Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf51afdd-468d-4999-b2cd-4c6517505aee.roa
File:                     cf51afdd-468d-4999-b2cd-4c6517505aee.roa (raw, json)
Hash identifier:          Ku+k4BWkhOp7b4NQ31giij4jyGYNRATSof/WdUkhUD4=
Subject key identifier:   10:F5:2B:A6:6B:FC:78:F8:30:DB:AC:29:D4:9A:F9:A0:93:43:5C:EF
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       18C4CF7494A8930BF77B0DD1B074FA0EAA8A6EE9
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf51afdd-468d-4999-b2cd-4c6517505aee.roa
Signing time:             Thu 16 Mar 2023 00:00:00 +0000
ROA not before:           Thu 16 Mar 2023 00:00:00 +0000
ROA not after:            Thu 20 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.202.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Mar 2023 21:42:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:c4:cf:74:94:a8:93:0b:f7:7b:0d:d1:b0:74:fa:0e:aa:8a:6e:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 16 00:00:00 2023 GMT
            Not After : Apr 20 23:59:59 2023 GMT
        Subject: serialNumber=f39cff90a683ae18823f3a1aebd361e78ca89a2521fa7a9d6ac3f6bea98104e8, CN=c336411a-6651-4f13-8ef9-de681c7c9444, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:7e:97:53:d5:e0:f2:43:b9:a5:54:5f:07:51:
                    a8:f6:32:19:e4:ad:69:b6:4c:fe:91:9f:e2:db:3d:
                    03:bb:8f:24:1e:82:a4:94:25:43:a8:e2:bd:a7:97:
                    18:b9:f0:74:f7:ff:fe:a1:f7:3f:72:cb:43:e1:4d:
                    ad:90:01:4d:02:0d:04:6c:33:44:8c:57:4b:b8:05:
                    38:9a:73:e1:e7:b4:7a:0c:df:6b:a4:c2:f3:e0:8a:
                    9e:66:9f:7e:d9:40:a0:c0:44:63:9a:57:0b:e0:82:
                    2e:08:f1:66:6d:43:7e:8b:20:76:d9:06:07:5d:9c:
                    ad:2c:8c:d4:b6:9c:ba:a3:2e:7a:2f:61:b3:f0:fc:
                    9e:d4:e8:ed:26:71:f2:52:6c:83:4e:b8:b9:5d:7f:
                    30:72:e4:c9:ee:74:b5:ea:11:dc:68:9c:13:33:9a:
                    93:d1:6b:90:47:01:97:21:05:ee:ea:af:ca:3d:65:
                    dc:34:87:91:12:58:a2:6f:3e:30:78:7c:fe:ab:96:
                    5f:30:5d:ba:64:9d:83:ca:56:37:d7:f1:70:55:92:
                    24:17:a3:61:f0:d7:2f:37:bf:70:cc:bb:e3:d9:54:
                    11:0e:9c:fb:ba:ab:60:e5:55:fb:1d:f6:ec:49:fb:
                    fd:53:bd:63:58:b1:e5:17:1d:ec:bc:2d:48:7a:c8:
                    59:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                10:F5:2B:A6:6B:FC:78:F8:30:DB:AC:29:D4:9A:F9:A0:93:43:5C:EF
            X509v3 Authority Key Identifier: 
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf51afdd-468d-4999-b2cd-4c6517505aee.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.202.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         01:26:c5:59:5f:a1:47:0e:c2:80:28:ae:15:7d:fa:5b:8a:bf:
         f7:53:86:4e:86:27:23:41:1f:bb:61:1a:54:98:aa:70:71:53:
         61:7f:90:14:1c:18:29:fc:fe:65:55:06:04:f3:56:51:cb:a9:
         d4:3f:dd:3e:55:3f:1a:6f:ef:d5:b2:32:a2:83:d2:d2:c0:70:
         5b:fb:3c:43:8d:da:83:d2:66:99:52:8d:0f:0b:15:31:a2:d1:
         8b:67:4f:05:17:b6:79:af:82:51:d1:40:36:cc:02:3b:a5:96:
         33:24:12:93:26:e7:00:43:14:08:47:71:2c:10:4b:aa:9e:c5:
         3d:ed:68:e0:2a:b1:db:d3:7a:23:ae:07:ab:b6:6a:48:c0:08:
         bb:a3:5f:29:6c:24:3e:3d:03:31:9f:db:1b:d1:2d:d7:20:88:
         68:8d:4b:11:a7:35:3b:e6:42:15:29:52:18:b5:f5:38:b6:72:
         dd:73:21:1d:65:40:d2:e8:1d:f3:57:3d:7f:b3:ea:80:7d:57:
         09:0e:b1:67:46:c8:04:16:fb:e2:9f:85:3f:8a:2a:0d:ef:98:
         ab:e8:27:54:1f:9c:e0:6e:14:56:20:18:ba:54:00:a7:df:0e:
         b5:fa:9c:16:73:b1:10:c6:b2:25:37:17:77:b6:d5:cd:96:cf:
         f3:de:ab:69
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgIUGMTPdJSokwv3ew3RsHT6DqqKbukwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzAzMTYwMDAwMDBaFw0yMzA0MjAyMzU5NTlaMIGlMUkwRwYD
VQQFE0BmMzljZmY5MGE2ODNhZTE4ODIzZjNhMWFlYmQzNjFlNzhjYTg5YTI1MjFm
YTdhOWQ2YWMzZjZiZWE5ODEwNGU4MS0wKwYDVQQDEyRjMzM2NDExYS02NjUxLTRm
MTMtOGVmOS1kZTY4MWM3Yzk0NDQxFDASBgNVBAsTC0FtYXpvbiBSUEtJMRMwEQYD
VQQKEwpBbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
tH6XU9Xg8kO5pVRfB1Go9jIZ5K1ptkz+kZ/i2z0Du48kHoKklCVDqOK9p5cYufB0
9//+ofc/cstD4U2tkAFNAg0EbDNEjFdLuAU4mnPh57R6DN9rpMLz4IqeZp9+2UCg
wERjmlcL4IIuCPFmbUN+iyB22QYHXZytLIzUtpy6oy56L2Gz8Pye1OjtJnHyUmyD
Tri5XX8wcuTJ7nS16hHcaJwTM5qT0WuQRwGXIQXu6q/KPWXcNIeREliibz4weHz+
q5ZfMF26ZJ2DylY31/FwVZIkF6Nh8NcvN79wzLvj2VQRDpz7uqtg5VX7HfbsSfv9
U71jWLHlFx3svC1IeshZrwIDAQABo4ICIDCCAhwwHQYDVR0OBBYEFBD1K6Zr/Hj4
MNusKdSa+aCTQ1zvMB8GA1UdIwQYMBaAFEU/R0Y1TirRXOfr2Nwh+WwOXIfPMA4G
A1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvUlQ5SFJqVk9LdEZj
NS12WTNDSDViQTVjaDg4LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsGAQUF
BzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20v
dm9sdW1lLzk2N2EyNTVjLWQ2ODAtNDJkMy05ZWMzLWVjYjNmOWRhMDg4Yy9jZjUx
YWZkZC00NjhkLTQ5OTktYjJjZC00YzY1MTc1MDVhZWUucm9hMIGIBgNVHR8EgYAw
fjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
X2xBaTVUSERzUWRQWUE5bm1FVDZvbEh1VmM4LmNybDAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBM8owDQYJKoZI
hvcNAQELBQADggEBAAEmxVlfoUcOwoAorhV9+luKv/dThk6GJyNBH7thGlSYqnBx
U2F/kBQcGCn8/mVVBgTzVlHLqdQ/3T5VPxpv79WyMqKD0tLAcFv7PEON2oPSZplS
jQ8LFTGi0YtnTwUXtnmvglHRQDbMAjulljMkEpMm5wBDFAhHcSwQS6qexT3taOAq
sdvTeiOuB6u2akjACLujXylsJD49AzGf2xvRLdcgiGiNSxGnNTvmQhUpUhi19Ti2
ct1zIR1lQNLoHfNXPX+z6oB9VwkOsWdGyAQW++KfhT+KKg3vmKvoJ1QfnOBuFFYg
GLpUAKffDrX6nBZzsRDGsiU3F3e21c2Wz/Peq2k=
-----END CERTIFICATE-----
Generated at Thu Mar 16 00:27:06 2023 by rpki-client on console-ams.rpki-client.org