Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e680ffe7-d77c-4433-81f9-ffbf76a45a6d.roa
File:                     e680ffe7-d77c-4433-81f9-ffbf76a45a6d.roa (raw, json)
Hash identifier:          NITUh+92m/3SUT1Z4KBkyKrujnPWGZwij0fqmob3KIo=
Subject key identifier:   CC:7E:47:9A:29:F0:10:6C:72:00:AC:5F:0A:BA:E7:59:C6:02:1B:D4
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       1627FFCC9703493A2DF580C62AF8D29761F75219
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e680ffe7-d77c-4433-81f9-ffbf76a45a6d.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        193.57.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:27:ff:cc:97:03:49:3a:2d:f5:80:c6:2a:f8:d2:97:61:f7:52:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=80e0df4d6520a6401f26c22834de19e5da71ea396362f85b648855b2473ab635, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9a:db:69:e1:e0:5d:c0:fe:da:23:de:7c:b4:
                    48:d1:27:9e:8c:73:d9:46:86:e9:71:1b:f7:a0:ba:
                    03:09:52:59:d4:84:5f:ff:c0:6e:79:92:16:b6:92:
                    d2:18:2e:d9:7b:b0:90:66:9e:be:68:89:4b:01:a0:
                    42:62:ed:aa:93:c0:9a:e1:08:28:93:12:34:6d:ce:
                    c2:7c:50:1f:55:11:e4:96:cb:11:e9:26:4c:5a:03:
                    cb:78:00:fe:9a:49:ec:0b:eb:73:eb:2e:5a:53:38:
                    ac:4c:3b:02:fa:1e:49:98:32:a4:d2:ce:ff:bc:04:
                    e6:98:62:54:e7:be:1e:b7:0d:d0:51:85:a2:29:33:
                    d0:c9:f4:e5:b4:8b:bc:6d:b3:70:8e:05:58:b9:7b:
                    46:41:c2:3c:7a:78:55:67:32:cd:07:32:0c:14:df:
                    4d:c9:7f:01:c5:b8:cb:c2:91:19:cb:88:a6:8d:fd:
                    2e:86:fe:b8:cb:b3:dd:a5:aa:9f:28:1d:38:65:a0:
                    67:11:71:75:ca:ee:a9:e3:b0:46:89:31:16:d1:98:
                    66:6a:10:51:23:1f:c9:d5:ae:72:0c:8e:e8:f3:ff:
                    39:95:7f:4d:eb:30:3e:1e:bc:8e:4f:4e:d1:09:5b:
                    e8:53:86:d5:a3:1b:6a:ee:c8:96:17:c6:2a:e4:cb:
                    5c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:7E:47:9A:29:F0:10:6C:72:00:AC:5F:0A:BA:E7:59:C6:02:1B:D4
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e680ffe7-d77c-4433-81f9-ffbf76a45a6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:53:15:eb:d0:1a:aa:0b:0f:94:fb:9f:e9:24:ac:7d:ec:e7:
         9f:2a:bc:67:cb:96:69:27:e0:38:70:e2:6d:41:07:21:1b:dc:
         9b:92:0f:99:61:f8:09:f9:2f:1b:7c:08:8a:09:e9:91:96:89:
         43:d7:d4:28:f9:05:d1:46:c6:f2:80:e7:23:54:13:7e:f2:9f:
         88:6e:ee:87:5a:9b:b7:2d:df:d0:da:0e:58:75:0f:80:34:fb:
         8e:61:f1:21:6e:04:10:21:87:73:80:e5:10:e1:ba:02:07:32:
         4e:69:e6:29:90:7b:5d:74:98:fe:47:ef:63:39:fc:70:81:03:
         fe:d5:b3:52:07:14:32:8c:07:c4:78:ee:e8:58:5e:29:ce:cf:
         75:a8:61:d1:f9:21:72:16:fe:49:b1:eb:62:57:43:6b:69:b2:
         81:c7:81:b9:ba:a7:41:65:5b:2d:a9:27:82:2c:2a:17:e6:61:
         12:1b:2e:5f:43:73:33:be:13:2b:2d:77:b4:e3:95:2f:f7:35:
         36:28:d1:3a:c7:25:0a:66:e3:05:95:14:86:15:6b:f7:52:cf:
         b6:14:c0:46:9c:21:ae:82:49:13:93:72:bc:ed:ef:57:ab:c9:
         e3:4f:f1:4a:0d:8d:ae:dd:b0:75:aa:11:8b:6d:77:5c:ec:b7:
         75:92:60:02
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUFif/zJcDSTot9YDGKvjSl2H3UhkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDgwZTBkZjRkNjUyMGE2NDAxZjI2YzIyODM0ZGUxOWU1ZGE3MWVhMzk2MzYy
Zjg1YjY0ODg1NWIyNDczYWI2MzUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALKa22nh4F3A/toj3ny0SNEnnoxz2UaG6XEb96C6AwlSWdSEX//AbnmSFraS
0hgu2XuwkGaevmiJSwGgQmLtqpPAmuEIKJMSNG3OwnxQH1UR5JbLEekmTFoDy3gA
/ppJ7Avrc+suWlM4rEw7AvoeSZgypNLO/7wE5phiVOe+HrcN0FGFoikz0Mn05bSL
vG2zcI4FWLl7RkHCPHp4VWcyzQcyDBTfTcl/AcW4y8KRGcuIpo39Lob+uMuz3aWq
nygdOGWgZxFxdcruqeOwRokxFtGYZmoQUSMfydWucgyO6PP/OZV/TeswPh68jk9O
0Qlb6FOG1aMbau7IlhfGKuTLXLsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTMfkea
KfAQbHIArF8KuudZxgIb1DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZTY4MGZmZTctZDc3Yy00NDMzLTgxZjktZmZiZjc2YTQ1YTZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAME5tTAN
BgkqhkiG9w0BAQsFAAOCAQEAllMV69AaqgsPlPuf6SSsfeznnyq8Z8uWaSfgOHDi
bUEHIRvcm5IPmWH4CfkvG3wIignpkZaJQ9fUKPkF0UbG8oDnI1QTfvKfiG7uh1qb
ty3f0NoOWHUPgDT7jmHxIW4EECGHc4DlEOG6AgcyTmnmKZB7XXSY/kfvYzn8cIED
/tWzUgcUMowHxHju6FheKc7Pdahh0fkhchb+SbHrYldDa2mygceBubqnQWVbLakn
giwqF+ZhEhsuX0NzM74TKy13tOOVL/c1NijROsclCmbjBZUUhhVr91LPthTARpwh
roJJE5NyvO3vV6vJ40/xSg2Nrt2wdaoRi213XOy3dZJgAg==
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:41:28 2023 by rpki-client on console-ams.rpki-client.org