Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d13d26ae-36b1-4815-a7f0-4dc090d15b78.roa
File:                     d13d26ae-36b1-4815-a7f0-4dc090d15b78.roa (raw, json)
Hash identifier:          o2GhsOg+eASXRtWqcodUuuJ6kkfkCkZUS2Ov7TlbygU=
Subject key identifier:   FF:E2:70:71:EC:99:33:8C:F1:96:10:59:C0:92:B6:6C:16:DB:13:C0
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5D0E1710AB594A924D1E730F58AC0A17462B4BA8
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d13d26ae-36b1-4815-a7f0-4dc090d15b78.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.129.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:0e:17:10:ab:59:4a:92:4d:1e:73:0f:58:ac:0a:17:46:2b:4b:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=3f1a42288c6f90824f554b12f79048d0f80d87d8fae67f22ed5786f3f798f509, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:fa:7c:c2:8a:a8:ec:52:37:8d:84:67:81:ec:
                    74:2e:89:b4:99:05:a5:15:03:50:c6:72:3f:f8:05:
                    41:59:1f:5d:c6:10:c2:66:b2:77:73:79:fb:8b:e9:
                    53:a5:3f:7e:77:07:ba:a9:18:be:6e:44:24:9d:6a:
                    0e:a9:8e:5d:53:4a:db:2c:96:d7:09:d3:c8:f8:9e:
                    15:47:f4:e5:10:a3:30:ec:20:15:24:ea:ea:5d:de:
                    60:57:d0:6b:75:9b:8b:28:5f:6b:47:b9:6f:d1:56:
                    96:00:e2:ea:ff:31:f7:99:12:f8:9b:eb:20:66:ac:
                    69:bc:10:2c:06:1c:91:f1:ca:85:62:a0:a8:33:12:
                    0e:29:d5:ec:3e:f6:d9:52:4d:07:58:9b:cb:ce:c2:
                    9c:7d:c0:5e:84:70:e1:1b:67:2c:e1:33:a8:8b:f9:
                    b8:8d:aa:6c:5b:f9:a5:71:57:ed:c6:94:4c:38:15:
                    ab:14:8b:76:bb:aa:93:b6:d8:c5:ee:1d:d3:c8:2d:
                    f2:cf:db:d1:91:e5:46:24:93:39:9b:c6:eb:d2:2c:
                    c7:e0:36:cf:2e:8d:6a:2e:01:1e:cb:ee:0d:d1:a4:
                    9f:af:55:0a:89:ae:ca:48:46:50:52:9d:8b:d5:ea:
                    ef:e7:38:a9:ec:f8:d6:9c:99:13:91:f5:c7:33:09:
                    b8:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:E2:70:71:EC:99:33:8C:F1:96:10:59:C0:92:B6:6C:16:DB:13:C0
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d13d26ae-36b1-4815-a7f0-4dc090d15b78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.129.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d1:a0:6f:5d:0b:bb:18:65:fc:4b:2d:b3:d6:94:70:65:ee:e0:
         5f:b4:bb:cd:ff:d7:7a:0c:15:d3:32:7b:57:67:bf:86:7d:47:
         2b:b0:46:e3:b7:9b:23:cc:d1:fa:01:1f:f1:6d:9a:a7:da:fc:
         83:8f:c5:4a:c8:b3:2a:95:e8:f5:54:b1:f8:92:16:c8:64:68:
         79:09:46:03:35:e5:82:aa:a0:6a:6c:fa:5b:55:b8:44:48:21:
         46:e5:d5:43:08:65:b3:22:9a:dc:1d:ee:10:30:d8:f7:b6:94:
         b6:eb:84:e5:52:63:2c:52:17:de:55:30:83:94:63:44:a4:ef:
         ff:2e:63:6b:4c:96:c6:f5:d7:8c:57:f1:7f:27:3c:08:4d:1a:
         70:4d:45:1a:f3:09:7d:e7:d4:96:a0:b8:b7:33:cb:ed:d8:51:
         c6:7d:93:2f:39:b4:95:9b:d7:47:7c:6c:a9:2c:06:bf:76:53:
         e4:7b:3e:55:f1:92:e8:11:4f:c9:4a:a8:42:df:08:c4:60:5d:
         cc:aa:b3:dc:fc:1d:03:5e:35:3f:c8:3b:4c:bb:53:fa:ad:53:
         8f:1d:0e:c1:f8:8c:37:85:2c:aa:f4:7d:d3:8f:0a:65:95:9f:
         74:87:77:d2:55:b5:77:cc:ef:b2:5b:d6:58:4d:16:f9:63:5c:
         b6:73:34:98
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXQ4XEKtZSpJNHnMPWKwKF0YrS6gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDNmMWE0MjI4OGM2ZjkwODI0ZjU1NGIxMmY3OTA0OGQwZjgwZDg3ZDhmYWU2
N2YyMmVkNTc4NmYzZjc5OGY1MDkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALT6fMKKqOxSN42EZ4HsdC6JtJkFpRUDUMZyP/gFQVkfXcYQwmayd3N5+4vp
U6U/fncHuqkYvm5EJJ1qDqmOXVNK2yyW1wnTyPieFUf05RCjMOwgFSTq6l3eYFfQ
a3Wbiyhfa0e5b9FWlgDi6v8x95kS+JvrIGasabwQLAYckfHKhWKgqDMSDinV7D72
2VJNB1iby87CnH3AXoRw4RtnLOEzqIv5uI2qbFv5pXFX7caUTDgVqxSLdruqk7bY
xe4d08gt8s/b0ZHlRiSTOZvG69Isx+A2zy6Nai4BHsvuDdGkn69VComuykhGUFKd
i9Xq7+c4qez41pyZE5H1xzMJuJMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBT/4nBx
7JkzjPGWEFnAkrZsFtsTwDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDEzZDI2YWUtMzZiMS00ODE1LWE3ZjAtNGRjMDkwZDE1Yjc4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOBMA0G
CSqGSIb3DQEBCwUAA4IBAQDRoG9dC7sYZfxLLbPWlHBl7uBftLvN/9d6DBXTMntX
Z7+GfUcrsEbjt5sjzNH6AR/xbZqn2vyDj8VKyLMqlej1VLH4khbIZGh5CUYDNeWC
qqBqbPpbVbhESCFG5dVDCGWzIprcHe4QMNj3tpS264TlUmMsUhfeVTCDlGNEpO//
LmNrTJbG9deMV/F/JzwITRpwTUUa8wl959SWoLi3M8vt2FHGfZMvObSVm9dHfGyp
LAa/dlPkez5V8ZLoEU/JSqhC3wjEYF3MqrPc/B0DXjU/yDtMu1P6rVOPHQ7B+Iw3
hSyq9H3TjwpllZ90h3fSVbV3zO+yW9ZYTRb5Y1y2czSY
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:41:28 2023 by rpki-client on console-ams.rpki-client.org