Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6252e9a3-4fdc-4c43-b91b-deb58ca2dd7c.roa
File:                     6252e9a3-4fdc-4c43-b91b-deb58ca2dd7c.roa (raw, json)
Hash identifier:          2GqG2aZTvXGmVVtCyvany4wGBpUiomjQrt/iDyXRDsU=
Subject key identifier:   5B:40:76:64:09:CD:BC:57:6D:48:FD:5C:CC:69:0E:8E:04:06:43:5A
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       1D59F55CF8F25B1D3A19BA0D33C4ABC64F1A59C2
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6252e9a3-4fdc-4c43-b91b-deb58ca2dd7c.roa
Signing time:             Tue 01 Apr 2025 15:11:12 +0000
ROA not before:           Tue 01 Apr 2025 15:11:12 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.46.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:59:f5:5c:f8:f2:5b:1d:3a:19:ba:0d:33:c4:ab:c6:4f:1a:59:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Apr  1 15:11:12 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bc:d0:93:98:3e:2a:38:e0:ed:4d:01:8e:e4:
                    37:e2:87:c3:f7:c6:30:f3:cd:6c:35:29:bb:78:02:
                    bc:b6:69:1b:ae:ee:89:49:bc:92:e4:f8:d4:70:bd:
                    25:41:ca:74:0d:1c:a4:69:8d:f9:fe:86:03:a4:63:
                    01:a6:de:eb:c1:a7:32:99:8a:c7:18:2f:9a:06:ce:
                    e2:b2:42:44:90:f0:43:5a:cf:97:75:d0:df:82:e3:
                    c3:a8:5b:c2:08:77:0b:46:82:c0:40:57:df:41:07:
                    b5:9c:0a:74:9a:a9:91:3c:a8:34:cb:03:52:df:f1:
                    38:b8:c4:cf:56:e2:98:eb:89:b1:b4:84:51:4d:a0:
                    7b:a2:29:85:8c:53:c4:d4:84:82:bc:e5:75:ee:8d:
                    98:a2:88:6d:11:ff:2c:b6:19:f9:e2:87:8c:b6:9a:
                    2d:26:a7:cb:61:2c:e9:68:d5:ac:c7:64:1a:6e:69:
                    c8:9e:d9:f5:9e:61:fd:d4:55:14:97:49:f1:0a:15:
                    f2:45:e8:5e:5a:c2:b6:a0:66:67:18:d1:b1:ab:75:
                    ef:8c:fa:1c:1b:d4:d7:ed:0f:b9:e3:f8:d7:b7:2b:
                    90:27:5e:73:17:f6:59:4b:94:9a:98:5d:69:a8:1f:
                    99:28:8a:20:78:de:60:56:19:a8:9d:45:9b:76:07:
                    0d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:40:76:64:09:CD:BC:57:6D:48:FD:5C:CC:69:0E:8E:04:06:43:5A
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6252e9a3-4fdc-4c43-b91b-deb58ca2dd7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.46.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         d3:3d:57:ca:bd:1e:18:dc:40:be:4d:4f:ee:8c:f3:be:f0:58:
         14:f3:97:ac:56:8c:e9:31:ab:ef:23:ac:85:18:ff:4b:c3:23:
         4c:a3:b9:39:d5:d8:11:f2:7c:d6:7c:75:ff:0d:55:f1:bc:ba:
         63:5f:56:eb:40:73:5a:32:b7:ae:06:21:dd:55:3a:73:1a:aa:
         bb:14:27:20:76:98:97:b2:a7:8a:c5:f4:7b:d2:f4:88:5a:73:
         7b:4f:bc:d0:b7:d2:a8:a3:3d:2e:2d:ad:d7:f4:c0:57:06:0a:
         41:eb:9c:28:d9:83:b8:10:5d:41:f5:05:01:35:98:07:6f:72:
         49:35:47:67:21:98:57:78:3c:5d:83:c0:2f:8f:d8:7b:8a:30:
         cd:eb:15:da:a7:4a:9b:6a:7e:f7:cb:cf:50:a8:84:96:56:8a:
         09:be:75:3b:2c:f1:90:36:63:c2:f1:9f:84:d6:3f:36:22:6b:
         7c:37:a9:3b:fc:dd:7c:c4:67:cb:5a:b6:c9:02:59:05:be:ba:
         e6:eb:f9:93:e7:f0:53:ed:e5:ed:c4:f5:62:19:d7:9a:ef:f7:
         d4:09:cb:02:09:78:29:9f:5f:e6:4e:b6:9c:78:b8:d6:66:59:
         89:10:d5:fa:18:72:62:f5:e0:31:bb:55:25:bc:88:85:18:85:
         a7:22:7a:e0
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUHVn1XPjyWx06GboNM8Srxk8aWcIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MDExNTExMTJaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDI0MWY1ZDhiYzVhZjI0NjkzODkzOTRkMjZkMTY0MzMwZTY1NzdlOThiMzNh
OWVmZmMyNDgyYTQyYWRhNmRlZDgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALS80JOYPio44O1NAY7kN+KHw/fGMPPNbDUpu3gCvLZpG67uiUm8kuT41HC9
JUHKdA0cpGmN+f6GA6RjAabe68GnMpmKxxgvmgbO4rJCRJDwQ1rPl3XQ34Ljw6hb
wgh3C0aCwEBX30EHtZwKdJqpkTyoNMsDUt/xOLjEz1bimOuJsbSEUU2ge6IphYxT
xNSEgrzlde6NmKKIbRH/LLYZ+eKHjLaaLSany2Es6WjVrMdkGm5pyJ7Z9Z5h/dRV
FJdJ8QoV8kXoXlrCtqBmZxjRsat174z6HBvU1+0PueP417crkCdecxf2WUuUmphd
aagfmSiKIHjeYFYZqJ1Fm3YHDT8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRbQHZk
Cc28V21I/VzMaQ6OBAZDWjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjI1MmU5YTMtNGZkYy00YzQzLWI5MWItZGViNThjYTJkZDdjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATMuMA0G
CSqGSIb3DQEBCwUAA4IBAQDTPVfKvR4Y3EC+TU/ujPO+8FgU85esVozpMavvI6yF
GP9LwyNMo7k51dgR8nzWfHX/DVXxvLpjX1brQHNaMreuBiHdVTpzGqq7FCcgdpiX
sqeKxfR70vSIWnN7T7zQt9Kooz0uLa3X9MBXBgpB65wo2YO4EF1B9QUBNZgHb3JJ
NUdnIZhXeDxdg8Avj9h7ijDN6xXap0qban73y89QqISWVooJvnU7LPGQNmPC8Z+E
1j82Imt8N6k7/N18xGfLWrbJAlkFvrrm6/mT5/BT7eXtxPViGdea7/fUCcsCCXgp
n1/mTraceLjWZlmJENX6GHJi9eAxu1UlvIiFGIWnInrg
-----END CERTIFICATE-----