Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f6f5353f-d8fa-4aca-b9c2-06a9b7716df8.roa
File:                     f6f5353f-d8fa-4aca-b9c2-06a9b7716df8.roa (raw, json)
Hash identifier:          YH7xl7gVbBFV0Gbhl2klCW3j0FctZbVwu8F37xlAlAQ=
Subject key identifier:   C0:4C:6E:0E:41:17:71:0F:2C:A5:C3:F6:A6:81:76:84:A6:AE:A9:E2
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       7A11741352D3391D2F1BB4FF57F11AD948969AD1
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f6f5353f-d8fa-4aca-b9c2-06a9b7716df8.roa
Signing time:             Mon 28 Aug 2023 00:00:00 +0000
ROA not before:           Mon 28 Aug 2023 00:00:00 +0000
ROA not after:            Mon 02 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.0.80.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Aug 2023 15:27:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:11:74:13:52:d3:39:1d:2f:1b:b4:ff:57:f1:1a:d9:48:96:9a:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Aug 28 00:00:00 2023 GMT
            Not After : Oct  2 23:59:59 2023 GMT
        Subject: serialNumber=63490aaa8074af01d907fd9fcd4162d546c56bef29e670e3dacb00c1e7264e54, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:6a:d9:02:07:e0:ae:b0:92:d7:34:44:d6:99:
                    f8:fc:6a:5a:71:15:3a:66:ce:8d:b5:4c:c3:4a:56:
                    ad:a7:13:7f:ae:1f:de:f4:8e:5c:3d:f0:9a:3f:08:
                    9f:4f:f3:ba:15:4e:d1:13:c8:5a:59:19:e8:74:fb:
                    e2:17:24:d9:fe:57:96:15:78:c4:55:5c:5a:32:ab:
                    ea:f1:9b:67:a1:5b:3c:3f:0b:59:88:c4:46:8a:c6:
                    67:db:16:1a:04:a8:54:8d:16:18:45:4f:42:28:a1:
                    55:0e:02:e9:6d:82:4c:3f:98:2d:71:8c:eb:b1:4a:
                    66:90:ec:05:0a:36:62:97:f1:45:d4:35:b7:e0:4d:
                    5f:d4:be:f9:0e:52:5a:60:cd:41:d3:9a:c8:ea:88:
                    1e:93:7a:e7:c9:a6:94:f0:33:ee:5d:d8:07:2f:86:
                    93:c6:2c:a2:ae:b6:62:6d:21:c1:51:cf:cd:e7:d5:
                    5c:f8:88:81:c4:78:b2:c9:b8:88:2b:b4:f3:27:a9:
                    40:73:38:61:92:8d:f1:b1:af:16:bd:de:d6:01:7a:
                    cd:dd:ea:63:cf:48:b4:d1:57:44:fa:63:7e:af:bd:
                    3a:36:dd:4c:95:e6:63:87:3d:5c:d0:d9:e9:e2:27:
                    17:94:f4:ab:1e:b2:52:ee:35:81:a0:b2:31:b7:e0:
                    fb:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:4C:6E:0E:41:17:71:0F:2C:A5:C3:F6:A6:81:76:84:A6:AE:A9:E2
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f6f5353f-d8fa-4aca-b9c2-06a9b7716df8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.0.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3e:93:85:3b:2b:63:e0:c1:c4:91:31:f0:66:c8:17:90:8c:a3:
         19:2f:bd:7e:4d:2e:18:06:96:8d:1c:f5:e9:2c:dc:b8:53:ff:
         a4:ce:cd:25:29:ee:4f:a0:f7:b0:85:8f:83:f8:ba:ea:c4:6c:
         5a:8c:1d:99:2b:2e:10:f3:50:cc:e3:bc:cf:13:34:b8:b8:e9:
         8d:cf:c7:ae:f8:64:da:05:21:1b:b8:ee:40:c1:45:f0:8e:dc:
         93:59:4f:c7:b4:4a:a5:01:e3:1c:b7:0d:77:bf:a7:ab:11:a7:
         ee:de:b0:4e:31:f9:61:7e:ca:d0:1c:93:b4:eb:35:58:72:7d:
         31:d6:53:c3:cf:94:56:fc:a4:d8:13:b9:3c:1b:7f:31:28:d7:
         fc:5e:4c:3e:0c:a4:a3:82:67:1c:70:2e:5a:27:6c:87:0c:5c:
         7e:f7:f5:8e:2a:5a:3a:ba:97:f9:ae:d7:83:5f:bc:a3:35:1c:
         c9:28:e0:17:b3:59:ee:1b:c1:ac:14:87:19:18:7f:7b:72:45:
         8a:dd:2b:a0:15:8a:83:d4:b0:15:3b:06:34:2c:5a:94:9b:c7:
         26:ad:01:73:e9:5f:e7:6f:fc:e1:59:96:b0:36:cf:9a:8a:13:
         76:7e:79:db:5a:ef:74:4b:18:16:6f:df:d9:80:df:4b:a6:fe:
         3f:f5:92:fd
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUehF0E1LTOR0vG7T/V/Ea2UiWmtEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA4MjgwMDAwMDBaFw0yMzEwMDIyMzU5NTlaMHoxSTBHBgNV
BAUTQDYzNDkwYWFhODA3NGFmMDFkOTA3ZmQ5ZmNkNDE2MmQ1NDZjNTZiZWYyOWU2
NzBlM2RhY2IwMGMxZTcyNjRlNTQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ5q2QIH4K6wktc0RNaZ+PxqWnEVOmbOjbVMw0pWracTf64f3vSOXD3wmj8I
n0/zuhVO0RPIWlkZ6HT74hck2f5XlhV4xFVcWjKr6vGbZ6FbPD8LWYjERorGZ9sW
GgSoVI0WGEVPQiihVQ4C6W2CTD+YLXGM67FKZpDsBQo2YpfxRdQ1t+BNX9S++Q5S
WmDNQdOayOqIHpN658mmlPAz7l3YBy+Gk8Ysoq62Ym0hwVHPzefVXPiIgcR4ssm4
iCu08yepQHM4YZKN8bGvFr3e1gF6zd3qY89ItNFXRPpjfq+9OjbdTJXmY4c9XNDZ
6eInF5T0qx6yUu41gaCyMbfg+50CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTATG4O
QRdxDyylw/amgXaEpq6p4jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZjZmNTM1M2YtZDhmYS00YWNhLWI5YzItMDZhOWI3NzE2ZGY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAUDAN
BgkqhkiG9w0BAQsFAAOCAQEAPpOFOytj4MHEkTHwZsgXkIyjGS+9fk0uGAaWjRz1
6SzcuFP/pM7NJSnuT6D3sIWPg/i66sRsWowdmSsuEPNQzOO8zxM0uLjpjc/Hrvhk
2gUhG7juQMFF8I7ck1lPx7RKpQHjHLcNd7+nqxGn7t6wTjH5YX7K0ByTtOs1WHJ9
MdZTw8+UVvyk2BO5PBt/MSjX/F5MPgyko4JnHHAuWidshwxcfvf1jipaOrqX+a7X
g1+8ozUcySjgF7NZ7hvBrBSHGRh/e3JFit0roBWKg9SwFTsGNCxalJvHJq0Bc+lf
52/84VmWsDbPmooTdn5521rvdEsYFm/f2YDfS6b+P/WS/Q==
-----END CERTIFICATE-----
Generated at Mon Aug 28 16:35:58 2023 by rpki-client on console-fra.rpki-client.org