023 GMT
        Subject: serialNumber=2be986a7ccf0daec5b450a7efbef0ce72befdc1b0c8992cb0a9b9570e3833e35, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:23:5a:ae:c0:91:67:47:0d:09:18:d7:93:58:
                    7b:88:72:20:5c:42:64:b3:c6:a7:25:a9:62:18:3f:
                    59:ad:aa:d7:0f:68:36:38:03:5b:92:f6:95:12:44:
                    a9:b6:f9:7f:93:d0:f1:af:45:e3:9f:b8:a5:49:9a:
                    2f:f3:5c:7f:5c:c5:50:01:02:4e:55:27:5f:b3:27:
                    e9:ac:33:83:43:62:e1:4e:db:99:7a:2f:71:f4:47:
                    e0:b8:1f:68:9c:07:1e:c3:c2:98:00:3a:a8:c4:1a:
                    a9:da:81:e4:f1:1a:cf:67:d9:5f:c8:d9:5e:bc:58:
                    69:ad:fd:32:a8:99:87:9a:6c:66:06:02:e4:a3:f9:
                    1f:5c:4f:a2:75:2d:bb:b5:e5:1d:0e:85:8c:f2:a4:
                    1f:de:69:ff:01:1c:2e:41:48:0b:b1:a6:32:a2:b1:
                    50:cf:29:b2:6a:a0:6c:8a:1f:da:fc:5d:1f:70:57:
                    0b:7b:74:c0:05:95:d8:a2:2c:4f:81:80:70:d6:ef:
                    01:d2:75:c9:3a:21:85:b6:bb:bc:69:7d:1a:e4:9a:
                    10:18:96:93:48:f2:d6:80:c4:dc:21:17:6e:88:3d:
                    f5:fa:62:10:04:6d:7b:66:42:29:72:61:13:34:52:
                    a4:98:6b:d7:42:d3:24:2b:73:af:d1:64:56:11:5e:
                    60:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:15:B9:DE:C1:7B:D0:B4:1A:81:BB:6F:3B:B0:32:7A:23:7C:D5:DA
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.152.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         0e:f3:9d:ae:fb:b0:a6:cb:df:e0:7a:f3:b9:b4:ea:1a:f0:42:
         fc:f3:97:d2:a6:a1:9d:fe:3f:30:7a:a9:80:f4:b5:95:81:cb:
         73:57:15:4b:15:da:06:bd:7c:97:d6:13:4b:6e:8a:d6:38:8f:
         cf:6f:0a:c1:a6:75:4c:ce:da:74:e7:2f:eb:f8:9c:8d:f2:be:
         7e:69:04:41:05:a3:51:b3:b3:71:55:6a:86:5b:da:e3:de:90:
         dc:52:50:d7:a8:a9:c9:df:42:6f:a7:8e:07:4e:e4:76:d5:1f:
         44:8c:cc:86:44:cf:c1:7a:78:a6:aa:4c:f5:91:32:3e:c1:4f:
         65:47:ce:1e:fd:db:55:ee:97:a2:93:1f:41:aa:08:a9:d6:4f:
         e0:39:47:ee:8d:bf:ea:d5:d6:57:de:4b:41:b0:b4:50:ed:66:
         fc:ba:9b:28:6a:1f:32:84:86:76:f1:c5:08:20:7b:f8:4d:2b:
         66:7c:57:92:ef:10:e4:94:d8:b5:65:33:ab:c3:b2:2c:04:4b:
         5d:a1:28:24:ee:b9:e8:06:99:7c:e4:c6:3d:1a:97:8b:36:6d:
         6d:2a:5c:70:28:40:83:46:97:c4:ec:cd:ef:09:6c:c8:e4:c9:
         f6:b8:a3:5a:d2:0b:31:55:87:fa:fc:13:89:aa:16:1a:0b:f3:
         1a:a4:07:39
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUdCbQJQ9N7dX9Vw+0ddqikVdFnHswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzEwMDMwMDAwMDBaFw0yMzExMDcyMzU5NTlaMHoxSTBHBgNV
BAUTQDJiZTk4NmE3Y2NmMGRhZWM1YjQ1MGE3ZWZiZWYwY2U3MmJlZmRjMWIwYzg5
OTJjYjBhOWI5NTcwZTM4MzNlMzUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPAjWq7AkWdHDQkY15NYe4hyIFxCZLPGpyWpYhg/Wa2q1w9oNjgDW5L2lRJE
qbb5f5PQ8a9F45+4pUmaL/Ncf1zFUAECTlUnX7Mn6awzg0Ni4U7bmXovcfRH4Lgf
aJwHHsPCmAA6qMQaqdqB5PEaz2fZX8jZXrxYaa39MqiZh5psZgYC5KP5H1xPonUt
u7XlHQ6FjPKkH95p/wEcLkFIC7GmMqKxUM8psmqgbIof2vxdH3BXC3t0wAWV2KIs
T4GAcNbvAdJ1yTohhba7vGl9GuSaEBiWk0jy1oDE3CEXbog99fpiEARte2ZCKXJh
EzRSpJhr10LTJCtzr9FkVhFeYO0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTgFbne
wXvQtBqBu287sDJ6I3zV2jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YzJjMzk1ZTItNDkxYy00MTQxLWJhMWUtMWIzNzE3ODQxMDYzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOYMA0G
CSqGSIb3DQEBCwUAA4IBAQAO852u+7Cmy9/gevO5tOoa8EL885fSpqGd/j8weqmA
9LWVgctzVxVLFdoGvXyX1hNLborWOI/PbwrBpnVMztp05y/r+JyN8r5+aQRBBaNR
s7NxVWqGW9rj3pDcUlDXqKnJ30Jvp44HTuR21R9EjMyGRM/Benimqkz1kTI+wU9l
R84e/dtV7peikx9Bqgip1k/gOUfujb/q1dZX3ktBsLRQ7Wb8upsoah8yhIZ28cUI
IHv4TStmfFeS7xDklNi1ZTOrw7IsBEtdoSgk7rnoBpl85MY9GpeLNm1tKlxwKECD
RpfE7M3vCWzI5Mn2uKNa0gsxVYf6/BOJqhYaC/MapAc5
-----END CERTIFICATE-----
Generated at Tue Oct 3 15:52:36 2023 by rpki-client on console-fra.rpki-client.org