Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/70bc7703-020e-4153-b340-cced3a436951.roa
File:                     70bc7703-020e-4153-b340-cced3a436951.roa (raw, json)
Hash identifier:          4QmHfHGO6loMr5qrgCrvPkytCtmhuIfUOWx5NJfyTSs=
Subject key identifier:   0C:24:9E:9C:FC:8D:3D:6F:34:7B:E6:99:6B:31:95:FA:06:1B:74:62
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       4761F242E7F966992CE8672F07C7F949CAFE9779
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/70bc7703-020e-4153-b340-cced3a436951.roa
Signing time:             Tue 01 Apr 2025 15:11:22 +0000
ROA not before:           Tue 01 Apr 2025 15:11:22 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.96.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:61:f2:42:e7:f9:66:99:2c:e8:67:2f:07:c7:f9:49:ca:fe:97:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Apr  1 15:11:22 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b1:4a:32:b9:98:d1:b8:55:a6:b4:ad:e5:b1:
                    5b:28:f1:f9:a4:83:49:82:88:a2:a7:34:72:ad:36:
                    0d:de:03:e2:2d:08:cb:81:b4:3d:4d:ba:94:19:63:
                    42:5d:a7:4e:4c:f3:3a:75:49:f9:f0:8c:36:af:db:
                    d8:28:5d:a1:fc:c9:2c:2f:0e:4e:91:09:9a:21:d9:
                    84:09:03:47:1a:ed:26:5e:78:55:6b:df:04:d4:bd:
                    5e:98:b8:db:06:b5:69:54:7c:dc:43:5a:ef:7a:66:
                    3b:a5:a3:d3:43:0b:14:5a:a4:ba:ef:e7:ac:3a:b6:
                    86:51:2b:4f:f0:d4:72:7a:77:da:56:ee:c0:9d:55:
                    2d:18:03:80:ea:69:9f:4e:96:42:f5:b0:74:26:45:
                    02:f3:fb:01:19:f4:50:be:17:e2:ad:b9:a9:73:98:
                    4b:6c:b8:be:20:f9:84:6b:02:d7:7a:72:fa:e4:89:
                    47:07:f6:28:63:57:68:20:8d:74:3d:7e:0d:fe:ba:
                    2c:2c:fb:b7:c1:2f:c0:26:f1:df:da:50:19:57:3c:
                    77:e4:3b:c1:cb:69:92:6d:65:3a:8a:e0:18:9e:82:
                    ef:2a:43:34:4d:a9:b5:05:a6:f1:42:2a:08:7d:5f:
                    e6:8d:f0:34:83:41:4f:58:e9:d9:1a:8e:38:fe:62:
                    05:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:24:9E:9C:FC:8D:3D:6F:34:7B:E6:99:6B:31:95:FA:06:1B:74:62
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/70bc7703-020e-4153-b340-cced3a436951.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.96.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ab:f6:b2:eb:fc:1e:99:8d:f3:aa:08:90:53:26:26:b4:1c:42:
         84:ac:64:0c:fa:4b:eb:af:7b:31:b4:0a:33:16:bb:63:b4:8c:
         62:2b:bf:7d:cd:08:1a:e1:d5:6e:80:07:4f:0d:a4:fd:4a:6f:
         04:5b:2e:77:1a:9e:2e:d2:2a:57:93:83:50:50:87:a2:ab:d8:
         c9:0c:41:0c:fc:44:2f:b3:50:51:87:c6:75:0b:85:04:08:3e:
         d3:6b:85:eb:20:97:7a:09:3a:ef:e3:7a:bf:78:d4:5a:2d:f8:
         26:67:ab:f3:cb:2a:3c:ac:0a:8e:85:b3:c1:fb:f2:10:a4:fe:
         7a:e6:f9:a5:96:5b:ef:e1:d3:ef:2d:a5:14:0b:2a:c1:1c:93:
         03:ce:e8:8b:09:f1:ab:7c:f5:0e:db:a9:d8:5f:86:8e:97:3b:
         fa:e2:91:1a:15:ad:01:7d:d7:11:85:e8:b7:7c:64:ef:e1:19:
         7d:ce:c3:7b:26:0b:1a:2c:5c:0f:9e:c0:4f:9a:7a:31:54:0c:
         3f:0b:80:62:a7:e2:f7:bc:cf:d9:00:50:5e:6a:cf:06:99:d4:
         4a:80:51:99:65:89:7f:3c:37:af:c5:63:33:54:5d:13:f7:95:
         0e:a8:98:07:7e:42:e6:72:fe:35:6e:bc:39:0d:c5:21:cf:e5:
         1d:e2:6f:36
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUR2HyQuf5Zpks6GcvB8f5Scr+l3kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MDExNTExMjJaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDkyZTViMmE2MTZjZjdjNDk2Yzk1YTY5N2ZjZDJmNTY3NjE2MDlkMWM5NGEx
MjBhOGYwN2VjODdlMjI1NzczM2UxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALKxSjK5mNG4Vaa0reWxWyjx+aSDSYKIoqc0cq02Dd4D4i0Iy4G0PU26lBlj
Ql2nTkzzOnVJ+fCMNq/b2ChdofzJLC8OTpEJmiHZhAkDRxrtJl54VWvfBNS9Xpi4
2wa1aVR83ENa73pmO6Wj00MLFFqkuu/nrDq2hlErT/DUcnp32lbuwJ1VLRgDgOpp
n06WQvWwdCZFAvP7ARn0UL4X4q25qXOYS2y4viD5hGsC13py+uSJRwf2KGNXaCCN
dD1+Df66LCz7t8EvwCbx39pQGVc8d+Q7wctpkm1lOorgGJ6C7ypDNE2ptQWm8UIq
CH1f5o3wNINBT1jp2RqOOP5iBasCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQMJJ6c
/I09bzR75plrMZX6Bht0YjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NzBiYzc3MDMtMDIwZS00MTUzLWIzNDAtY2NlZDNhNDM2OTUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNgMA0G
CSqGSIb3DQEBCwUAA4IBAQCr9rLr/B6ZjfOqCJBTJia0HEKErGQM+kvrr3sxtAoz
FrtjtIxiK799zQga4dVugAdPDaT9Sm8EWy53Gp4u0ipXk4NQUIeiq9jJDEEM/EQv
s1BRh8Z1C4UECD7Ta4XrIJd6CTrv43q/eNRaLfgmZ6vzyyo8rAqOhbPB+/IQpP56
5vmlllvv4dPvLaUUCyrBHJMDzuiLCfGrfPUO26nYX4aOlzv64pEaFa0BfdcRhei3
fGTv4Rl9zsN7JgsaLFwPnsBPmnoxVAw/C4Bip+L3vM/ZAFBeas8GmdRKgFGZZYl/
PDevxWMzVF0T95UOqJgHfkLmcv41brw5DcUhz+Ud4m82
-----END CERTIFICATE-----