Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/87cbc454-e777-437d-a43a-911995d2a7ce.roa
File:                     87cbc454-e777-437d-a43a-911995d2a7ce.roa (raw, json)
Hash identifier:          avSyYaG4V0RpjsE5pJxiUxosWdOlRCpi6BuIRO4e/B4=
Subject key identifier:   3A:3F:89:EA:E5:5C:83:D3:B5:FF:4A:60:72:F3:23:E7:B6:66:65:43
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       189B1484C0D8B92D392FCE76D48A026D802E2F8C
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/87cbc454-e777-437d-a43a-911995d2a7ce.roa
Signing time:             Fri 04 Apr 2025 00:30:07 +0000
ROA not before:           Fri 04 Apr 2025 00:30:07 +0000
ROA not after:            Fri 09 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.21.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:9b:14:84:c0:d8:b9:2d:39:2f:ce:76:d4:8a:02:6d:80:2e:2f:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Apr  4 00:30:07 2025 GMT
            Not After : May  9 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a8:15:3c:22:bc:89:ed:cd:04:fb:e4:4b:b0:
                    76:c5:40:ac:f0:7b:fc:94:2b:eb:56:65:15:2d:0d:
                    26:42:ff:6d:ba:08:88:32:76:fe:ba:e6:30:24:24:
                    b4:61:9c:56:19:0e:87:63:9b:9c:35:f0:63:44:8f:
                    3f:47:6e:cc:ef:4b:27:75:6c:f0:fb:9b:24:58:1d:
                    73:d0:cd:c3:cf:3e:ba:7c:9d:81:0a:fe:d6:79:14:
                    57:8d:86:3c:56:f4:69:66:39:0a:b1:dd:fb:56:2c:
                    3e:0f:0f:aa:87:d6:2b:d6:df:06:f4:5b:b9:d7:94:
                    98:50:15:77:b5:58:93:c5:fc:da:81:b0:91:28:fe:
                    aa:db:16:11:0b:d4:b9:bb:07:eb:a5:ac:58:96:ec:
                    e7:fd:70:a8:ef:32:f0:91:d2:8b:52:39:0a:87:be:
                    8b:e2:9b:51:ef:d1:d3:3e:28:9a:df:d1:d2:ff:7f:
                    af:91:09:8d:91:6b:86:40:9d:09:b7:b9:8c:d8:74:
                    86:a0:e8:aa:55:52:51:73:86:7f:58:77:c5:ef:db:
                    03:7a:a0:02:8e:7a:5b:03:6d:cd:70:2e:64:82:c9:
                    d9:e1:01:4c:c2:30:6d:60:66:35:d3:e1:da:c8:3c:
                    7e:5b:5c:79:27:3d:3b:a4:bf:3e:20:01:c1:d5:ce:
                    be:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:3F:89:EA:E5:5C:83:D3:B5:FF:4A:60:72:F3:23:E7:B6:66:65:43
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/87cbc454-e777-437d-a43a-911995d2a7ce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.21.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0d:d5:21:94:f0:b0:7b:7d:f3:83:5f:c8:3f:8c:5b:a4:0d:1d:
         30:89:ea:03:84:cc:86:53:2a:58:f4:f3:8c:ad:a8:20:2c:5e:
         de:e9:71:9a:fb:ab:05:b0:f9:6a:ca:7f:7f:f2:c4:04:2b:7b:
         9a:bd:06:9a:b8:92:2b:8a:88:dd:dc:85:7b:8b:6e:48:e0:22:
         36:e4:9e:dc:58:82:47:36:be:fc:66:9c:ff:97:99:78:6d:68:
         3b:0a:94:72:eb:f2:40:10:9c:46:ed:c7:52:4d:62:aa:68:d4:
         91:5f:43:80:7c:bf:cb:50:7d:44:7b:6d:56:ae:2f:91:c8:4a:
         52:85:89:99:5e:36:5a:90:3d:33:aa:f5:f0:73:ec:2d:33:68:
         f0:a0:ba:bd:04:e9:f2:b5:0b:3c:72:de:7e:07:fe:a0:10:55:
         23:65:0f:16:6e:f6:27:94:6c:7f:c0:ef:1d:b8:16:84:01:82:
         2b:95:0e:c5:8c:db:5c:c9:c1:6b:26:36:3b:69:07:46:cd:fa:
         37:b9:d7:0a:45:18:26:88:76:8d:2b:14:6c:11:43:f7:15:94:
         15:4d:27:67:01:9e:f6:fc:0d:91:43:b1:1d:1f:70:30:4e:0c:
         3f:06:da:e2:a3:1d:81:7d:3f:55:c3:1f:95:a7:f8:1d:df:ed:
         7b:f8:f0:d4
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUGJsUhMDYuS05L8521IoCbYAuL4wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MDQwMDMwMDdaFw0yNTA1MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDBkYTJiZWVkZjFjNDY1ZjI1MTA0YmNhMDkzYzI0YTk3MzMyYjMzZDRmZTY4
ZjA4Y2VmMGI0NGYyZmY1OTYyZDcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMCoFTwivIntzQT75EuwdsVArPB7/JQr61ZlFS0NJkL/bboIiDJ2/rrmMCQk
tGGcVhkOh2ObnDXwY0SPP0duzO9LJ3Vs8PubJFgdc9DNw88+unydgQr+1nkUV42G
PFb0aWY5CrHd+1YsPg8PqofWK9bfBvRbudeUmFAVd7VYk8X82oGwkSj+qtsWEQvU
ubsH66WsWJbs5/1wqO8y8JHSi1I5Coe+i+KbUe/R0z4omt/R0v9/r5EJjZFrhkCd
Cbe5jNh0hqDoqlVSUXOGf1h3xe/bA3qgAo56WwNtzXAuZILJ2eEBTMIwbWBmNdPh
2sg8fltceSc9O6S/PiABwdXOvlECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ6P4nq
5VyD07X/SmBy8yPntmZlQzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODdjYmM0NTQtZTc3Ny00MzdkLWE0M2EtOTExOTk1ZDJhN2NlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMVMA0G
CSqGSIb3DQEBCwUAA4IBAQAN1SGU8LB7ffODX8g/jFukDR0wieoDhMyGUypY9POM
raggLF7e6XGa+6sFsPlqyn9/8sQEK3uavQaauJIriojd3IV7i25I4CI25J7cWIJH
Nr78Zpz/l5l4bWg7CpRy6/JAEJxG7cdSTWKqaNSRX0OAfL/LUH1Ee21Wri+RyEpS
hYmZXjZakD0zqvXwc+wtM2jwoLq9BOnytQs8ct5+B/6gEFUjZQ8WbvYnlGx/wO8d
uBaEAYIrlQ7FjNtcycFrJjY7aQdGzfo3udcKRRgmiHaNKxRsEUP3FZQVTSdnAZ72
/A2RQ7EdH3AwTgw/Btriox2BfT9Vwx+Vp/gd3+17+PDU
-----END CERTIFICATE-----