Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/44c4496c-63e1-49fc-828b-d77f94e0a789.roa
File:                     44c4496c-63e1-49fc-828b-d77f94e0a789.roa (raw, json)
Hash identifier:          oRa+2mHgRN/HbegL3PN5BhmZaTEqffaRar5Z1Ynkex8=
Subject key identifier:   35:8F:6B:22:13:1B:F3:6B:0A:AB:11:43:B1:FF:F2:A4:40:28:AF:B8
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       7E1A999E858119DCB05FE3F68A5544D6131EFDE5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/44c4496c-63e1-49fc-828b-d77f94e0a789.roa
Signing time:             Tue 01 Apr 2025 15:10:08 +0000
ROA not before:           Tue 01 Apr 2025 15:10:08 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        213.72.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:1a:99:9e:85:81:19:dc:b0:5f:e3:f6:8a:55:44:d6:13:1e:fd:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Apr  1 15:10:08 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c9:49:e1:64:48:de:92:34:47:b2:a1:6b:20:
                    66:fc:5c:cc:42:f7:10:3d:ce:61:58:12:84:c1:d3:
                    60:96:af:d6:c5:a4:23:20:43:3e:45:6f:cf:d5:25:
                    a1:ef:a5:0e:04:1e:eb:d1:dd:3e:d6:ab:36:30:aa:
                    8b:40:3e:b4:2a:45:ff:4d:13:e9:3e:3c:8b:2d:25:
                    0d:4e:fd:c0:bb:bc:c7:05:94:8c:d5:a0:f7:7d:cc:
                    61:7e:fd:57:11:7b:3c:7e:ee:d2:3a:ee:f6:85:52:
                    84:cb:f7:26:fb:0e:4e:bb:dc:f6:e1:82:b5:40:58:
                    bd:ae:3c:b2:41:cb:9f:9e:82:0b:51:57:f1:f0:8d:
                    69:3e:40:dc:98:8d:bc:ec:01:d4:9d:b8:13:8b:61:
                    b6:c3:e2:35:75:bf:86:b2:6e:01:0f:8d:f9:a4:5e:
                    f6:20:57:d4:e3:7b:6b:bf:a3:c1:db:ca:9c:d5:88:
                    35:b8:36:22:26:5c:d6:a7:da:d9:bf:b2:db:a3:55:
                    b8:34:ba:bf:6e:79:df:1e:0f:60:9b:9f:c3:98:ab:
                    f2:c7:5c:29:0a:44:01:6b:49:33:aa:e9:b3:0d:e2:
                    be:f8:87:2c:c4:d6:5a:de:27:eb:10:ed:af:c0:ce:
                    07:02:bf:54:03:f9:2d:0e:78:eb:f0:02:38:df:f9:
                    d1:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:8F:6B:22:13:1B:F3:6B:0A:AB:11:43:B1:FF:F2:A4:40:28:AF:B8
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/44c4496c-63e1-49fc-828b-d77f94e0a789.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.72.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         be:8b:67:5b:9a:a7:5f:aa:a2:59:e6:8e:6e:e1:5d:9a:3f:26:
         cf:0f:f9:5c:d7:7a:97:ce:19:f0:d1:c4:4a:3a:16:f6:44:57:
         3d:e1:97:a4:1b:b7:1c:af:01:64:3c:c0:95:0d:70:94:f0:90:
         f3:cb:4f:b2:06:b9:1b:53:e9:6a:8b:6f:bb:cf:f3:d9:e9:35:
         0e:61:88:d4:4b:41:5c:72:08:1e:07:28:f0:74:a8:78:40:4a:
         de:cb:92:f5:85:e1:82:26:f6:bc:d5:e7:6f:f7:f7:6c:71:ce:
         d5:24:d1:13:b3:a8:8f:06:92:44:9a:69:05:58:1e:c1:3e:be:
         49:d6:9e:5d:0f:79:30:b2:d5:cf:db:13:03:1c:59:24:d8:7c:
         20:3f:1b:0e:f5:c6:31:42:d3:b6:7f:2f:d7:94:be:31:49:4f:
         87:9a:6c:ac:3e:f4:cc:e2:c8:60:de:94:0d:42:6f:87:59:d6:
         90:33:a6:8e:42:73:e4:03:10:3b:bc:92:8a:e2:68:ba:69:44:
         f5:ce:c2:40:49:99:93:d6:a1:19:a8:04:10:fd:60:4a:82:0c:
         4b:e8:df:d2:b8:3c:cf:18:15:52:24:12:68:e6:dd:97:c4:35:
         1e:44:53:b0:23:ca:af:60:1a:f0:ad:fe:ad:d4:e2:48:71:0b:
         a0:f7:04:5d
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUfhqZnoWBGdywX+P2ilVE1hMe/eUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MDExNTEwMDhaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGExMDU3MjM2ZDlkMzY1ZTgzNjhiNjVkNTg3ODE5ZTFjNjAxOTdmMDgxYjA1
NTE1Y2E1OTUyZWE5ZGI1Mzk1MjkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALXJSeFkSN6SNEeyoWsgZvxczEL3ED3OYVgShMHTYJav1sWkIyBDPkVvz9Ul
oe+lDgQe69HdPtarNjCqi0A+tCpF/00T6T48iy0lDU79wLu8xwWUjNWg933MYX79
VxF7PH7u0jru9oVShMv3JvsOTrvc9uGCtUBYva48skHLn56CC1FX8fCNaT5A3JiN
vOwB1J24E4thtsPiNXW/hrJuAQ+N+aRe9iBX1ON7a7+jwdvKnNWINbg2IiZc1qfa
2b+y26NVuDS6v2553x4PYJufw5ir8sdcKQpEAWtJM6rpsw3ivviHLMTWWt4n6xDt
r8DOBwK/VAP5LQ546/ACON/50YkCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQ1j2si
ExvzawqrEUOx//KkQCivuDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDRjNDQ5NmMtNjNlMS00OWZjLTgyOGItZDc3Zjk0ZTBhNzg5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB9VIgDAN
BgkqhkiG9w0BAQsFAAOCAQEAvotnW5qnX6qiWeaObuFdmj8mzw/5XNd6l84Z8NHE
SjoW9kRXPeGXpBu3HK8BZDzAlQ1wlPCQ88tPsga5G1Ppaotvu8/z2ek1DmGI1EtB
XHIIHgco8HSoeEBK3suS9YXhgib2vNXnb/f3bHHO1STRE7OojwaSRJppBVgewT6+
SdaeXQ95MLLVz9sTAxxZJNh8ID8bDvXGMULTtn8v15S+MUlPh5psrD70zOLIYN6U
DUJvh1nWkDOmjkJz5AMQO7ySiuJoumlE9c7CQEmZk9ahGagEEP1gSoIMS+jf0rg8
zxgVUiQSaObdl8Q1HkRTsCPKr2Aa8K3+rdTiSHELoPcEXQ==
-----END CERTIFICATE-----