Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c339f126-7fea-49c7-a129-4df9886e5309.roa
File:                     c339f126-7fea-49c7-a129-4df9886e5309.roa (raw, json)
Hash identifier:          l18sGz8DQrjBnOgso33To/GoEuuiid5SQ0/OCTzLBsg=
Subject key identifier:   D2:8B:B7:5A:0D:C5:78:C9:B3:41:F5:5F:03:48:AC:18:E0:DE:2B:7C
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       0E884AB886CCF8E0362B464D4665847C7496E6F9
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c339f126-7fea-49c7-a129-4df9886e5309.roa
Signing time:             Mon 28 Aug 2023 00:00:00 +0000
ROA not before:           Mon 28 Aug 2023 00:00:00 +0000
ROA not after:            Mon 02 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.0.112.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Aug 2023 14:09:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:88:4a:b8:86:cc:f8:e0:36:2b:46:4d:46:65:84:7c:74:96:e6:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Aug 28 00:00:00 2023 GMT
            Not After : Oct  2 23:59:59 2023 GMT
        Subject: serialNumber=eb2287b538fe73cbf8571841767481dc532242a7d908d30b9bc5b6da2ffe8b61, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:7c:8d:30:b3:38:0a:99:fd:5a:7e:17:0e:ba:
                    0d:8d:1c:41:5d:91:32:e7:d3:c6:0f:fb:01:74:28:
                    26:30:10:7a:49:a8:06:b4:1f:08:7c:32:20:90:1d:
                    c2:6b:c2:88:a2:b3:2b:1d:1d:6e:8e:c4:ae:37:5b:
                    aa:4b:5c:c5:65:b7:af:0a:dd:29:10:22:2c:14:f8:
                    35:71:66:96:23:b5:1e:f7:c2:da:fd:b9:e9:65:e3:
                    6c:2e:0c:57:47:f1:2b:c1:62:54:17:ce:bf:cb:34:
                    fd:97:70:d1:3f:cc:66:ff:23:d1:d9:0d:e8:a9:3c:
                    a5:bd:f4:aa:a0:d0:ef:50:6f:ce:ea:23:63:45:84:
                    e6:a0:d2:da:da:a6:9b:0d:c5:3f:df:5f:24:87:b4:
                    72:75:75:7e:4f:9b:2c:4c:83:79:b9:7b:8d:a9:31:
                    b8:4f:d1:15:b8:f6:d5:8d:fb:49:33:1f:fd:59:f4:
                    30:a4:31:7b:c1:09:95:33:a6:43:d7:62:f0:53:99:
                    c7:25:41:7a:c4:ba:ee:bb:c2:da:b0:a0:9d:40:ae:
                    cf:eb:84:aa:b4:7e:75:fa:31:a8:15:c5:87:5a:61:
                    f5:cc:50:d8:a2:37:73:2a:ff:f6:e9:bf:3c:be:e6:
                    80:86:06:40:de:77:0c:1e:40:0f:be:64:39:a8:1b:
                    13:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:8B:B7:5A:0D:C5:78:C9:B3:41:F5:5F:03:48:AC:18:E0:DE:2B:7C
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c339f126-7fea-49c7-a129-4df9886e5309.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.0.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         83:69:fe:8c:75:f1:fc:86:77:cf:49:aa:bf:f4:23:58:5a:d3:
         9a:f8:bd:40:d1:7d:c2:4e:df:e3:88:37:6b:b7:61:96:d8:27:
         8b:8f:58:94:48:14:58:b1:44:00:81:15:0c:ac:f3:52:5a:3b:
         f9:7a:76:62:5f:ec:10:74:19:ac:d6:b1:8c:51:17:d1:9e:ff:
         cf:11:b3:7d:e4:03:32:cc:ab:68:d0:b5:cc:75:04:ae:22:90:
         54:ac:48:17:cf:98:fa:e0:90:de:ce:ec:a6:35:b9:b1:31:39:
         14:d8:48:e6:a1:85:db:58:36:78:61:fd:52:63:b2:3b:99:68:
         bf:c3:1c:2c:90:0e:e9:43:d6:c5:c8:11:b0:03:e4:6b:d7:c9:
         db:ed:69:d7:2e:d2:f8:73:05:2a:63:91:ce:7d:a8:14:c9:2d:
         82:8a:d1:99:dd:67:6d:be:6f:69:26:64:76:45:48:c7:c9:e5:
         54:1c:ae:2f:60:08:1f:0b:fb:fd:da:f3:35:fa:60:31:41:0b:
         50:d7:ff:63:06:ff:67:49:f2:5f:68:3e:9d:73:2f:86:50:9f:
         fd:75:d4:be:32:11:ae:00:0b:51:b2:2e:de:8c:4b:09:b2:48:
         fb:a9:da:49:b8:36:8c:2f:b8:3a:ae:22:4c:91:25:7d:85:14:
         45:4c:0f:48
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUDohKuIbM+OA2K0ZNRmWEfHSW5vkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA4MjgwMDAwMDBaFw0yMzEwMDIyMzU5NTlaMHoxSTBHBgNV
BAUTQGViMjI4N2I1MzhmZTczY2JmODU3MTg0MTc2NzQ4MWRjNTMyMjQyYTdkOTA4
ZDMwYjliYzViNmRhMmZmZThiNjExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANF8jTCzOAqZ/Vp+Fw66DY0cQV2RMufTxg/7AXQoJjAQekmoBrQfCHwyIJAd
wmvCiKKzKx0dbo7ErjdbqktcxWW3rwrdKRAiLBT4NXFmliO1HvfC2v256WXjbC4M
V0fxK8FiVBfOv8s0/Zdw0T/MZv8j0dkN6Kk8pb30qqDQ71BvzuojY0WE5qDS2tqm
mw3FP99fJIe0cnV1fk+bLEyDebl7jakxuE/RFbj21Y37STMf/Vn0MKQxe8EJlTOm
Q9di8FOZxyVBesS67rvC2rCgnUCuz+uEqrR+dfoxqBXFh1ph9cxQ2KI3cyr/9um/
PL7mgIYGQN53DB5AD75kOagbE8ECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTSi7da
DcV4ybNB9V8DSKwY4N4rfDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YzMzOWYxMjYtN2ZlYS00OWM3LWExMjktNGRmOTg4NmU1MzA5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAcDAN
BgkqhkiG9w0BAQsFAAOCAQEAg2n+jHXx/IZ3z0mqv/QjWFrTmvi9QNF9wk7f44g3
a7dhltgni49YlEgUWLFEAIEVDKzzUlo7+Xp2Yl/sEHQZrNaxjFEX0Z7/zxGzfeQD
MsyraNC1zHUEriKQVKxIF8+Y+uCQ3s7spjW5sTE5FNhI5qGF21g2eGH9UmOyO5lo
v8McLJAO6UPWxcgRsAPka9fJ2+1p1y7S+HMFKmORzn2oFMktgorRmd1nbb5vaSZk
dkVIx8nlVByuL2AIHwv7/drzNfpgMUELUNf/Ywb/Z0nyX2g+nXMvhlCf/XXUvjIR
rgALUbIu3oxLCbJI+6naSbg2jC+4Oq4iTJElfYUURUwPSA==
-----END CERTIFICATE-----
Generated at Mon Aug 28 15:21:24 2023 by rpki-client on console-ams.rpki-client.org