Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fe4a1cdc-1f22-4e81-a455-f69665f973f0.roa
File:                     fe4a1cdc-1f22-4e81-a455-f69665f973f0.roa (raw, json)
Hash identifier:          +UfU08Cw+RTKGETJTlGlNxH1Oj93xg7jVoyMbBnvhw8=
Subject key identifier:   AC:86:B2:22:FC:FF:41:4F:D6:65:6F:7C:03:E8:0E:6D:99:E6:7A:D7
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       419C2860199E84F7DBAE6A6BEF0585F5052C9657
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fe4a1cdc-1f22-4e81-a455-f69665f973f0.roa
Signing time:             Fri 08 Sep 2023 00:00:00 +0000
ROA not before:           Fri 08 Sep 2023 00:00:00 +0000
ROA not after:            Fri 13 Oct 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        51.184.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Sep 2023 08:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:9c:28:60:19:9e:84:f7:db:ae:6a:6b:ef:05:85:f5:05:2c:96:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct 13 23:59:59 2023 GMT
        Subject: serialNumber=f83d77a100e866ca1f5095397ae7ca088c067aab729ffdaeca6ea58057614b38, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c6:71:86:ad:23:20:ce:33:68:13:87:c4:b3:
                    b0:89:60:b8:8e:fd:e1:b1:2c:ae:2a:41:02:a7:99:
                    31:c6:1c:bd:49:d7:89:d7:41:a3:c8:9d:d0:4e:ff:
                    70:f3:90:d9:fe:98:73:d1:cc:5b:50:00:6c:c2:9d:
                    ad:d7:7d:70:57:14:b9:31:fa:28:f9:64:4f:d9:aa:
                    e1:7d:49:b8:19:55:05:ad:c0:b1:18:1b:29:12:04:
                    7b:ca:a0:99:6f:45:98:e0:c3:aa:14:25:7e:12:86:
                    96:68:98:ae:58:9c:6b:96:f5:17:4c:a9:7f:e5:13:
                    52:c5:2c:7a:2b:c0:71:bd:d4:ad:35:6c:67:0b:c8:
                    42:3f:9a:2d:05:d2:67:2f:20:15:56:9e:8c:59:81:
                    78:e8:cd:aa:8f:f6:46:a9:eb:92:8c:8f:ec:74:7a:
                    52:71:f3:c4:61:1f:1e:84:21:99:12:b2:c7:bd:85:
                    cc:4a:9f:3a:af:50:86:9c:12:98:25:37:4f:d4:ca:
                    2f:92:6a:fd:f6:59:2f:7e:5d:c3:91:01:11:27:6b:
                    3b:ac:a3:86:39:73:77:5f:6c:32:4a:55:35:3a:89:
                    d6:3e:ae:16:11:87:a1:71:7c:93:f4:cc:b9:01:36:
                    0f:c3:a3:c3:46:47:cc:ed:df:54:e7:eb:f2:d5:7b:
                    b9:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:86:B2:22:FC:FF:41:4F:D6:65:6F:7C:03:E8:0E:6D:99:E6:7A:D7
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fe4a1cdc-1f22-4e81-a455-f69665f973f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.184.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         2f:d0:ea:15:4d:2d:dd:f7:77:7e:55:33:1d:1a:a7:3d:c5:d9:
         7c:d4:90:8b:88:29:37:94:e5:1c:2b:a2:d8:51:68:3f:4c:89:
         0b:b7:5e:f0:09:5b:66:38:1b:f2:cd:94:0b:c8:e7:b1:d5:29:
         3c:90:23:ea:20:b8:b5:cf:57:3c:95:d6:5c:c6:b6:bb:7b:89:
         45:e4:af:b1:7e:14:5c:73:93:cf:15:1a:09:30:64:ed:e1:ca:
         7f:57:0b:df:c1:a0:39:ad:fe:10:e8:c9:15:5f:bb:cd:80:bc:
         fb:c8:ec:e4:c5:9d:50:25:b6:e5:e4:9a:ed:e8:f8:05:fc:05:
         46:55:b0:19:64:bc:46:a7:25:dd:7a:9c:30:8e:e9:8b:88:2f:
         2c:c0:90:7d:b1:ed:47:25:c6:d9:0f:ae:28:25:52:d1:8e:51:
         22:91:e0:ba:6b:98:63:3d:8d:15:60:a7:ec:d5:21:93:31:88:
         f7:04:85:99:15:35:e8:9e:50:80:82:ae:0d:cf:12:ed:f7:de:
         34:4d:63:83:99:03:b7:9a:ce:3e:9d:39:33:5d:23:ec:62:6a:
         27:fc:a7:75:1d:6e:72:76:ea:76:df:95:60:3a:10:2a:d0:3e:
         b6:32:77:f7:67:f5:27:20:32:e9:0b:0f:7b:b0:3b:11:4c:1a:
         90:e0:9f:c4
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUQZwoYBmehPfbrmpr7wWF9QUsllcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yMzA5MDgwMDAwMDBaFw0yMzEwMTMyMzU5NTlaMHoxSTBHBgNV
BAUTQGY4M2Q3N2ExMDBlODY2Y2ExZjUwOTUzOTdhZTdjYTA4OGMwNjdhYWI3Mjlm
ZmRhZWNhNmVhNTgwNTc2MTRiMzgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALfGcYatIyDOM2gTh8SzsIlguI794bEsripBAqeZMcYcvUnXiddBo8id0E7/
cPOQ2f6Yc9HMW1AAbMKdrdd9cFcUuTH6KPlkT9mq4X1JuBlVBa3AsRgbKRIEe8qg
mW9FmODDqhQlfhKGlmiYrlica5b1F0ypf+UTUsUseivAcb3UrTVsZwvIQj+aLQXS
Zy8gFVaejFmBeOjNqo/2RqnrkoyP7HR6UnHzxGEfHoQhmRKyx72FzEqfOq9QhpwS
mCU3T9TKL5Jq/fZZL35dw5EBESdrO6yjhjlzd19sMkpVNTqJ1j6uFhGHoXF8k/TM
uQE2D8Ojw0ZHzO3fVOfr8tV7ufUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSshrIi
/P9BT9Zlb3wD6A5tmeZ61zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmU0YTFjZGMtMWYyMi00ZTgxLWE0NTUtZjY5NjY1Zjk3M2YwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATO4MA0G
CSqGSIb3DQEBCwUAA4IBAQAv0OoVTS3d93d+VTMdGqc9xdl81JCLiCk3lOUcK6LY
UWg/TIkLt17wCVtmOBvyzZQLyOex1Sk8kCPqILi1z1c8ldZcxra7e4lF5K+xfhRc
c5PPFRoJMGTt4cp/VwvfwaA5rf4Q6MkVX7vNgLz7yOzkxZ1QJbbl5Jrt6PgF/AVG
VbAZZLxGpyXdepwwjumLiC8swJB9se1HJcbZD64oJVLRjlEikeC6a5hjPY0VYKfs
1SGTMYj3BIWZFTXonlCAgq4NzxLt9940TWODmQO3ms4+nTkzXSPsYmon/Kd1HW5y
dup235VgOhAq0D62Mnf3Z/UnIDLpCw97sDsRTBqQ4J/E
-----END CERTIFICATE-----
Generated at Fri Sep 8 15:19:12 2023 by rpki-client on console-fra.rpki-client.org