Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c806309a-9e3e-4b0e-aad2-1356d070a437.roa
File:                     c806309a-9e3e-4b0e-aad2-1356d070a437.roa (raw, json)
Hash identifier:          scZf//dpzPDAiCLQc1DS7KOoTSbeYZhKQANJf+ES1n0=
Subject key identifier:   4A:7A:27:60:32:DA:E1:19:F0:DE:8D:40:61:AA:90:15:3D:15:45:18
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       095464412ABF45F1B00F880B68E61E99AC7584CA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c806309a-9e3e-4b0e-aad2-1356d070a437.roa
Signing time:             Wed 06 Sep 2023 00:00:00 +0000
ROA not before:           Wed 06 Sep 2023 00:00:00 +0000
ROA not after:            Wed 11 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a01:578:13::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Sep 2023 17:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:54:64:41:2a:bf:45:f1:b0:0f:88:0b:68:e6:1e:99:ac:75:84:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  6 00:00:00 2023 GMT
            Not After : Oct 11 23:59:59 2023 GMT
        Subject: serialNumber=c53ed346c7b67af74ac53c36450c7b18eae6326d542ced7bd1bb358474d46848, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f0:7e:ef:fa:19:0b:28:6d:a0:42:d7:9d:58:
                    07:ea:82:29:2b:49:1d:9c:f3:52:86:67:ef:3f:96:
                    16:c1:1f:35:f4:9f:99:9d:ad:bf:bb:98:7e:26:7c:
                    af:09:63:32:fe:ea:fb:cb:26:59:3e:8d:8a:8c:24:
                    0a:dc:e9:89:ea:d2:12:6d:08:e4:0d:30:a8:90:d0:
                    18:7a:c8:d4:65:2b:cd:38:12:87:7d:0f:a0:65:14:
                    36:0c:d0:0f:ce:b9:0b:46:d0:05:b7:49:79:44:83:
                    57:c2:4d:fa:a2:7d:d1:b8:f0:64:db:aa:3b:05:fa:
                    6c:9f:70:47:d2:5c:6f:f3:03:09:58:71:9a:99:58:
                    f5:e3:a0:66:d3:39:45:0c:29:e2:12:ed:08:89:07:
                    39:49:c9:11:59:89:45:4f:a1:e3:66:4b:ec:ab:a6:
                    11:4e:c0:72:3d:9a:2b:c0:9f:56:23:5d:41:b8:12:
                    0e:67:7f:7d:25:d2:67:29:2e:47:9b:6f:be:2d:a3:
                    76:9a:98:d9:86:ed:a0:af:ae:4f:4c:13:e7:d5:23:
                    6b:1a:64:40:81:70:c8:d0:30:fd:42:01:28:f1:f1:
                    67:55:a2:0d:0d:aa:98:a9:ec:a3:4a:90:25:b6:8c:
                    b9:7c:26:0d:05:24:77:bc:43:07:b9:3c:d2:9f:f9:
                    4b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:7A:27:60:32:DA:E1:19:F0:DE:8D:40:61:AA:90:15:3D:15:45:18
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c806309a-9e3e-4b0e-aad2-1356d070a437.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578:13::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:a2:b1:4b:eb:d4:9f:cf:8a:70:e7:0b:2c:5c:bf:04:9c:3a:
         dd:3e:b3:82:bb:b6:66:ce:cf:df:e3:fd:21:cd:3f:b7:bb:39:
         fb:08:db:b6:a2:37:4e:8c:fd:b9:33:d2:dc:01:d2:c3:ee:2f:
         d6:a4:32:65:15:d9:e4:26:b3:05:eb:c6:83:1d:23:54:ae:20:
         92:c9:6e:cc:8d:78:3c:05:66:1c:ac:c9:3b:3c:85:f7:c4:c4:
         1f:28:a3:19:9c:1f:d4:6a:1c:74:99:9d:ce:00:a7:94:a6:09:
         88:7a:47:17:7a:d4:06:cb:a2:f4:b7:33:05:7f:00:a9:46:49:
         ae:08:36:c2:44:42:03:86:d8:4b:05:66:b5:32:a5:8d:5e:c2:
         10:77:8c:c0:a8:b2:34:e5:8f:ee:29:24:8f:d9:b7:3f:3e:23:
         ad:9e:1e:87:bb:ac:3a:af:05:57:4e:ef:88:ee:6b:13:16:4a:
         cc:54:23:df:74:27:0e:6a:2f:8c:81:a6:cc:d8:bd:7c:27:39:
         4e:a7:99:56:f9:f4:de:8a:07:c5:a0:8a:22:76:70:ea:16:56:
         d3:35:e2:7c:07:99:3a:13:ec:a6:72:2b:91:4a:25:8d:ef:dd:
         46:f6:90:e5:3b:d4:34:95:d5:40:8d:2d:bd:cc:96:41:49:70:
         eb:01:44:39
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUCVRkQSq/RfGwD4gLaOYemax1hMowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDYwMDAwMDBaFw0yMzEwMTEyMzU5NTlaMHoxSTBHBgNV
BAUTQGM1M2VkMzQ2YzdiNjdhZjc0YWM1M2MzNjQ1MGM3YjE4ZWFlNjMyNmQ1NDJj
ZWQ3YmQxYmIzNTg0NzRkNDY4NDgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALDwfu/6GQsobaBC151YB+qCKStJHZzzUoZn7z+WFsEfNfSfmZ2tv7uYfiZ8
rwljMv7q+8smWT6NiowkCtzpierSEm0I5A0wqJDQGHrI1GUrzTgSh30PoGUUNgzQ
D865C0bQBbdJeUSDV8JN+qJ90bjwZNuqOwX6bJ9wR9Jcb/MDCVhxmplY9eOgZtM5
RQwp4hLtCIkHOUnJEVmJRU+h42ZL7KumEU7Acj2aK8CfViNdQbgSDmd/fSXSZyku
R5tvvi2jdpqY2YbtoK+uT0wT59UjaxpkQIFwyNAw/UIBKPHxZ1WiDQ2qmKnso0qQ
JbaMuXwmDQUkd7xDB7k80p/5Sw8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRKeidg
MtrhGfDejUBhqpAVPRVFGDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YzgwNjMwOWEtOWUzZS00YjBlLWFhZDItMTM1NmQwNzBhNDM3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBBXgA
EzANBgkqhkiG9w0BAQsFAAOCAQEARqKxS+vUn8+KcOcLLFy/BJw63T6zgru2Zs7P
3+P9Ic0/t7s5+wjbtqI3Toz9uTPS3AHSw+4v1qQyZRXZ5CazBevGgx0jVK4gkslu
zI14PAVmHKzJOzyF98TEHyijGZwf1GocdJmdzgCnlKYJiHpHF3rUBsui9LczBX8A
qUZJrgg2wkRCA4bYSwVmtTKljV7CEHeMwKiyNOWP7ikkj9m3Pz4jrZ4eh7usOq8F
V07viO5rExZKzFQj33QnDmovjIGmzNi9fCc5TqeZVvn03ooHxaCKInZw6hZW0zXi
fAeZOhPspnIrkUolje/dRvaQ5TvUNJXVQI0tvcyWQUlw6wFEOQ==
-----END CERTIFICATE-----
Generated at Wed Sep 6 00:32:41 2023 by rpki-client on console-ams.rpki-client.org