Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/80e298e3-975b-4cea-9586-8d04a37a53a2.roa
File:                     80e298e3-975b-4cea-9586-8d04a37a53a2.roa (raw, json)
Hash identifier:          Q5RLuSaSvI/XdRrkMBUL7je6q5yuGNrMtmcsImj3Qj4=
Subject key identifier:   0C:22:60:3F:4B:DC:78:6F:67:AA:FF:EC:BA:53:E1:38:0C:6C:67:9E
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       3660E6B70DAE1360EFE6C2D7F0D1B27DF9A57A09
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/80e298e3-975b-4cea-9586-8d04a37a53a2.roa
Signing time:             Fri 21 Mar 2025 15:10:06 +0000
ROA not before:           Fri 21 Mar 2025 15:10:06 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        57.93.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:60:e6:b7:0d:ae:13:60:ef:e6:c2:d7:f0:d1:b2:7d:f9:a5:7a:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 21 15:10:06 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:00:81:57:df:80:91:14:33:fe:54:63:ab:82:
                    ca:00:58:68:9d:72:de:ca:0a:32:c4:fa:6d:78:2b:
                    d0:ae:85:0b:ce:a5:54:c4:60:8f:ac:fc:a5:d6:73:
                    c1:f5:e1:29:29:44:a1:2c:2d:af:f1:03:cc:90:17:
                    a1:36:bb:d7:5c:ac:10:b7:a6:17:40:d3:d6:29:ae:
                    7e:8c:90:e4:f3:bc:12:57:29:95:40:d8:5d:24:a2:
                    55:4c:30:fd:bb:66:cb:18:72:d6:08:57:c3:f3:a1:
                    84:b0:f8:6c:36:a8:15:30:ca:4e:dc:4b:f3:15:25:
                    79:d9:05:f8:15:34:e8:e8:e6:2d:27:32:b3:f3:5d:
                    cc:ba:40:ac:18:98:9b:5e:c8:b5:3a:ea:b5:72:d9:
                    ff:e9:81:d2:cf:57:e0:95:7e:20:b3:43:42:ef:81:
                    65:e8:2a:43:f6:68:35:48:ae:e0:f0:0b:48:58:f1:
                    46:25:53:52:b0:7b:e0:69:55:44:1f:9c:0e:d7:3c:
                    1a:da:d0:27:8f:b5:db:85:24:ad:e4:ae:b4:a1:12:
                    8c:f2:4f:af:cd:f1:17:4b:5e:71:48:80:3f:57:c4:
                    bd:b8:e5:5d:97:8a:ed:ad:ee:2e:04:3e:a5:35:b7:
                    09:06:79:ef:6b:8d:12:02:d6:31:b0:8e:7e:30:3e:
                    ba:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:22:60:3F:4B:DC:78:6F:67:AA:FF:EC:BA:53:E1:38:0C:6C:67:9E
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/80e298e3-975b-4cea-9586-8d04a37a53a2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.93.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         58:a1:8a:d6:bd:51:27:30:14:3c:65:30:2f:34:4e:78:84:48:
         ea:be:0e:3e:63:76:07:eb:b7:00:0c:c6:b4:eb:cf:7d:66:8c:
         ae:76:dd:c3:86:d4:0a:47:e4:38:5e:34:d5:ec:db:c9:c2:83:
         01:2f:4f:34:c4:61:6d:3f:42:b0:ee:36:7f:d6:26:1c:f8:b4:
         fa:33:1b:eb:56:ce:f7:23:19:7a:0d:ca:f2:4a:08:1b:57:d5:
         48:cf:93:1e:73:64:ca:57:ef:be:1c:e8:ff:cc:ba:0b:28:22:
         eb:56:0e:75:cb:cf:6a:41:49:e3:7c:66:ca:1a:ae:ac:5a:11:
         0d:27:dd:c6:bf:bb:5b:78:ae:c9:a4:0b:d5:ca:5e:c1:02:74:
         42:66:f3:98:69:e9:66:b2:b4:f7:af:07:0c:07:59:a1:5a:c1:
         c6:f3:60:a7:78:d9:58:b7:5a:09:0d:ff:f1:35:12:f4:b0:f9:
         37:68:27:a5:aa:eb:d8:af:af:08:71:04:6b:d6:43:22:44:14:
         7e:01:82:cc:d2:29:7d:22:50:48:06:6a:14:0d:f5:fc:80:75:
         3e:7a:2e:d9:3a:6c:eb:16:1b:50:91:ad:ab:03:09:e5:e7:e2:
         f1:ac:11:1f:3f:27:c8:e8:7d:c6:32:f7:37:62:39:49:5f:d8:
         df:48:c2:4a
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUNmDmtw2uE2Dv5sLX8NGyffmlegkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMjExNTEwMDZaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDMxNjIyMTkzYWJjMDNiNDcxOGUxZGJhNGE2ZmQ2ZjZhYjA0ZmNkNTM1OWZk
YmYyZjk3NzhmOTU5N2RjM2ZlYzcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANkAgVffgJEUM/5UY6uCygBYaJ1y3soKMsT6bXgr0K6FC86lVMRgj6z8pdZz
wfXhKSlEoSwtr/EDzJAXoTa711ysELemF0DT1imufoyQ5PO8ElcplUDYXSSiVUww
/btmyxhy1ghXw/OhhLD4bDaoFTDKTtxL8xUledkF+BU06OjmLScys/NdzLpArBiY
m17ItTrqtXLZ/+mB0s9X4JV+ILNDQu+BZegqQ/ZoNUiu4PALSFjxRiVTUrB74GlV
RB+cDtc8GtrQJ4+124UkreSutKESjPJPr83xF0tecUiAP1fEvbjlXZeK7a3uLgQ+
pTW3CQZ572uNEgLWMbCOfjA+upECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQMImA/
S9x4b2eq/+y6U+E4DGxnnjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODBlMjk4ZTMtOTc1Yi00Y2VhLTk1ODYtOGQwNGEzN2E1M2EyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADldMA0G
CSqGSIb3DQEBCwUAA4IBAQBYoYrWvVEnMBQ8ZTAvNE54hEjqvg4+Y3YH67cADMa0
6899Zoyudt3DhtQKR+Q4XjTV7NvJwoMBL080xGFtP0Kw7jZ/1iYc+LT6MxvrVs73
Ixl6DcrySggbV9VIz5Mec2TKV+++HOj/zLoLKCLrVg51y89qQUnjfGbKGq6sWhEN
J93Gv7tbeK7JpAvVyl7BAnRCZvOYaelmsrT3rwcMB1mhWsHG82CneNlYt1oJDf/x
NRL0sPk3aCelquvYr68IcQRr1kMiRBR+AYLM0il9IlBIBmoUDfX8gHU+ei7ZOmzr
FhtQka2rAwnl5+LxrBEfPyfI6H3GMvc3YjlJX9jfSMJK
-----END CERTIFICATE-----