Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e680ffe7-d77c-4433-81f9-ffbf76a45a6d.roa
File:                     e680ffe7-d77c-4433-81f9-ffbf76a45a6d.roa (raw, json)
Hash identifier:          CSlDBWtCAB556lKrO6F9ar7xsY8t855Oc8f710Aa/As=
Subject key identifier:   37:08:63:74:F7:2B:4B:22:A0:3B:02:49:09:3A:B3:61:BD:ED:32:1D
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       01D8228821AC35862AB8B10597F41F32C7E49179
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e680ffe7-d77c-4433-81f9-ffbf76a45a6d.roa
Signing time:             Thu 16 Mar 2023 00:00:00 +0000
ROA not before:           Thu 16 Mar 2023 00:00:00 +0000
ROA not after:            Thu 20 Apr 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        193.57.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Mar 2023 21:42:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:d8:22:88:21:ac:35:86:2a:b8:b1:05:97:f4:1f:32:c7:e4:91:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 16 00:00:00 2023 GMT
            Not After : Apr 20 23:59:59 2023 GMT
        Subject: serialNumber=5bd48ff1024c260f59bd51f604b17134461adfa550a651d131e632be774c0f91, CN=c336411a-6651-4f13-8ef9-de681c7c9444, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ed:1c:76:3f:a0:73:cb:2c:06:58:45:8d:be:
                    b1:03:14:5b:4f:84:b2:8f:09:bc:8b:06:31:2f:ef:
                    1d:a3:bb:90:81:9a:3c:b0:96:57:81:be:70:33:9b:
                    c6:8f:09:14:30:86:0f:9e:c0:7b:13:32:83:28:ef:
                    38:bb:28:94:61:c0:db:07:c6:0b:17:74:b6:58:de:
                    03:17:8e:02:d1:ad:89:8b:6a:f5:7d:44:13:12:70:
                    ea:04:42:e6:98:35:de:f9:4f:f3:6c:5a:08:19:f4:
                    24:c4:11:d4:df:6f:5c:5c:74:65:ad:e6:06:98:3e:
                    04:8b:53:78:3b:35:d2:96:d4:53:81:ce:75:36:4a:
                    67:7f:fa:ba:a6:47:1e:b1:0d:9a:0b:24:d4:1d:7a:
                    31:94:14:aa:6a:85:7e:49:eb:e5:91:85:50:24:6e:
                    4a:20:ed:dc:1e:69:39:32:47:10:d4:b9:f2:15:b5:
                    9f:ec:57:0d:0b:f2:69:0b:18:bd:65:27:2b:89:96:
                    74:71:e1:c0:e0:50:0b:b9:e8:d7:7f:19:40:e0:4a:
                    07:35:2c:8c:3c:1e:32:cd:d2:37:76:3f:7d:20:0d:
                    5e:48:73:a1:f6:4b:15:60:68:f6:7d:50:8d:d8:dc:
                    b1:36:ad:d1:a2:bf:f1:7f:3b:ed:eb:90:b5:06:0f:
                    84:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                37:08:63:74:F7:2B:4B:22:A0:3B:02:49:09:3A:B3:61:BD:ED:32:1D
            X509v3 Authority Key Identifier: 
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e680ffe7-d77c-4433-81f9-ffbf76a45a6d.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:a2:c9:27:0d:a8:a8:d7:33:bc:c9:73:96:25:cf:b8:ee:59:
         b5:7e:56:59:2b:4a:0e:f6:b4:44:55:9a:16:28:8b:2b:ba:29:
         78:5c:96:1b:bf:ff:aa:4a:d8:65:f3:a4:b2:91:b9:54:02:c0:
         c3:5c:bd:f4:ad:1a:bf:41:4e:88:d4:d4:57:48:4c:7f:90:c4:
         93:c8:a6:17:47:7e:a3:da:11:8e:a7:3d:b5:6f:2c:9e:08:de:
         09:49:00:f8:ba:00:5b:3b:d7:25:3e:4b:e1:cd:27:78:ac:73:
         2e:a5:a2:a9:41:1c:00:ea:53:e7:ca:5b:97:ad:a3:a3:04:e4:
         dd:44:30:98:27:96:6d:30:c1:1d:46:0a:e0:a2:46:a9:4d:7f:
         35:9b:7e:7d:06:40:9e:dc:08:8b:3a:08:40:0d:b7:10:77:71:
         66:38:65:8f:e3:6a:39:8b:05:de:1e:61:71:06:05:14:fa:e8:
         b0:f3:2b:57:4c:a7:3f:bd:24:b7:3d:5f:9d:aa:d6:71:be:62:
         e3:a7:f5:88:1e:b7:d0:b0:4c:2f:68:9d:55:a9:a7:09:86:26:
         db:59:9d:04:d2:e6:67:ac:3b:2d:19:36:e0:a7:15:09:30:13:
         24:77:02:88:a3:99:82:39:e0:96:6d:d8:2c:41:06:5e:46:b0:
         fe:46:e2:53
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgIUAdgiiCGsNYYquLEFl/QfMsfkkXkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzAzMTYwMDAwMDBaFw0yMzA0MjAyMzU5NTlaMIGlMUkwRwYD
VQQFE0A1YmQ0OGZmMTAyNGMyNjBmNTliZDUxZjYwNGIxNzEzNDQ2MWFkZmE1NTBh
NjUxZDEzMWU2MzJiZTc3NGMwZjkxMS0wKwYDVQQDEyRjMzM2NDExYS02NjUxLTRm
MTMtOGVmOS1kZTY4MWM3Yzk0NDQxFDASBgNVBAsTC0FtYXpvbiBSUEtJMRMwEQYD
VQQKEwpBbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
v+0cdj+gc8ssBlhFjb6xAxRbT4Syjwm8iwYxL+8do7uQgZo8sJZXgb5wM5vGjwkU
MIYPnsB7EzKDKO84uyiUYcDbB8YLF3S2WN4DF44C0a2Ji2r1fUQTEnDqBELmmDXe
+U/zbFoIGfQkxBHU329cXHRlreYGmD4Ei1N4OzXSltRTgc51Nkpnf/q6pkcesQ2a
CyTUHXoxlBSqaoV+SevlkYVQJG5KIO3cHmk5MkcQ1LnyFbWf7FcNC/JpCxi9ZScr
iZZ0ceHA4FALuejXfxlA4EoHNSyMPB4yzdI3dj99IA1eSHOh9ksVYGj2fVCN2Nyx
Nq3Ror/xfzvt65C1Bg+E4wIDAQABo4ICITCCAh0wHQYDVR0OBBYEFDcIY3T3K0si
oDsCSQk6s2G97TIdMB8GA1UdIwQYMBaAFEU/R0Y1TirRXOfr2Nwh+WwOXIfPMA4G
A1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvUlQ5SFJqVk9LdEZj
NS12WTNDSDViQTVjaDg4LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsGAQUF
BzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20v
dm9sdW1lLzk2N2EyNTVjLWQ2ODAtNDJkMy05ZWMzLWVjYjNmOWRhMDg4Yy9lNjgw
ZmZlNy1kNzdjLTQ0MzMtODFmOS1mZmJmNzZhNDVhNmQucm9hMIGIBgNVHR8EgYAw
fjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
X2xBaTVUSERzUWRQWUE5bm1FVDZvbEh1VmM4LmNybDAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTm1MA0GCSqG
SIb3DQEBCwUAA4IBAQCzosknDaio1zO8yXOWJc+47lm1flZZK0oO9rREVZoWKIsr
uil4XJYbv/+qSthl86SykblUAsDDXL30rRq/QU6I1NRXSEx/kMSTyKYXR36j2hGO
pz21byyeCN4JSQD4ugBbO9clPkvhzSd4rHMupaKpQRwA6lPnyluXraOjBOTdRDCY
J5ZtMMEdRgrgokapTX81m359BkCe3AiLOghADbcQd3FmOGWP42o5iwXeHmFxBgUU
+uiw8ytXTKc/vSS3PV+dqtZxvmLjp/WIHrfQsEwvaJ1VqacJhibbWZ0E0uZnrDst
GTbgpxUJMBMkdwKIo5mCOeCWbdgsQQZeRrD+RuJT
-----END CERTIFICATE-----
Generated at Thu Mar 16 00:27:06 2023 by rpki-client on console-ams.rpki-client.org