Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/de83ab0d-730e-4ba0-9d22-af2c8b7fd8f7.roa
File:                     de83ab0d-730e-4ba0-9d22-af2c8b7fd8f7.roa (raw, json)
Hash identifier:          GPJAYhqJHRpJs+c4yfSAEzPP87dZC61phAvIZMqMCHk=
Subject key identifier:   B2:18:04:39:DB:1A:73:90:A4:57:8B:7C:25:0A:F4:1B:8D:93:2D:92
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       312AC703A968E203D28B15F70A5C70189F76A2F1
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/de83ab0d-730e-4ba0-9d22-af2c8b7fd8f7.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.40.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:2a:c7:03:a9:68:e2:03:d2:8b:15:f7:0a:5c:70:18:9f:76:a2:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=66ca58dc58e4613367d08eb413ad2aa74854dac4b1a4aa5a53f8135f1dd6e0db, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:59:73:df:c8:c3:9d:b6:57:fb:2d:9f:52:9e:
                    2b:f2:a3:68:0b:2f:e2:70:5b:23:44:21:00:aa:8f:
                    40:8b:9d:01:2b:8c:15:29:22:7c:80:3b:b3:7c:1f:
                    13:03:4a:3f:04:45:a9:c0:98:a4:94:b7:9b:c6:dc:
                    ab:e0:04:89:64:79:ba:dc:18:dc:9c:12:0a:f8:19:
                    40:d1:0d:50:ed:a0:e0:d9:61:1d:21:92:c9:5c:dc:
                    53:ee:f5:d0:b3:8e:9e:cd:72:b9:55:b1:00:77:0c:
                    30:41:fb:d5:f4:57:c2:51:ec:21:3f:f3:fa:2b:a2:
                    4c:88:f3:37:ec:cc:c1:57:d8:6d:41:c9:1f:84:be:
                    ef:7a:3b:09:a0:70:37:c2:13:59:1b:5a:f7:c7:23:
                    ec:69:cd:84:05:8a:ed:ae:b6:08:d8:32:32:91:a0:
                    cb:93:29:f0:33:c0:81:ce:75:a7:ad:8c:09:3b:5c:
                    b2:d8:83:24:d6:62:0f:ea:5c:12:25:a8:35:c6:a5:
                    f3:91:c5:2a:36:4b:a4:50:31:79:ab:18:7f:47:bb:
                    d7:12:ec:01:71:45:78:53:79:c3:de:6e:0c:5c:1b:
                    a8:18:b7:8b:63:c8:21:12:64:c9:57:0b:30:2b:18:
                    15:4a:3c:06:6e:47:b5:86:13:fa:f6:d0:71:76:f9:
                    ec:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:18:04:39:DB:1A:73:90:A4:57:8B:7C:25:0A:F4:1B:8D:93:2D:92
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/de83ab0d-730e-4ba0-9d22-af2c8b7fd8f7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.40.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         02:ad:e3:12:01:80:08:ed:29:10:b6:74:2d:23:3f:0b:ee:cd:
         ac:3a:74:e7:13:82:02:b4:06:8e:ed:60:35:1a:4f:d4:ab:8a:
         3d:f0:65:a8:4a:e8:0c:9f:a1:f9:4e:17:c3:1f:b2:0b:94:b0:
         5f:20:77:5d:5b:13:3b:b1:a0:9b:03:ff:24:4a:91:f4:86:78:
         de:90:65:a9:32:f7:9d:39:4f:3c:1d:2a:a1:16:1a:c7:c6:17:
         54:7a:3d:0e:dd:ec:76:36:25:19:7e:9b:b5:a4:d9:55:2f:c1:
         2a:b5:88:af:52:d2:ff:15:e7:8c:43:58:7d:4a:b1:31:64:29:
         5a:f1:85:40:19:84:1f:b1:49:06:e3:a1:c6:3d:5b:40:1c:f6:
         a5:ae:8a:d1:32:df:4f:6a:69:9a:5a:84:d5:f8:52:14:4b:13:
         af:74:ec:96:bc:b1:12:61:d2:4d:93:2b:28:a3:59:23:3f:0e:
         38:4c:2e:95:58:da:ec:46:68:0d:cf:1b:c8:3d:6f:31:ba:70:
         95:30:43:e1:e9:e4:c9:d6:ca:c0:eb:ab:3f:5a:8b:d5:f0:2e:
         91:4f:75:0b:f2:f6:d4:29:55:a6:43:01:41:2e:b0:8b:8d:4e:
         d8:69:77:27:9d:e1:1d:06:bd:b7:56:39:52:23:60:d1:01:19:
         5f:f8:f9:b8
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUMSrHA6lo4gPSixX3ClxwGJ92ovEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDY2Y2E1OGRjNThlNDYxMzM2N2QwOGViNDEzYWQyYWE3NDg1NGRhYzRiMWE0
YWE1YTUzZjgxMzVmMWRkNmUwZGIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALtZc9/Iw522V/stn1KeK/KjaAsv4nBbI0QhAKqPQIudASuMFSkifIA7s3wf
EwNKPwRFqcCYpJS3m8bcq+AEiWR5utwY3JwSCvgZQNENUO2g4NlhHSGSyVzcU+71
0LOOns1yuVWxAHcMMEH71fRXwlHsIT/z+iuiTIjzN+zMwVfYbUHJH4S+73o7CaBw
N8ITWRta98cj7GnNhAWK7a62CNgyMpGgy5Mp8DPAgc51p62MCTtcstiDJNZiD+pc
EiWoNcal85HFKjZLpFAxeasYf0e71xLsAXFFeFN5w95uDFwbqBi3i2PIIRJkyVcL
MCsYFUo8Bm5HtYYT+vbQcXb57GsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSyGAQ5
2xpzkKRXi3wlCvQbjZMtkjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGU4M2FiMGQtNzMwZS00YmEwLTlkMjItYWYyYzhiN2ZkOGY3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMoMA0G
CSqGSIb3DQEBCwUAA4IBAQACreMSAYAI7SkQtnQtIz8L7s2sOnTnE4ICtAaO7WA1
Gk/Uq4o98GWoSugMn6H5ThfDH7ILlLBfIHddWxM7saCbA/8kSpH0hnjekGWpMved
OU88HSqhFhrHxhdUej0O3ex2NiUZfpu1pNlVL8EqtYivUtL/FeeMQ1h9SrExZCla
8YVAGYQfsUkG46HGPVtAHPalrorRMt9PammaWoTV+FIUSxOvdOyWvLESYdJNkyso
o1kjPw44TC6VWNrsRmgNzxvIPW8xunCVMEPh6eTJ1srA66s/WovV8C6RT3UL8vbU
KVWmQwFBLrCLjU7YaXcnneEdBr23VjlSI2DRARlf+Pm4
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:41:28 2023 by rpki-client on console-ams.rpki-client.org