Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d13d26ae-36b1-4815-a7f0-4dc090d15b78.roa
File:                     d13d26ae-36b1-4815-a7f0-4dc090d15b78.roa (raw, json)
Hash identifier:          2cA+VPZ0Lym6ZoPefEdagqqQ1tHLMW1hqW5pMYcHgTk=
Subject key identifier:   4E:72:A8:89:AB:80:40:C9:F9:40:60:F7:1A:7A:6C:5E:7E:62:12:2B
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       24B62EACD6B83EA167893B4720BEF06FE83D216E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d13d26ae-36b1-4815-a7f0-4dc090d15b78.roa
Signing time:             Wed 15 Mar 2023 00:00:00 +0000
ROA not before:           Wed 15 Mar 2023 00:00:00 +0000
ROA not after:            Wed 19 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.129.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Mar 2023 07:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:b6:2e:ac:d6:b8:3e:a1:67:89:3b:47:20:be:f0:6f:e8:3d:21:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 15 00:00:00 2023 GMT
            Not After : Apr 19 23:59:59 2023 GMT
        Subject: serialNumber=169cd014511d00ea9c07fd9398799519fbc2b8c78612bc4709cd4a84223f8121, CN=c336411a-6651-4f13-8ef9-de681c7c9444, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d9:5e:45:2e:00:1a:d8:2c:f9:3d:46:14:ae:
                    9b:20:0c:68:29:0d:1e:51:cd:c5:49:2c:f2:79:07:
                    b4:06:a7:0c:18:9e:fa:19:a1:0f:fa:c4:62:4d:fa:
                    a8:c6:45:17:fd:bd:80:0d:c5:94:0a:fd:12:aa:ad:
                    90:9a:03:46:4d:4b:01:3f:bf:c2:45:b7:48:e7:f9:
                    d2:fa:e6:6a:6b:8c:5c:4a:44:a0:04:47:53:90:87:
                    c4:ed:d7:bd:52:bc:8a:2c:92:a3:39:d0:43:10:dd:
                    46:07:11:c9:c7:67:9a:87:cc:c9:46:c9:da:b6:ed:
                    bf:c3:7d:fa:b8:3c:3b:9b:33:60:19:c3:a5:3d:db:
                    ea:5b:56:01:d5:c0:af:b1:c3:92:c1:35:d4:4d:54:
                    74:d1:24:7a:a3:c4:8a:39:f0:18:0c:ec:b6:2c:a8:
                    34:50:c9:a9:c1:45:40:00:a2:a8:17:ac:0d:98:99:
                    e2:7e:af:9d:a6:02:1f:fd:2e:c0:d3:88:be:d7:db:
                    e0:eb:c3:3f:c1:26:bd:8c:b2:da:99:7b:46:9c:95:
                    fa:b0:e8:5d:46:1b:bb:40:23:56:02:8b:30:c9:e2:
                    9a:74:0b:91:08:0e:d4:74:73:06:3b:8e:b0:02:0a:
                    ad:bb:e9:43:74:d0:40:a3:40:5f:53:05:97:7e:3a:
                    5c:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                4E:72:A8:89:AB:80:40:C9:F9:40:60:F7:1A:7A:6C:5E:7E:62:12:2B
            X509v3 Authority Key Identifier: 
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d13d26ae-36b1-4815-a7f0-4dc090d15b78.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.129.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         42:ea:ad:cc:3d:c7:9f:4b:70:46:c7:7b:70:67:ff:3c:3e:53:
         76:98:3b:30:8c:96:0f:3f:00:24:65:58:f3:3c:7c:c2:4e:95:
         22:df:33:18:81:51:a0:0f:ff:5c:2b:ce:f6:13:20:b4:89:94:
         27:3f:31:44:4c:6f:0f:38:bd:18:9d:1c:27:1c:19:76:60:b1:
         78:13:27:9e:eb:aa:22:f2:09:a3:aa:5d:17:e0:8c:0d:dd:24:
         20:23:2b:a9:5b:d4:82:5e:67:6f:e5:f4:d3:02:32:cf:ff:1a:
         37:ca:98:9f:9c:84:db:81:d7:07:35:ce:f7:93:a5:81:d9:18:
         21:33:c5:f2:13:7c:dc:08:ba:47:6e:88:a6:04:2e:21:f3:90:
         e5:1c:e6:bb:30:8a:d2:cf:f0:b4:ad:a3:45:9a:70:cd:44:d7:
         fb:c8:2f:cb:16:35:26:83:77:a2:b0:7d:b3:7e:38:7e:10:5a:
         51:63:e8:51:81:92:bc:00:01:c5:c8:91:b5:17:52:a1:f3:e6:
         93:ee:37:e3:33:5a:13:f6:06:13:61:51:63:65:38:70:d6:27:
         ac:82:c6:1d:24:6c:a7:e0:18:a5:d1:80:f7:ec:92:e1:74:e4:
         c1:8c:af:53:cb:1e:f3:e2:77:3e:e2:b3:49:1f:00:eb:8c:70:
         fb:26:84:8c
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgIUJLYurNa4PqFniTtHIL7wb+g9IW4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzAzMTUwMDAwMDBaFw0yMzA0MTkyMzU5NTlaMIGlMUkwRwYD
VQQFE0AxNjljZDAxNDUxMWQwMGVhOWMwN2ZkOTM5ODc5OTUxOWZiYzJiOGM3ODYx
MmJjNDcwOWNkNGE4NDIyM2Y4MTIxMS0wKwYDVQQDEyRjMzM2NDExYS02NjUxLTRm
MTMtOGVmOS1kZTY4MWM3Yzk0NDQxFDASBgNVBAsTC0FtYXpvbiBSUEtJMRMwEQYD
VQQKEwpBbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
udleRS4AGtgs+T1GFK6bIAxoKQ0eUc3FSSzyeQe0BqcMGJ76GaEP+sRiTfqoxkUX
/b2ADcWUCv0Sqq2QmgNGTUsBP7/CRbdI5/nS+uZqa4xcSkSgBEdTkIfE7de9UryK
LJKjOdBDEN1GBxHJx2eah8zJRsnatu2/w336uDw7mzNgGcOlPdvqW1YB1cCvscOS
wTXUTVR00SR6o8SKOfAYDOy2LKg0UMmpwUVAAKKoF6wNmJnifq+dpgIf/S7A04i+
19vg68M/wSa9jLLamXtGnJX6sOhdRhu7QCNWAoswyeKadAuRCA7UdHMGO46wAgqt
u+lDdNBAo0BfUwWXfjpcrwIDAQABo4ICIDCCAhwwHQYDVR0OBBYEFE5yqImrgEDJ
+UBg9xp6bF5+YhIrMB8GA1UdIwQYMBaAFEU/R0Y1TirRXOfr2Nwh+WwOXIfPMA4G
A1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvUlQ5SFJqVk9LdEZj
NS12WTNDSDViQTVjaDg4LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsGAQUF
BzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20v
dm9sdW1lLzk2N2EyNTVjLWQ2ODAtNDJkMy05ZWMzLWVjYjNmOWRhMDg4Yy9kMTNk
MjZhZS0zNmIxLTQ4MTUtYTdmMC00ZGMwOTBkMTViNzgucm9hMIGIBgNVHR8EgYAw
fjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
X2xBaTVUSERzUWRQWUE5bm1FVDZvbEh1VmM4LmNybDAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAM4EwDQYJKoZI
hvcNAQELBQADggEBAELqrcw9x59LcEbHe3Bn/zw+U3aYOzCMlg8/ACRlWPM8fMJO
lSLfMxiBUaAP/1wrzvYTILSJlCc/MURMbw84vRidHCccGXZgsXgTJ57rqiLyCaOq
XRfgjA3dJCAjK6lb1IJeZ2/l9NMCMs//GjfKmJ+chNuB1wc1zveTpYHZGCEzxfIT
fNwIukduiKYELiHzkOUc5rswitLP8LSto0WacM1E1/vIL8sWNSaDd6KwfbN+OH4Q
WlFj6FGBkrwAAcXIkbUXUqHz5pPuN+MzWhP2BhNhUWNlOHDWJ6yCxh0kbKfgGKXR
gPfskuF05MGMr1PLHvPidz7is0kfAOuMcPsmhIw=
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:52:44 2023 by rpki-client on console-fra.rpki-client.org