Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c806309a-9e3e-4b0e-aad2-1356d070a437.roa
File:                     c806309a-9e3e-4b0e-aad2-1356d070a437.roa (raw, json)
Hash identifier:          g/jk89mlJcHkOkZXxIKst9qCjPv73fUWYpVvpZw5Tmk=
Subject key identifier:   CB:45:74:57:64:A4:76:BE:0B:EC:94:E3:D1:25:75:B9:7B:CC:4C:5B
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       06E17F5657CE1F93DB643AF013A60BA67D4F9C50
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c806309a-9e3e-4b0e-aad2-1356d070a437.roa
Signing time:             Wed 15 Mar 2023 00:00:00 +0000
ROA not before:           Wed 15 Mar 2023 00:00:00 +0000
ROA not after:            Wed 19 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        2a01:578:13::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Mar 2023 07:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:e1:7f:56:57:ce:1f:93:db:64:3a:f0:13:a6:0b:a6:7d:4f:9c:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 15 00:00:00 2023 GMT
            Not After : Apr 19 23:59:59 2023 GMT
        Subject: serialNumber=70a6165efb0af3050392292615ddb6427efdca70e245be748add834f7fdfffa5, CN=c336411a-6651-4f13-8ef9-de681c7c9444, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f6:8d:b2:8f:94:96:bf:d7:6c:74:5a:73:86:
                    bc:dc:1d:82:25:b0:51:70:09:31:e5:8c:0f:58:2f:
                    50:6e:e1:97:73:39:69:7d:ab:86:f8:87:50:ac:1e:
                    42:18:4b:98:02:51:77:2b:0a:50:52:84:0d:3c:45:
                    a8:3c:13:48:f6:24:1f:42:34:16:63:39:f1:ce:9b:
                    43:cb:f4:d3:35:05:cc:9d:10:03:ea:7b:66:1e:51:
                    34:2b:a4:6f:14:04:e3:5a:c8:2d:dd:b8:ad:36:1f:
                    74:ad:87:16:e0:c2:da:ca:2a:c2:98:a2:b7:b5:39:
                    f3:8d:ac:f4:0f:5e:85:5e:8e:55:3d:64:2b:49:35:
                    7e:3f:f5:a3:06:f6:d5:14:a5:8b:54:e1:52:7f:3b:
                    25:a0:30:86:ce:15:62:16:10:c9:26:96:86:c3:08:
                    cb:14:20:f7:c4:a5:62:66:11:70:cf:3e:ac:99:c7:
                    56:1d:26:e7:f4:d8:9c:c1:d0:cd:63:4a:a0:d4:53:
                    d7:a6:a4:73:94:b0:c3:78:82:8f:73:75:3c:e6:fb:
                    81:90:ff:a5:f3:6c:cf:0a:c0:16:12:06:e0:a7:85:
                    66:0e:7d:93:ba:ce:4d:40:02:5b:4c:ef:c9:a1:47:
                    b6:f7:66:1e:67:ee:5e:1e:62:d1:26:3a:3f:4e:e8:
                    53:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                CB:45:74:57:64:A4:76:BE:0B:EC:94:E3:D1:25:75:B9:7B:CC:4C:5B
            X509v3 Authority Key Identifier: 
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c806309a-9e3e-4b0e-aad2-1356d070a437.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578:13::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:ee:57:76:b6:74:a1:d4:d3:56:e0:f1:c8:d0:18:c1:ff:98:
         6e:4b:f8:68:6a:b6:9d:cb:4b:c8:68:6f:5f:c7:9a:5c:6c:5f:
         1f:0e:38:c6:48:52:aa:4c:a4:cb:d1:74:d1:1a:c1:05:07:34:
         4b:19:be:2a:fe:b3:d2:97:19:56:37:66:b0:26:14:19:4a:71:
         b0:50:78:1e:9b:5f:bf:2a:6b:10:79:b5:8e:f3:dc:d5:a5:31:
         28:13:13:2a:ca:94:e9:63:db:ff:88:56:0f:86:12:9f:ba:d5:
         21:55:bb:96:8d:ba:66:1e:c5:a8:52:8b:bb:fb:35:20:ec:cf:
         69:30:b0:2f:91:b9:77:2c:7e:44:d8:73:77:b0:6d:73:87:ca:
         bd:d6:8b:6d:f9:f6:92:b9:21:e7:53:0f:39:af:08:83:73:75:
         1a:dd:a2:10:62:29:7f:c8:5d:60:74:5e:26:1a:77:22:84:a1:
         63:5f:bc:fd:fd:f5:64:33:93:af:fc:ec:e3:26:1c:ab:79:da:
         6b:49:91:66:46:71:5d:de:fd:7a:22:50:21:5f:e1:97:ee:0a:
         3f:3e:36:ff:05:2e:90:ec:f5:4f:c3:8e:8e:83:df:b9:db:41:
         ec:71:f8:f5:19:d2:73:d3:47:62:e0:86:19:2e:2e:3e:bc:f0:
         18:83:85:73
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgIUBuF/VlfOH5PbZDrwE6YLpn1PnFAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzAzMTUwMDAwMDBaFw0yMzA0MTkyMzU5NTlaMIGlMUkwRwYD
VQQFE0A3MGE2MTY1ZWZiMGFmMzA1MDM5MjI5MjYxNWRkYjY0MjdlZmRjYTcwZTI0
NWJlNzQ4YWRkODM0ZjdmZGZmZmE1MS0wKwYDVQQDEyRjMzM2NDExYS02NjUxLTRm
MTMtOGVmOS1kZTY4MWM3Yzk0NDQxFDASBgNVBAsTC0FtYXpvbiBSUEtJMRMwEQYD
VQQKEwpBbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
1PaNso+Ulr/XbHRac4a83B2CJbBRcAkx5YwPWC9QbuGXczlpfauG+IdQrB5CGEuY
AlF3KwpQUoQNPEWoPBNI9iQfQjQWYznxzptDy/TTNQXMnRAD6ntmHlE0K6RvFATj
Wsgt3bitNh90rYcW4MLayirCmKK3tTnzjaz0D16FXo5VPWQrSTV+P/WjBvbVFKWL
VOFSfzsloDCGzhViFhDJJpaGwwjLFCD3xKViZhFwzz6smcdWHSbn9NicwdDNY0qg
1FPXpqRzlLDDeIKPc3U85vuBkP+l82zPCsAWEgbgp4VmDn2Tus5NQAJbTO/JoUe2
92YeZ+5eHmLRJjo/TuhTbwIDAQABo4ICJDCCAiAwHQYDVR0OBBYEFMtFdFdkpHa+
C+yU49Eldbl7zExbMB8GA1UdIwQYMBaAFEU/R0Y1TirRXOfr2Nwh+WwOXIfPMA4G
A1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvUlQ5SFJqVk9LdEZj
NS12WTNDSDViQTVjaDg4LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsGAQUF
BzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20v
dm9sdW1lLzk2N2EyNTVjLWQ2ODAtNDJkMy05ZWMzLWVjYjNmOWRhMDg4Yy9jODA2
MzA5YS05ZTNlLTRiMGUtYWFkMi0xMzU2ZDA3MGE0Mzcucm9hMIGIBgNVHR8EgYAw
fjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
X2xBaTVUSERzUWRQWUE5bm1FVDZvbEh1VmM4LmNybDAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEFeAATMA0G
CSqGSIb3DQEBCwUAA4IBAQCG7ld2tnSh1NNW4PHI0BjB/5huS/hoarady0vIaG9f
x5pcbF8fDjjGSFKqTKTL0XTRGsEFBzRLGb4q/rPSlxlWN2awJhQZSnGwUHgem1+/
KmsQebWO89zVpTEoExMqypTpY9v/iFYPhhKfutUhVbuWjbpmHsWoUou7+zUg7M9p
MLAvkbl3LH5E2HN3sG1zh8q91ott+faSuSHnUw85rwiDc3Ua3aIQYil/yF1gdF4m
GncihKFjX7z9/fVkM5Ov/OzjJhyredprSZFmRnFd3v16IlAhX+GX7go/Pjb/BS6Q
7PVPw46Og9+520Hscfj1GdJz00di4IYZLi4+vPAYg4Vz
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:52:44 2023 by rpki-client on console-fra.rpki-client.org