Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/85056db0-2868-4547-8893-66ae7ad101d4.roa
File:                     85056db0-2868-4547-8893-66ae7ad101d4.roa (raw, json)
Hash identifier:          jT/mh5ZsCAzkr+orlt7tuVZQ7zag37vBNop6Dy7nnYc=
Subject key identifier:   05:79:B6:DC:49:D4:38:BF:87:FA:DB:8F:75:A3:A3:E8:E8:89:DD:72
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       53E90A010999AEF7D08E6CE9F68F002B9E264A01
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/85056db0-2868-4547-8893-66ae7ad101d4.roa
Signing time:             Mon 31 Mar 2025 21:40:13 +0000
ROA not before:           Mon 31 Mar 2025 21:40:13 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.90.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:e9:0a:01:09:99:ae:f7:d0:8e:6c:e9:f6:8f:00:2b:9e:26:4a:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 31 21:40:13 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d8:a1:f0:db:78:15:15:a9:14:1b:90:e9:fa:
                    72:c0:55:07:36:f2:81:b4:e7:b9:b0:47:f3:97:ec:
                    f8:6a:4f:b9:9e:36:d7:7c:4d:ab:28:e9:8f:16:1e:
                    37:65:2b:a3:bb:c5:bc:16:08:1d:c2:15:b9:98:6f:
                    5f:90:f6:28:e6:a1:6e:57:87:4a:21:ed:fc:9c:06:
                    d0:63:b6:70:7e:49:60:b9:49:bb:19:f4:55:56:89:
                    7f:fa:50:05:7c:4e:f6:c6:6b:eb:93:df:75:58:61:
                    42:4b:72:49:8e:2e:49:c1:21:c0:cd:f4:7a:81:7e:
                    71:f1:8a:6b:32:86:b2:21:98:9f:2f:b6:a9:3c:5b:
                    fe:65:6b:4d:89:39:a4:85:07:27:7a:fa:9a:bd:df:
                    0b:cc:cf:33:86:4a:f5:3b:58:a8:01:88:b1:5a:3d:
                    17:83:4d:da:29:55:e8:ad:6d:26:f4:43:e6:3a:ba:
                    c6:46:38:59:d6:9b:f1:ed:6c:5e:71:7d:38:ab:9e:
                    60:73:b2:8f:86:4c:74:e9:3e:3d:a5:7e:71:04:60:
                    34:aa:f5:6e:ed:2d:d5:38:f4:bf:ef:30:8c:15:cc:
                    2b:5d:79:16:70:7a:0f:e8:a5:a0:c2:ab:36:1a:5e:
                    3d:2b:d5:c9:05:c8:23:7f:35:d1:ff:5e:c1:79:0d:
                    fb:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:79:B6:DC:49:D4:38:BF:87:FA:DB:8F:75:A3:A3:E8:E8:89:DD:72
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/85056db0-2868-4547-8893-66ae7ad101d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.90.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b9:79:8d:14:80:00:85:9e:f2:9c:ef:58:ab:74:e1:28:ee:a5:
         d7:1c:23:08:83:de:d9:ce:0a:1b:e2:61:4d:c5:55:ae:11:2a:
         b4:3b:a6:51:c0:e8:7c:4e:50:9a:f2:00:29:b9:92:6c:29:b9:
         18:7c:45:7b:47:b6:e1:27:c9:bf:7a:23:cd:ed:a5:17:39:f4:
         82:8f:33:4b:fd:b5:71:fd:77:1e:e1:cf:21:50:77:8e:25:d4:
         0f:d3:e1:8a:34:a7:f3:04:79:79:0b:e0:97:ae:cf:55:19:35:
         b9:7b:b1:57:3c:bb:86:8c:de:e2:1a:02:05:55:d5:9a:71:6d:
         e8:b5:30:dc:0d:d0:bc:34:0d:d3:3d:6b:7a:f0:62:38:c6:6f:
         12:79:11:bb:22:8d:33:16:6a:74:c2:02:27:48:c4:c9:7a:a0:
         68:d0:e3:73:76:ef:50:96:aa:ff:fe:77:1b:b5:be:b2:7a:a4:
         c3:b2:a3:47:0b:9c:f6:e4:70:90:9a:9d:95:bc:b2:6b:34:24:
         34:e7:6e:0a:14:17:19:45:cd:80:e0:5d:ac:36:19:f5:07:44:
         cc:4d:6c:d3:2d:10:68:33:1f:5a:77:c0:aa:11:b6:21:96:4e:
         5e:f2:31:49:1b:1e:08:eb:1a:f0:ac:40:60:9c:21:bf:ee:f1:
         f3:c3:8e:93
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUU+kKAQmZrvfQjmzp9o8AK54mSgEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMzEyMTQwMTNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGViMmM3OWJhOGM4NDJhM2U0YWY2ZTE5OWE2ZDUyY2FlOWY0ODFmN2YzMjVh
N2ViZDczNjFlMDZlODZkMTRlZDMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL7YofDbeBUVqRQbkOn6csBVBzbygbTnubBH85fs+GpPuZ4213xNqyjpjxYe
N2Uro7vFvBYIHcIVuZhvX5D2KOahbleHSiHt/JwG0GO2cH5JYLlJuxn0VVaJf/pQ
BXxO9sZr65PfdVhhQktySY4uScEhwM30eoF+cfGKazKGsiGYny+2qTxb/mVrTYk5
pIUHJ3r6mr3fC8zPM4ZK9TtYqAGIsVo9F4NN2ilV6K1tJvRD5jq6xkY4Wdab8e1s
XnF9OKueYHOyj4ZMdOk+PaV+cQRgNKr1bu0t1Tj0v+8wjBXMK115FnB6D+iloMKr
NhpePSvVyQXII3810f9ewXkN+3ECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQFebbc
SdQ4v4f62491o6Po6IndcjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODUwNTZkYjAtMjg2OC00NTQ3LTg4OTMtNjZhZTdhZDEwMWQ0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNaMA0G
CSqGSIb3DQEBCwUAA4IBAQC5eY0UgACFnvKc71irdOEo7qXXHCMIg97Zzgob4mFN
xVWuESq0O6ZRwOh8TlCa8gApuZJsKbkYfEV7R7bhJ8m/eiPN7aUXOfSCjzNL/bVx
/Xce4c8hUHeOJdQP0+GKNKfzBHl5C+CXrs9VGTW5e7FXPLuGjN7iGgIFVdWacW3o
tTDcDdC8NA3TPWt68GI4xm8SeRG7Io0zFmp0wgInSMTJeqBo0ONzdu9Qlqr//ncb
tb6yeqTDsqNHC5z25HCQmp2VvLJrNCQ0524KFBcZRc2A4F2sNhn1B0TMTWzTLRBo
Mx9ad8CqEbYhlk5e8jFJGx4I6xrwrEBgnCG/7vHzw46T
-----END CERTIFICATE-----