Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa
File:                     123b20eb-4142-4c18-96e0-d1871de66fd3.roa (raw, json)
Hash identifier:          c8/vpq6xuSQYb1MwC+C1OwesfPcDnhjiEnOjx0VK+hQ=
Subject key identifier:   30:9F:FD:A6:E9:68:2D:79:8F:88:30:A0:5B:7F:16:02:57:B6:74:C2
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       0551FD42311EDDADB08C533D139B0B7BAE4B2910
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa
Signing time:             Mon 31 Mar 2025 21:31:01 +0000
ROA not before:           Mon 31 Mar 2025 21:31:01 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.214.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:51:fd:42:31:1e:dd:ad:b0:8c:53:3d:13:9b:0b:7b:ae:4b:29:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 31 21:31:01 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:7e:de:8a:2d:46:b3:63:2c:05:1c:5c:9a:39:
                    e2:3a:77:0c:a7:ad:34:3a:2e:05:40:81:29:91:ca:
                    87:71:a3:ff:59:17:4f:b8:9d:39:76:fb:2e:8a:c7:
                    59:bf:84:12:a4:20:a8:10:9d:cf:9f:49:cb:00:05:
                    3a:b0:a7:e7:bd:22:be:e0:cf:cc:66:b5:6f:48:a0:
                    47:0b:1e:35:41:06:e9:22:9f:86:6c:b0:20:67:ce:
                    07:2f:98:45:81:e2:1f:e6:df:b2:be:97:25:5b:07:
                    a9:c5:fd:1a:2b:39:b3:a9:31:7a:d0:58:66:41:ef:
                    49:4e:02:07:5e:e0:cf:da:b5:60:cf:0f:01:5b:4c:
                    3a:c9:6f:16:e2:c0:5f:d7:d8:46:51:ea:c4:6c:dd:
                    ee:d4:40:11:10:81:a7:1f:27:59:36:2c:e1:ef:f9:
                    f4:c6:85:d2:0d:d5:9c:15:14:5d:d9:67:de:71:33:
                    1f:c8:2d:1a:4e:92:98:ce:cf:e2:73:04:8e:1b:00:
                    2b:3b:77:1a:93:1d:67:97:7b:6b:bf:7e:56:f0:97:
                    90:dc:42:d5:43:b8:20:d2:fb:de:be:b4:90:af:ba:
                    b0:31:a1:a1:cc:b1:fc:67:6a:78:17:04:93:2f:71:
                    c2:3c:fa:0b:ab:1d:e7:cd:f9:47:24:58:fa:b6:fe:
                    ed:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:9F:FD:A6:E9:68:2D:79:8F:88:30:A0:5B:7F:16:02:57:B6:74:C2
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.214.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         48:43:c6:95:df:aa:3a:9a:f3:2c:3a:46:39:34:8c:c8:dd:76:
         ff:fe:d2:3c:5b:64:b6:d9:4f:24:a1:85:d6:21:92:67:31:f2:
         88:c5:49:f1:89:6f:33:cb:43:0e:fc:4a:ba:72:74:8f:2e:ff:
         6a:01:26:10:e0:a4:b9:ec:74:d7:24:21:c4:8f:37:46:3d:04:
         03:67:ca:b2:78:1c:75:d1:0f:ba:00:aa:bc:39:5e:fb:29:a7:
         fe:6d:d5:98:70:89:20:b6:1f:41:c3:0f:04:af:3b:e6:65:cd:
         f4:a4:bb:6f:8d:c5:2a:be:f5:b6:03:e9:ee:be:dc:b6:13:77:
         ec:07:e3:71:d0:bf:80:07:31:32:0d:6d:f0:08:7e:86:b3:fe:
         40:0c:cb:16:86:ea:1f:20:41:ab:2d:72:79:b2:dc:70:b2:36:
         b5:35:93:8f:b5:83:ff:b8:0a:cc:7c:8c:ec:8c:b4:b9:c8:e2:
         01:ed:e2:5f:17:8d:b9:8e:69:ac:70:11:54:39:66:59:ef:64:
         95:ac:97:42:d4:07:cb:01:db:1e:2a:c8:90:6d:fd:94:cb:38:
         35:e1:da:36:32:af:ce:55:4a:e8:e2:77:ba:b6:1f:fa:44:75:
         32:68:2e:a0:e5:56:23:bb:c4:de:27:40:2a:09:29:40:ad:8a:
         82:3c:eb:bd
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUBVH9QjEe3a2wjFM9E5sLe65LKRAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMzEyMTMxMDFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDM3MjMzMTgwZjNmMWVlNWNjYWU5OGYxNTk5OTcxMTM1YzhhN2YwY2VkMzkx
MzBiODczNDdjNmVjMDM0YTE5NDQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN9+3ootRrNjLAUcXJo54jp3DKetNDouBUCBKZHKh3Gj/1kXT7idOXb7LorH
Wb+EEqQgqBCdz59JywAFOrCn570ivuDPzGa1b0igRwseNUEG6SKfhmywIGfOBy+Y
RYHiH+bfsr6XJVsHqcX9Gis5s6kxetBYZkHvSU4CB17gz9q1YM8PAVtMOslvFuLA
X9fYRlHqxGzd7tRAERCBpx8nWTYs4e/59MaF0g3VnBUUXdln3nEzH8gtGk6SmM7P
4nMEjhsAKzt3GpMdZ5d7a79+VvCXkNxC1UO4INL73r60kK+6sDGhocyx/GdqeBcE
ky9xwjz6C6sd5835RyRY+rb+7a8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQwn/2m
6WgteY+IMKBbfxYCV7Z0wjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MTIzYjIwZWItNDE0Mi00YzE4LTk2ZTAtZDE4NzFkZTY2ZmQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPWMA0G
CSqGSIb3DQEBCwUAA4IBAQBIQ8aV36o6mvMsOkY5NIzI3Xb//tI8W2S22U8koYXW
IZJnMfKIxUnxiW8zy0MO/Eq6cnSPLv9qASYQ4KS57HTXJCHEjzdGPQQDZ8qyeBx1
0Q+6AKq8OV77Kaf+bdWYcIkgth9Bww8ErzvmZc30pLtvjcUqvvW2A+nuvty2E3fs
B+Nx0L+ABzEyDW3wCH6Gs/5ADMsWhuofIEGrLXJ5stxwsja1NZOPtYP/uArMfIzs
jLS5yOIB7eJfF425jmmscBFUOWZZ72SVrJdC1AfLAdseKsiQbf2Uyzg14do2Mq/O
VUro4ne6th/6RHUyaC6g5VYju8TeJ0AqCSlArYqCPOu9
-----END CERTIFICATE-----