Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1b39e9a7-4f3d-4cfc-975f-d9eaceed0ed2.roa
File:                     1b39e9a7-4f3d-4cfc-975f-d9eaceed0ed2.roa (raw, json)
Hash identifier:          JGH+SRusU9YmCkvg9SbMsYR6+qp7tQz667gI6EN0Z9A=
Subject key identifier:   29:FD:CF:42:16:3A:48:D0:EB:F2:E0:C0:94:78:BA:6F:A1:AC:76:75
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       47FDF3EF326EB7963DCB53F7D77C6B8697F6FBB2
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1b39e9a7-4f3d-4cfc-975f-d9eaceed0ed2.roa
Signing time:             Mon 31 Mar 2025 21:30:32 +0000
ROA not before:           Mon 31 Mar 2025 21:30:32 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.134.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:fd:f3:ef:32:6e:b7:96:3d:cb:53:f7:d7:7c:6b:86:97:f6:fb:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 31 21:30:32 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e3:ba:9e:ba:5f:d6:60:db:68:88:19:75:ae:
                    d7:61:5e:d4:3a:8c:eb:ec:77:45:97:39:9d:7b:3c:
                    ca:0f:e1:e3:22:80:bc:97:f8:cc:c7:20:57:97:35:
                    80:60:15:11:89:1b:be:a9:4a:d3:69:b1:3a:1d:6b:
                    56:82:89:f3:10:88:2d:8e:cf:90:f5:0f:b1:a6:10:
                    9d:54:03:9f:67:f5:0e:a6:da:b7:aa:a6:32:e1:c4:
                    57:d6:e7:7e:e9:32:42:0e:73:6c:6c:ec:5b:70:fb:
                    da:c2:d4:ea:ee:4d:63:5e:9c:a2:a5:82:06:29:94:
                    2c:a1:78:7f:9f:0c:68:dd:b9:35:ee:df:1f:0c:e1:
                    b1:d3:1c:60:ac:4f:36:bc:31:ef:a3:e6:c6:27:19:
                    68:02:82:c8:b3:5a:c5:1f:93:5d:e5:f4:6b:67:b6:
                    6b:cf:83:5b:f5:79:5a:44:f7:d1:ef:d9:c2:ac:13:
                    0b:ba:64:44:0a:c7:7b:52:7d:c3:24:2f:19:33:d4:
                    69:5a:18:83:c1:7c:36:63:1e:42:2d:bb:37:c2:5e:
                    83:25:da:1f:e6:cd:b0:95:2a:4f:71:8c:f4:d5:0e:
                    f4:ae:a4:9d:f9:e9:1e:c8:0a:85:ce:6e:32:41:28:
                    ad:70:91:80:5e:4e:09:28:12:9c:52:a6:32:2e:b2:
                    a3:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:FD:CF:42:16:3A:48:D0:EB:F2:E0:C0:94:78:BA:6F:A1:AC:76:75
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1b39e9a7-4f3d-4cfc-975f-d9eaceed0ed2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.134.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b1:d2:ea:aa:10:63:8c:41:38:e0:4f:f3:a5:2f:ef:38:fd:fa:
         e7:62:74:df:d0:d9:43:ca:c8:e2:ee:9b:d6:7a:43:3f:a4:b4:
         18:8d:68:7a:14:33:39:5f:37:a8:7e:44:ad:43:4e:bc:02:d5:
         2e:29:9d:b2:32:5d:04:0e:d9:3d:38:dc:0c:b1:6c:6f:0b:d1:
         b2:ee:9e:46:ca:a2:25:5c:c6:7a:bf:0e:e6:00:b4:41:74:53:
         b3:bf:82:a6:53:2c:d4:07:47:26:33:95:96:f2:1f:da:8f:7a:
         fe:b1:e4:da:98:a2:d0:58:ba:7a:58:a0:d1:5b:2c:32:8c:b1:
         c6:52:49:78:6e:a4:4b:c4:70:38:7d:e4:a8:91:5b:e9:24:4a:
         5d:21:47:91:e9:15:b0:20:a0:3c:bc:b8:0b:43:6c:20:b9:51:
         b8:94:11:27:ab:63:81:8a:2d:d2:3b:4d:ce:64:68:17:21:43:
         dd:21:37:c2:d9:ce:2d:e3:9d:ed:08:d8:ab:ab:5a:45:3a:0d:
         ba:06:15:0f:11:4a:59:36:5e:1e:63:de:73:88:94:5f:86:ab:
         f9:f5:89:34:fc:7f:09:05:30:54:4a:6c:91:13:09:f8:c2:80:
         cd:44:5a:51:aa:72:2e:4a:af:d5:00:12:a0:e1:b6:e3:db:b8:
         f6:25:80:74
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUR/3z7zJut5Y9y1P313xrhpf2+7IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMzEyMTMwMzJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDcwMTkwZWY3YjljYmJhZjg1ZmFkMWQ4Mzc0NTU2N2I0M2M1YTNkMTU3MDJm
YzQ3NWRiNDgzMzQ4OTRiZjg0NDExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK7jup66X9Zg22iIGXWu12Fe1DqM6+x3RZc5nXs8yg/h4yKAvJf4zMcgV5c1
gGAVEYkbvqlK02mxOh1rVoKJ8xCILY7PkPUPsaYQnVQDn2f1Dqbat6qmMuHEV9bn
fukyQg5zbGzsW3D72sLU6u5NY16coqWCBimULKF4f58MaN25Ne7fHwzhsdMcYKxP
Nrwx76PmxicZaAKCyLNaxR+TXeX0a2e2a8+DW/V5WkT30e/ZwqwTC7pkRArHe1J9
wyQvGTPUaVoYg8F8NmMeQi27N8JegyXaH+bNsJUqT3GM9NUO9K6knfnpHsgKhc5u
MkEorXCRgF5OCSgSnFKmMi6yo2cCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQp/c9C
FjpI0Ovy4MCUeLpvoax2dTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MWIzOWU5YTctNGYzZC00Y2ZjLTk3NWYtZDllYWNlZWQwZWQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOGMA0G
CSqGSIb3DQEBCwUAA4IBAQCx0uqqEGOMQTjgT/OlL+84/frnYnTf0NlDysji7pvW
ekM/pLQYjWh6FDM5XzeofkStQ068AtUuKZ2yMl0EDtk9ONwMsWxvC9Gy7p5GyqIl
XMZ6vw7mALRBdFOzv4KmUyzUB0cmM5WW8h/aj3r+seTamKLQWLp6WKDRWywyjLHG
Ukl4bqRLxHA4feSokVvpJEpdIUeR6RWwIKA8vLgLQ2wguVG4lBEnq2OBii3SO03O
ZGgXIUPdITfC2c4t453tCNirq1pFOg26BhUPEUpZNl4eY95ziJRfhqv59Yk0/H8J
BTBUSmyREwn4woDNRFpRqnIuSq/VABKg4bbj27j2JYB0
-----END CERTIFICATE-----