Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
File:                     42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa (raw, json)
Hash identifier:          Q44joWCZALAoPAdljCO6okO+LH/6Y9bVNVKP2qudcP4=
Subject key identifier:   4D:B6:16:AC:32:D7:F2:E1:85:7B:C3:63:F6:96:8B:51:B2:59:B3:6E
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       751077F4AB22B83988CF052139B31EE2BF93B9D8
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
Signing time:             Tue 01 Apr 2025 15:11:07 +0000
ROA not before:           Tue 01 Apr 2025 15:11:07 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.24.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:10:77:f4:ab:22:b8:39:88:cf:05:21:39:b3:1e:e2:bf:93:b9:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Apr  1 15:11:07 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:8d:7e:a0:80:8f:8a:f1:db:ee:19:cd:b2:33:
                    c6:71:8d:1d:14:33:43:40:d7:82:e7:4f:05:3c:84:
                    be:e1:97:f2:c9:3f:45:c3:2d:d8:b8:2c:3d:27:be:
                    4c:96:43:0b:7b:d1:2f:05:25:00:12:74:1c:9c:01:
                    3a:5f:9a:5e:e3:cb:1d:d1:6d:30:ea:94:ea:b8:1a:
                    e1:70:3b:fd:c8:6f:7a:cd:87:96:de:41:db:09:8a:
                    6a:f6:f0:00:ba:7b:a6:2f:2c:64:af:9b:4f:d1:91:
                    78:04:2e:1c:58:9e:9e:3e:65:10:4d:ed:c1:64:ca:
                    7c:a4:81:c4:b2:99:88:13:10:c7:72:66:a3:76:ef:
                    4c:1e:63:2b:59:6f:3a:69:9b:ad:17:a3:2e:7d:5a:
                    41:e4:bc:86:0f:ae:da:2c:16:cc:96:34:68:c5:6e:
                    5c:5c:72:ab:6e:b8:af:11:02:ab:bf:85:70:37:fa:
                    71:63:74:fc:60:12:ee:dd:a5:4c:04:e0:98:bf:66:
                    66:fa:f6:8d:9e:e2:4f:eb:7f:d3:de:05:fc:24:18:
                    9c:bc:7d:31:65:ea:54:7f:e6:9d:be:f2:e3:ad:cd:
                    42:51:82:09:7c:55:09:a4:b7:9e:39:e6:3c:f2:66:
                    01:06:81:c2:44:d2:b6:45:69:5f:65:b3:b3:ac:41:
                    0f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:B6:16:AC:32:D7:F2:E1:85:7B:C3:63:F6:96:8B:51:B2:59:B3:6E
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.24.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         58:73:c4:a3:d9:f7:11:07:ae:26:f0:7b:77:1f:26:53:ec:4b:
         16:9a:8a:29:07:24:04:a0:74:62:51:cc:73:45:be:11:4e:7e:
         29:e0:4e:4e:2c:47:5e:9d:ee:4c:3c:87:2e:67:c0:d7:a3:b1:
         ed:b8:c3:d1:74:b0:67:a1:20:ad:3e:6b:c5:dc:62:73:1d:66:
         4a:e1:d5:41:24:c2:1f:08:94:90:02:ab:a3:7b:0f:a7:e9:c0:
         9a:33:cb:9b:8d:1d:dd:98:38:b0:a1:51:38:bc:8d:d0:e5:59:
         86:88:65:70:b5:f3:d7:2f:7d:14:82:52:61:22:de:94:a4:f2:
         f5:f9:c2:f1:c3:db:b9:80:39:5e:ca:2a:cb:98:41:d1:67:1b:
         c5:9d:20:b1:c3:78:98:76:cd:06:74:28:32:b6:55:e2:90:3a:
         3d:7b:b3:71:11:6a:4a:46:05:6f:30:78:bc:71:b1:f4:0b:1b:
         45:19:fc:4d:0f:f9:a4:47:df:48:e6:70:49:df:47:b2:6b:b9:
         02:5b:63:3d:db:e1:7b:f4:da:b3:04:63:82:e3:c8:f4:98:a7:
         a6:c4:a1:58:cc:ec:43:34:79:46:fb:1a:cb:d9:cb:36:0a:c9:
         58:bc:f1:aa:92:ae:be:ed:be:2f:6e:06:dd:2c:ba:e4:54:d4:
         b8:57:7a:d9
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUdRB39KsiuDmIzwUhObMe4r+TudgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MDExNTExMDdaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGM4MDY4NWZhYzE2ODIyZGI5NWZjYjdhOWE2MGViZWE5MDEwOTE4ZWUyYmFj
OTY0ODg0MWY0NTc1YjE0NzMzMWYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMKNfqCAj4rx2+4ZzbIzxnGNHRQzQ0DXgudPBTyEvuGX8sk/RcMt2LgsPSe+
TJZDC3vRLwUlABJ0HJwBOl+aXuPLHdFtMOqU6rga4XA7/chves2Hlt5B2wmKavbw
ALp7pi8sZK+bT9GReAQuHFienj5lEE3twWTKfKSBxLKZiBMQx3Jmo3bvTB5jK1lv
OmmbrRejLn1aQeS8hg+u2iwWzJY0aMVuXFxyq264rxECq7+FcDf6cWN0/GAS7t2l
TATgmL9mZvr2jZ7iT+t/094F/CQYnLx9MWXqVH/mnb7y463NQlGCCXxVCaS3njnm
PPJmAQaBwkTStkVpX2Wzs6xBD0sCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRNthas
Mtfy4YV7w2P2lotRslmzbjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDJmNDdjODUtZTlmZS00MGY5LWFlMWMtNTdlYTFiODA1NDEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMYMA0G
CSqGSIb3DQEBCwUAA4IBAQBYc8Sj2fcRB64m8Ht3HyZT7EsWmoopByQEoHRiUcxz
Rb4RTn4p4E5OLEdene5MPIcuZ8DXo7HtuMPRdLBnoSCtPmvF3GJzHWZK4dVBJMIf
CJSQAqujew+n6cCaM8ubjR3dmDiwoVE4vI3Q5VmGiGVwtfPXL30UglJhIt6UpPL1
+cLxw9u5gDleyirLmEHRZxvFnSCxw3iYds0GdCgytlXikDo9e7NxEWpKRgVvMHi8
cbH0CxtFGfxND/mkR99I5nBJ30eya7kCW2M92+F79NqzBGOC48j0mKemxKFYzOxD
NHlG+xrL2cs2CslYvPGqkq6+7b4vbgbdLLrkVNS4V3rZ
-----END CERTIFICATE-----