Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d371c773-1aa2-4d5b-9804-ea5d64fadc0a.roa
File:                     d371c773-1aa2-4d5b-9804-ea5d64fadc0a.roa (raw, json)
Hash identifier:          7b1g20uP8lBx1lxzbpoZyQCaaW2R7Jm9e8xrWnZLggA=
Subject key identifier:   93:8C:B0:4C:DB:30:49:14:47:6A:B3:B2:14:B4:7B:2F:BF:72:AF:DD
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       465F55F02C0346F6D070BACBC35015A024A38C32
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d371c773-1aa2-4d5b-9804-ea5d64fadc0a.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        143.65.224.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:5f:55:f0:2c:03:46:f6:d0:70:ba:cb:c3:50:15:a0:24:a3:8c:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=7ce7180a4a34e3404a0051920e26c3ed619204eecd44ac3abf9c071dad816ce3, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:b3:fa:a2:e7:62:00:8f:8c:da:ea:05:45:d3:
                    90:3d:98:28:9d:ec:ad:47:b2:b7:3f:33:0f:ef:00:
                    74:fd:f3:bb:f4:5b:4d:c3:76:fe:57:30:3b:74:82:
                    3d:8a:84:82:52:64:0d:1f:78:59:fe:54:8e:5e:4f:
                    f9:b4:47:4e:f6:90:95:9c:da:97:77:f0:a2:1f:ba:
                    f4:15:76:74:be:15:3c:84:3d:4c:1c:ec:58:c8:85:
                    a7:9c:94:e7:9b:2b:82:26:c8:21:2d:73:e8:a7:81:
                    b5:29:58:c8:f7:b2:e6:67:0b:31:d4:d6:e4:bc:55:
                    7f:dc:f3:dc:0e:7e:37:39:86:59:b0:d3:ab:75:2b:
                    bc:fb:ae:03:6f:f1:a1:fa:6f:fd:a4:ab:ad:1b:bc:
                    94:c9:47:9c:8a:95:ec:4a:c3:45:34:4a:9c:87:d5:
                    26:e2:40:cc:7a:13:a1:9f:1f:eb:30:43:a7:3e:95:
                    e1:f8:e5:b2:ef:44:85:b9:d8:3d:18:ec:07:1a:02:
                    e4:cf:49:62:54:39:93:e1:51:39:34:cd:4a:99:93:
                    44:3d:75:9f:d9:56:c7:3d:4e:d8:13:db:ff:dc:6f:
                    69:41:c8:83:73:a2:c1:8f:4d:08:61:01:f9:37:ec:
                    ee:55:f9:22:09:f8:0f:ac:59:8c:8f:16:12:db:b2:
                    7e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:8C:B0:4C:DB:30:49:14:47:6A:B3:B2:14:B4:7B:2F:BF:72:AF:DD
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d371c773-1aa2-4d5b-9804-ea5d64fadc0a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.65.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         0d:47:8c:b9:14:39:5b:21:1c:d6:70:ff:fd:b8:2a:ab:dd:53:
         68:f0:40:c2:c6:48:95:10:42:5a:69:d3:d6:d5:c7:02:84:94:
         f3:44:41:67:f7:c1:ac:4b:4d:ce:69:b0:01:22:76:ff:97:8b:
         c2:49:66:3f:6b:cf:2a:0e:fe:91:d6:58:26:37:54:c9:66:ab:
         b0:28:4a:4e:98:88:a1:0a:9d:eb:fb:82:bb:4e:00:a7:e8:91:
         98:53:00:19:81:ec:18:85:c5:fc:a1:5c:38:b3:e0:d5:77:a6:
         df:7c:b6:6c:47:d5:68:31:58:e8:f3:fc:3b:e3:ba:7e:db:34:
         0a:e3:cc:10:65:a3:0a:36:7c:ed:4a:8e:64:79:12:b3:f8:7f:
         67:51:29:8e:8b:69:d5:4f:e2:cc:f8:e2:40:01:02:0d:a8:3c:
         c7:ca:3a:fa:08:b3:b8:55:b3:65:b6:7f:72:c6:4a:f8:81:17:
         47:50:fa:00:ce:d6:83:fa:fd:5a:f8:69:24:60:66:4f:5a:7c:
         cc:09:52:d0:e4:d5:53:4e:87:b9:d5:48:a2:f6:55:cc:06:32:
         dc:1a:b3:77:69:fb:72:a7:91:52:dc:07:78:57:d5:2d:a9:b0:
         12:ce:c2:33:7a:19:ed:7e:59:60:33:97:c1:1d:8b:1b:6e:c1:
         fb:58:b4:a5
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIURl9V8CwDRvbQcLrLw1AVoCSjjDIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDdjZTcxODBhNGEzNGUzNDA0YTAwNTE5MjBlMjZjM2VkNjE5MjA0ZWVjZDQ0
YWMzYWJmOWMwNzFkYWQ4MTZjZTMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI2z+qLnYgCPjNrqBUXTkD2YKJ3srUeytz8zD+8AdP3zu/RbTcN2/lcwO3SC
PYqEglJkDR94Wf5Ujl5P+bRHTvaQlZzal3fwoh+69BV2dL4VPIQ9TBzsWMiFp5yU
55srgibIIS1z6KeBtSlYyPey5mcLMdTW5LxVf9zz3A5+NzmGWbDTq3UrvPuuA2/x
ofpv/aSrrRu8lMlHnIqV7ErDRTRKnIfVJuJAzHoToZ8f6zBDpz6V4fjlsu9EhbnY
PRjsBxoC5M9JYlQ5k+FROTTNSpmTRD11n9lWxz1O2BPb/9xvaUHIg3OiwY9NCGEB
+Tfs7lX5Ign4D6xZjI8WEtuyfj8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSTjLBM
2zBJFEdqs7IUtHsvv3Kv3TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDM3MWM3NzMtMWFhMi00ZDViLTk4MDQtZWE1ZDY0ZmFkYzBhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBY9B4DAN
BgkqhkiG9w0BAQsFAAOCAQEADUeMuRQ5WyEc1nD//bgqq91TaPBAwsZIlRBCWmnT
1tXHAoSU80RBZ/fBrEtNzmmwASJ2/5eLwklmP2vPKg7+kdZYJjdUyWarsChKTpiI
oQqd6/uCu04Ap+iRmFMAGYHsGIXF/KFcOLPg1Xem33y2bEfVaDFY6PP8O+O6fts0
CuPMEGWjCjZ87UqOZHkSs/h/Z1Epjotp1U/izPjiQAECDag8x8o6+gizuFWzZbZ/
csZK+IEXR1D6AM7Wg/r9WvhpJGBmT1p8zAlS0OTVU06HudVIovZVzAYy3Bqzd2n7
cqeRUtwHeFfVLamwEs7CM3oZ7X5ZYDOXwR2LG27B+1i0pQ==
-----END CERTIFICATE-----
Generated at Fri Sep 8 16:41:10 2023 by rpki-client on console-ams.rpki-client.org