Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d485a465-65e9-4a19-a397-f29d1a36d166.roa
File:                     d485a465-65e9-4a19-a397-f29d1a36d166.roa (raw, json)
Hash identifier:          XueMfH0dvb1x1WWk2BLn7LetsSIhSksHPzkHwPpTGk4=
Subject key identifier:   01:73:71:35:2E:DA:B2:A8:A9:3C:CF:6B:36:0F:48:18:44:70:1C:26
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6E822EC6473AD22482F4A94BA3078D485B51F820
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d485a465-65e9-4a19-a397-f29d1a36d166.roa
Signing time:             Thu 16 Mar 2023 00:00:00 +0000
ROA not before:           Thu 16 Mar 2023 00:00:00 +0000
ROA not after:            Thu 20 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        195.17.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Mar 2023 21:42:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:82:2e:c6:47:3a:d2:24:82:f4:a9:4b:a3:07:8d:48:5b:51:f8:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 16 00:00:00 2023 GMT
            Not After : Apr 20 23:59:59 2023 GMT
        Subject: serialNumber=2b848ad79e1cabf8bf8da2860c81a5e7677b36199ac0d97f318ea8f19e2216d7, CN=c336411a-6651-4f13-8ef9-de681c7c9444, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:86:23:5d:96:c0:b7:f4:4e:2e:04:9e:63:10:
                    92:c3:0e:75:30:ab:52:ab:f1:41:10:c1:3b:ec:e9:
                    a6:36:38:fc:bd:a6:6d:23:f1:93:99:b3:0c:e0:5c:
                    f4:a7:c0:be:ca:35:59:ae:fa:c6:70:72:3e:72:97:
                    86:15:67:ec:30:3a:17:e1:50:c0:4a:a1:24:e6:d5:
                    d9:58:bb:e1:52:73:71:d1:ec:e3:71:03:70:97:c0:
                    63:d3:62:7a:a6:a9:4f:47:38:36:ac:aa:31:56:61:
                    05:6f:32:8d:2d:ed:83:87:dc:f1:de:07:ff:b1:45:
                    31:31:37:64:ff:73:01:41:5c:eb:73:f1:7b:7d:e3:
                    15:50:fd:55:fe:46:0b:10:f3:b9:c3:2b:89:c2:27:
                    ad:35:63:c7:70:61:2b:23:e9:7a:29:a1:b3:ea:f1:
                    92:4a:11:a1:7b:1c:72:ec:05:b4:c1:23:1c:2e:f5:
                    97:22:8f:f3:98:ba:ec:2c:12:79:91:d0:b8:a4:1d:
                    91:b5:8d:2c:fc:6e:31:0a:f9:c4:89:78:63:18:17:
                    5f:0d:64:56:0e:2a:61:29:39:75:23:bb:63:7b:de:
                    fe:55:35:f1:a6:cd:7a:63:96:6d:07:15:b6:a3:8c:
                    a5:87:f8:89:8d:79:79:78:fc:24:5f:f4:6f:b8:d5:
                    32:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                01:73:71:35:2E:DA:B2:A8:A9:3C:CF:6B:36:0F:48:18:44:70:1C:26
            X509v3 Authority Key Identifier: 
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d485a465-65e9-4a19-a397-f29d1a36d166.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.17.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:64:01:69:43:52:4c:11:ec:f9:ea:9b:86:ca:a7:ea:6c:27:
         e2:3e:b1:8d:05:46:c9:e7:36:49:58:5c:31:53:29:1c:14:36:
         97:4c:e0:f2:8e:40:15:3b:dd:4b:8a:2a:82:a9:63:2e:79:c5:
         33:50:b9:e5:10:76:c1:59:b5:34:33:15:c8:fb:23:c8:1a:da:
         55:53:14:78:e7:7f:78:50:b3:9c:bd:c3:7c:45:4f:01:bc:70:
         80:4c:b6:1c:51:64:bc:09:c9:67:f1:88:18:49:e4:f3:1e:02:
         a7:38:e7:be:d3:0b:34:ef:e3:1b:9d:89:f8:02:41:b5:1d:1e:
         43:bb:e7:cc:c2:d3:01:6a:56:c4:89:3b:f2:e5:96:80:ec:d4:
         d2:45:2e:87:d2:97:36:5e:67:6d:df:63:e6:b5:a4:4b:7e:96:
         00:b0:f2:04:5e:a7:0f:ba:67:2b:60:7b:20:e0:22:24:bd:09:
         0b:3e:b3:79:0b:3c:b0:6a:d5:18:88:af:2f:51:90:70:34:83:
         db:68:e5:a9:ee:e2:48:a9:89:d7:46:25:f6:22:3d:5e:4b:d4:
         7b:9c:0e:63:3f:50:f3:4e:23:bf:e4:48:88:15:4a:b8:75:5f:
         8e:5d:68:47:73:97:d9:51:f9:8f:65:5a:2d:d0:25:0f:62:7a:
         0f:6e:41:a3
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgIUboIuxkc60iSC9KlLoweNSFtR+CAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzAzMTYwMDAwMDBaFw0yMzA0MjAyMzU5NTlaMIGlMUkwRwYD
VQQFE0AyYjg0OGFkNzllMWNhYmY4YmY4ZGEyODYwYzgxYTVlNzY3N2IzNjE5OWFj
MGQ5N2YzMThlYThmMTllMjIxNmQ3MS0wKwYDVQQDEyRjMzM2NDExYS02NjUxLTRm
MTMtOGVmOS1kZTY4MWM3Yzk0NDQxFDASBgNVBAsTC0FtYXpvbiBSUEtJMRMwEQYD
VQQKEwpBbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
x4YjXZbAt/ROLgSeYxCSww51MKtSq/FBEME77OmmNjj8vaZtI/GTmbMM4Fz0p8C+
yjVZrvrGcHI+cpeGFWfsMDoX4VDASqEk5tXZWLvhUnNx0ezjcQNwl8Bj02J6pqlP
Rzg2rKoxVmEFbzKNLe2Dh9zx3gf/sUUxMTdk/3MBQVzrc/F7feMVUP1V/kYLEPO5
wyuJwietNWPHcGErI+l6KaGz6vGSShGhexxy7AW0wSMcLvWXIo/zmLrsLBJ5kdC4
pB2RtY0s/G4xCvnEiXhjGBdfDWRWDiphKTl1I7tje97+VTXxps16Y5ZtBxW2o4yl
h/iJjXl5ePwkX/RvuNUySQIDAQABo4ICITCCAh0wHQYDVR0OBBYEFAFzcTUu2rKo
qTzPazYPSBhEcBwmMB8GA1UdIwQYMBaAFEU/R0Y1TirRXOfr2Nwh+WwOXIfPMA4G
A1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvUlQ5SFJqVk9LdEZj
NS12WTNDSDViQTVjaDg4LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsGAQUF
BzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20v
dm9sdW1lLzk2N2EyNTVjLWQ2ODAtNDJkMy05ZWMzLWVjYjNmOWRhMDg4Yy9kNDg1
YTQ2NS02NWU5LTRhMTktYTM5Ny1mMjlkMWEzNmQxNjYucm9hMIGIBgNVHR8EgYAw
fjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
X2xBaTVUSERzUWRQWUE5bm1FVDZvbEh1VmM4LmNybDAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxEAMA0GCSqG
SIb3DQEBCwUAA4IBAQBgZAFpQ1JMEez56puGyqfqbCfiPrGNBUbJ5zZJWFwxUykc
FDaXTODyjkAVO91LiiqCqWMuecUzULnlEHbBWbU0MxXI+yPIGtpVUxR45394ULOc
vcN8RU8BvHCATLYcUWS8Ccln8YgYSeTzHgKnOOe+0ws07+MbnYn4AkG1HR5Du+fM
wtMBalbEiTvy5ZaA7NTSRS6H0pc2Xmdt32PmtaRLfpYAsPIEXqcPumcrYHsg4CIk
vQkLPrN5CzywatUYiK8vUZBwNIPbaOWp7uJIqYnXRiX2Ij1eS9R7nA5jP1DzTiO/
5EiIFUq4dV+OXWhHc5fZUfmPZVot0CUPYnoPbkGj
-----END CERTIFICATE-----
Generated at Thu Mar 16 00:27:06 2023 by rpki-client on console-ams.rpki-client.org