Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60c89335-41cc-407d-8ffe-34cda7e66bb7.roa
File:                     60c89335-41cc-407d-8ffe-34cda7e66bb7.roa (raw, json)
Hash identifier:          cm4/MrMT9HkZmk8vwesDJrjddPu+f0S75IGHr+U+nQg=
Subject key identifier:   B8:3D:F1:23:69:93:53:8B:45:B6:DA:FB:AA:64:E7:8B:D5:02:8D:31
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       50802EC8AA0DBFC4FA3FE1116C4DE28B5C06C491
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60c89335-41cc-407d-8ffe-34cda7e66bb7.roa
Signing time:             Tue 01 Apr 2025 15:11:24 +0000
ROA not before:           Tue 01 Apr 2025 15:11:24 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.96.0.0/14 maxlen: 14
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:80:2e:c8:aa:0d:bf:c4:fa:3f:e1:11:6c:4d:e2:8b:5c:06:c4:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Apr  1 15:11:24 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:d0:33:a9:63:0d:e9:ea:c2:57:8f:9e:f7:08:
                    b7:9a:12:4e:7d:1c:7d:4b:45:5a:76:30:59:63:49:
                    f9:17:31:9b:72:1a:d1:d3:19:fe:c9:27:d8:5a:fa:
                    1f:a3:b5:c9:b2:30:9b:91:c0:ac:40:a1:80:07:ad:
                    f4:4f:93:09:b2:a7:cd:07:0e:72:cc:84:77:ba:8f:
                    55:3d:f0:b0:e0:70:ea:61:34:af:fe:a9:48:a4:c0:
                    cd:d0:5f:bd:ba:22:95:32:63:19:2e:a2:7d:bb:d5:
                    7d:c8:e7:fe:26:b8:29:c1:21:5b:f5:98:59:42:6f:
                    e6:34:be:51:21:c9:81:eb:f7:2a:b2:8f:2a:b8:b3:
                    1a:f2:2e:12:13:a1:f5:73:7a:ee:49:ff:d7:35:6d:
                    e4:3c:f3:12:22:53:ec:35:2b:6b:86:78:be:48:68:
                    2a:8c:f2:f6:4b:92:2e:83:9f:c5:44:9e:12:80:3e:
                    2d:c7:85:41:a2:95:e5:6c:ee:ee:3e:64:fe:88:2b:
                    c4:8b:a3:eb:d8:18:cd:39:8e:05:fe:6e:d3:c2:75:
                    e7:88:19:bb:b5:70:ef:25:b1:d0:79:01:eb:17:47:
                    88:3b:2c:35:fa:5d:0b:94:93:b7:2b:ce:7f:a7:a1:
                    5f:43:a4:2c:4a:20:47:c8:12:71:fd:96:e3:b3:48:
                    0b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:3D:F1:23:69:93:53:8B:45:B6:DA:FB:AA:64:E7:8B:D5:02:8D:31
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60c89335-41cc-407d-8ffe-34cda7e66bb7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.96.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         35:71:6c:bb:52:c7:dd:55:18:09:57:8c:ec:c6:93:20:56:03:
         4e:de:41:54:99:c7:88:87:1e:cd:4d:e0:f6:70:8c:26:ac:60:
         9b:ef:6d:db:f4:20:00:92:4b:aa:b1:d6:af:3d:7f:38:ec:eb:
         8f:f4:02:b0:e4:40:29:d7:b8:c5:63:cf:25:f8:6a:51:ee:97:
         ec:52:62:2d:26:c1:c9:13:10:42:c8:c2:93:58:f6:3a:47:f4:
         ff:cc:e8:79:60:3e:68:6f:d1:67:d7:09:d9:b0:51:ff:62:30:
         a9:ee:16:ca:b9:8a:fb:28:f9:9d:c1:f7:3e:b3:6c:48:b0:95:
         ad:b0:d4:94:92:2e:39:35:77:5a:0b:e0:69:11:58:7f:7a:3b:
         55:8f:09:1d:ee:c6:23:7f:d8:b5:b9:16:f9:d2:a8:13:9f:d6:
         69:2c:76:1a:80:30:fd:3d:29:bc:46:70:e3:59:99:3d:10:6c:
         2c:85:e1:f1:29:84:6e:72:f3:bd:45:35:4d:eb:e8:d6:01:0c:
         3d:df:e2:31:38:76:79:fb:ab:10:72:99:b5:b2:01:c2:7e:02:
         39:aa:9d:0b:f9:2e:0e:41:e6:a8:19:3a:90:3a:7f:6a:b9:4b:
         e7:fc:17:c9:dd:9a:71:58:e4:6c:d0:19:e5:28:ca:9d:96:93:
         96:47:56:c9
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUUIAuyKoNv8T6P+ERbE3ii1wGxJEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MDExNTExMjRaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDA4YzUwY2Y3NTRhOThhOTk5MjQ0YTdhZmM5ZGQyNWNkMTUyOTlhN2ZlOGQ2
Mzg1MDM0YzEwYjEwZGMyN2ZjYjYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN3QM6ljDenqwlePnvcIt5oSTn0cfUtFWnYwWWNJ+Rcxm3Ia0dMZ/skn2Fr6
H6O1ybIwm5HArEChgAet9E+TCbKnzQcOcsyEd7qPVT3wsOBw6mE0r/6pSKTAzdBf
vboilTJjGS6ifbvVfcjn/ia4KcEhW/WYWUJv5jS+USHJgev3KrKPKrizGvIuEhOh
9XN67kn/1zVt5DzzEiJT7DUra4Z4vkhoKozy9kuSLoOfxUSeEoA+LceFQaKV5Wzu
7j5k/ogrxIuj69gYzTmOBf5u08J154gZu7Vw7yWx0HkB6xdHiDssNfpdC5STtyvO
f6ehX0OkLEogR8gScf2W47NIC78CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS4PfEj
aZNTi0W22vuqZOeL1QKNMTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjBjODkzMzUtNDFjYy00MDdkLThmZmUtMzRjZGE3ZTY2YmI3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAjNgMA0G
CSqGSIb3DQEBCwUAA4IBAQA1cWy7UsfdVRgJV4zsxpMgVgNO3kFUmceIhx7NTeD2
cIwmrGCb723b9CAAkkuqsdavPX847OuP9AKw5EAp17jFY88l+GpR7pfsUmItJsHJ
ExBCyMKTWPY6R/T/zOh5YD5ob9Fn1wnZsFH/YjCp7hbKuYr7KPmdwfc+s2xIsJWt
sNSUki45NXdaC+BpEVh/ejtVjwkd7sYjf9i1uRb50qgTn9ZpLHYagDD9PSm8RnDj
WZk9EGwsheHxKYRucvO9RTVN6+jWAQw93+IxOHZ5+6sQcpm1sgHCfgI5qp0L+S4O
QeaoGTqQOn9quUvn/BfJ3ZpxWORs0BnlKMqdlpOWR1bJ
-----END CERTIFICATE-----