Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/da784055-12b4-4572-86a3-e152a8681c7c.roa
File:                     da784055-12b4-4572-86a3-e152a8681c7c.roa (raw, json)
Hash identifier:          aR54bHTP8oPPNwcLKZbwxc+54JSanCrn3V9UIpmulaM=
Subject key identifier:   F1:E6:A8:8C:4F:17:7F:CA:42:DD:D2:3F:95:38:D9:6E:09:48:AE:5C
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5F4B9E5F39F4C8BC16E8E7EB40E6A4E0155756DB
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/da784055-12b4-4572-86a3-e152a8681c7c.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.0.64.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Sep 2023 23:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:4b:9e:5f:39:f4:c8:bc:16:e8:e7:eb:40:e6:a4:e0:15:57:56:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=81d3787899e1c91bf2a95d5e6b02939a4001954bed7a95713bb8e8d02595eae0, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:be:c6:0d:90:03:52:70:7f:a1:bc:21:e2:88:
                    75:5d:3c:11:c8:74:85:f5:d2:5f:0d:7f:3a:27:06:
                    55:ee:50:a9:af:14:91:ba:40:f8:54:6c:6e:52:3a:
                    c7:89:58:06:0f:72:f8:c3:5a:3a:a5:3e:45:97:3e:
                    93:c4:61:7b:d8:a5:d0:35:0c:ac:7d:44:7d:a0:cd:
                    32:7e:35:10:39:31:13:65:31:fb:d1:44:26:09:95:
                    26:a2:89:ed:a9:e3:19:12:0e:80:0e:3a:44:a8:24:
                    c0:9f:5c:58:fe:bd:02:c4:b3:80:2f:82:b2:5f:1f:
                    40:a3:32:31:f3:ca:f0:b2:8b:87:c1:1d:58:80:ab:
                    63:d7:c1:7f:14:69:31:24:14:d7:6f:43:df:ef:d3:
                    32:26:2b:25:a0:a4:73:f2:28:af:f8:86:4d:8a:c0:
                    93:a3:58:ae:5e:b5:5a:b6:be:bb:52:b1:1f:88:8e:
                    8c:15:b1:90:0d:c5:4b:64:19:31:e3:89:9d:95:00:
                    e7:eb:02:d1:0d:33:ba:ad:7d:40:1c:ca:3f:8f:70:
                    6e:22:41:e7:0c:3c:d4:49:56:fe:96:3b:9c:81:9f:
                    39:30:75:12:e2:0e:e2:f7:55:2f:d1:04:ae:0d:10:
                    50:8a:08:de:9d:c2:41:f3:8f:6d:c4:fa:95:1c:52:
                    8b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:E6:A8:8C:4F:17:7F:CA:42:DD:D2:3F:95:38:D9:6E:09:48:AE:5C
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/da784055-12b4-4572-86a3-e152a8681c7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.0.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         cc:c6:55:03:10:26:f2:6b:75:53:ce:1a:08:a9:66:c3:dc:16:
         9e:e1:3a:aa:72:fb:dc:f7:a7:ba:cd:b0:13:86:2b:1e:6f:e2:
         d5:c1:e8:39:23:21:7d:bf:7a:fc:0e:07:91:eb:e9:1b:b4:7c:
         c9:e0:39:dd:5a:87:df:24:fc:a4:2d:f9:cd:81:b7:d5:a3:8b:
         4b:5a:02:05:81:6a:5d:22:09:c2:b0:76:6f:20:ef:af:4d:8a:
         57:64:ca:86:45:02:3f:52:b1:b9:e0:0b:31:f1:50:bc:56:f5:
         2b:1a:b4:17:18:44:c0:0f:77:8b:b5:a4:08:13:10:91:8b:ce:
         c9:c4:a3:c5:79:c6:4c:2e:a8:1c:8e:65:cb:56:0c:7c:97:d2:
         55:3b:d7:0c:32:71:72:90:4d:54:b3:c9:95:4c:4c:43:9d:9b:
         1c:15:64:81:f5:7b:1c:39:05:97:87:42:44:45:0a:a6:48:71:
         2e:9c:7a:b8:83:02:b9:19:32:86:c1:a5:29:b1:a2:67:86:07:
         f4:91:9f:2e:1e:63:69:7d:f0:0e:2b:c4:2d:94:91:c7:be:80:
         05:7b:0c:ca:bb:30:8e:14:63:44:7c:b6:14:67:90:d3:e5:36:
         52:0e:d4:80:20:a6:47:3b:d2:35:5c:35:28:ed:85:76:db:38:
         e6:5c:c4:c1
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUX0ueXzn0yLwW6OfrQOak4BVXVtswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDgxZDM3ODc4OTllMWM5MWJmMmE5NWQ1ZTZiMDI5MzlhNDAwMTk1NGJlZDdh
OTU3MTNiYjhlOGQwMjU5NWVhZTAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALC+xg2QA1Jwf6G8IeKIdV08Ech0hfXSXw1/OicGVe5Qqa8UkbpA+FRsblI6
x4lYBg9y+MNaOqU+RZc+k8Rhe9il0DUMrH1EfaDNMn41EDkxE2Ux+9FEJgmVJqKJ
7anjGRIOgA46RKgkwJ9cWP69AsSzgC+Csl8fQKMyMfPK8LKLh8EdWICrY9fBfxRp
MSQU129D3+/TMiYrJaCkc/Ior/iGTYrAk6NYrl61Wra+u1KxH4iOjBWxkA3FS2QZ
MeOJnZUA5+sC0Q0zuq19QBzKP49wbiJB5ww81ElW/pY7nIGfOTB1EuIO4vdVL9EE
rg0QUIoI3p3CQfOPbcT6lRxSixECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTx5qiM
Txd/ykLd0j+VONluCUiuXDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGE3ODQwNTUtMTJiNC00NTcyLTg2YTMtZTE1MmE4NjgxYzdjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBjMAQDAN
BgkqhkiG9w0BAQsFAAOCAQEAzMZVAxAm8mt1U84aCKlmw9wWnuE6qnL73Penus2w
E4YrHm/i1cHoOSMhfb96/A4HkevpG7R8yeA53VqH3yT8pC35zYG31aOLS1oCBYFq
XSIJwrB2byDvr02KV2TKhkUCP1KxueALMfFQvFb1Kxq0FxhEwA93i7WkCBMQkYvO
ycSjxXnGTC6oHI5ly1YMfJfSVTvXDDJxcpBNVLPJlUxMQ52bHBVkgfV7HDkFl4dC
REUKpkhxLpx6uIMCuRkyhsGlKbGiZ4YH9JGfLh5jaX3wDivELZSRx76ABXsMyrsw
jhRjRHy2FGeQ0+U2Ug7UgCCmRzvSNVw1KO2Fdts45lzEwQ==
-----END CERTIFICATE-----
Generated at Fri Sep 8 00:23:34 2023 by rpki-client on console-fra.rpki-client.org