Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a02f9994-3943-4a2f-8467-87935bf3bf9e.roa
File:                     a02f9994-3943-4a2f-8467-87935bf3bf9e.roa (raw, json)
Hash identifier:          WU8Dlt4DMKQw88dNGkhmParVOJrIfEw6Wx7vqVdDVx0=
Subject key identifier:   C3:7C:97:F3:AB:F0:4B:13:85:66:1F:3B:E0:24:46:48:6E:4C:FB:05
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       104C52E06449E5187FDD5EEBDE26A97A320B0291
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a02f9994-3943-4a2f-8467-87935bf3bf9e.roa
Signing time:             Mon 31 Mar 2025 21:40:07 +0000
ROA not before:           Mon 31 Mar 2025 21:40:07 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.69.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:4c:52:e0:64:49:e5:18:7f:dd:5e:eb:de:26:a9:7a:32:0b:02:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 31 21:40:07 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:13:5a:77:c6:75:ef:06:a2:ad:9b:f9:73:cb:
                    84:13:a7:b5:4a:df:b5:ff:31:fe:55:09:38:8d:cb:
                    8a:32:37:45:3e:f3:4f:79:ff:1e:3e:60:2e:98:6f:
                    a4:e0:9a:38:ce:48:97:4e:8f:d5:fc:5c:ac:5b:26:
                    61:7a:2e:6c:38:71:7f:0c:eb:9e:49:1d:bc:5f:00:
                    a1:4d:02:d3:08:dd:2b:f4:21:95:87:fc:a2:34:ba:
                    b3:ba:29:6c:f5:e7:dc:0b:0f:16:90:22:40:20:28:
                    26:0b:d1:39:98:8d:87:3d:1e:30:99:bd:3b:c3:80:
                    3c:44:39:ba:48:59:0c:35:b0:8a:13:7c:37:19:b6:
                    23:62:72:e5:8e:92:52:c9:8c:8e:12:1f:06:eb:cd:
                    69:f5:91:61:ba:c8:4a:26:0e:eb:71:ca:a4:51:62:
                    b2:05:02:de:92:df:d1:10:b0:a2:0a:ca:31:74:c5:
                    4d:49:fc:27:fa:54:c1:e5:06:fa:0b:58:27:c9:f9:
                    12:18:23:de:0d:3b:cd:53:91:1b:ac:88:ee:50:db:
                    a3:d7:cb:28:7f:a1:8d:ea:36:d2:ce:f2:d7:2d:36:
                    ea:f0:88:7f:77:21:fd:b3:61:22:c6:92:71:c8:08:
                    bd:55:54:b6:97:cc:a1:56:37:d8:df:5e:f1:2b:7f:
                    4a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:7C:97:F3:AB:F0:4B:13:85:66:1F:3B:E0:24:46:48:6E:4C:FB:05
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a02f9994-3943-4a2f-8467-87935bf3bf9e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.69.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         20:06:9a:a1:db:5d:34:ff:d2:e1:72:3a:80:c3:fb:27:fa:1d:
         a8:5f:e4:0b:38:0b:9e:47:10:d6:ca:66:96:65:dc:9b:90:6c:
         70:c5:4e:ae:f1:36:a9:9c:39:0c:d5:40:3c:07:ac:e4:13:48:
         50:15:c4:ec:fc:d4:c3:08:d6:40:32:e9:cb:01:72:f7:b0:26:
         3f:05:f0:d8:69:ca:70:29:87:d2:08:e9:4c:cc:49:da:84:e9:
         de:c3:5b:c7:c6:f8:5d:5b:4a:39:58:a2:52:cc:f7:7a:74:14:
         27:71:1d:8e:ac:e1:a3:7a:55:67:5c:03:c3:aa:cc:ab:a6:3a:
         1a:a2:0b:d4:02:99:5b:e0:a2:77:90:60:14:9e:7d:75:7c:52:
         5f:63:9f:c8:67:b0:40:3b:22:84:46:fc:94:c7:55:7f:7b:ca:
         77:c6:8e:c2:6d:cd:33:17:65:01:d3:fc:6d:83:62:71:07:40:
         be:51:38:12:d5:40:57:dd:67:80:6c:9d:a8:52:d7:12:16:96:
         6b:0b:f2:25:7e:86:19:ac:74:71:29:3f:6a:95:2c:30:d3:f2:
         1b:bc:39:70:02:e2:03:17:6f:d4:f8:91:32:24:2f:71:2b:24:
         11:04:6a:a8:7c:1f:b5:30:28:ab:00:59:55:32:4e:7b:6b:13:
         4a:df:06:22
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUEExS4GRJ5Rh/3V7r3iapejILApEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMzEyMTQwMDdaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDU1NWUxYThkNmU3M2U1ODkzNDg2N2QzMWJlZDNjYTFkMDY2ZWNhY2E5ZGFl
OTg5NjdlZmY3OTFkYTBkNWFhNTkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIoTWnfGde8Goq2b+XPLhBOntUrftf8x/lUJOI3LijI3RT7zT3n/Hj5gLphv
pOCaOM5Il06P1fxcrFsmYXoubDhxfwzrnkkdvF8AoU0C0wjdK/QhlYf8ojS6s7op
bPXn3AsPFpAiQCAoJgvROZiNhz0eMJm9O8OAPEQ5ukhZDDWwihN8Nxm2I2Jy5Y6S
UsmMjhIfBuvNafWRYbrISiYO63HKpFFisgUC3pLf0RCwogrKMXTFTUn8J/pUweUG
+gtYJ8n5Ehgj3g07zVORG6yI7lDbo9fLKH+hjeo20s7y1y026vCIf3ch/bNhIsaS
ccgIvVVUtpfMoVY32N9e8St/SrsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTDfJfz
q/BLE4VmHzvgJEZIbkz7BTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YTAyZjk5OTQtMzk0My00YTJmLTg0NjctODc5MzViZjNiZjllLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNFMA0G
CSqGSIb3DQEBCwUAA4IBAQAgBpqh2100/9LhcjqAw/sn+h2oX+QLOAueRxDWymaW
ZdybkGxwxU6u8TapnDkM1UA8B6zkE0hQFcTs/NTDCNZAMunLAXL3sCY/BfDYacpw
KYfSCOlMzEnahOnew1vHxvhdW0o5WKJSzPd6dBQncR2OrOGjelVnXAPDqsyrpjoa
ogvUAplb4KJ3kGAUnn11fFJfY5/IZ7BAOyKERvyUx1V/e8p3xo7Cbc0zF2UB0/xt
g2JxB0C+UTgS1UBX3WeAbJ2oUtcSFpZrC/IlfoYZrHRxKT9qlSww0/IbvDlwAuID
F2/U+JEyJC9xKyQRBGqofB+1MCirAFlVMk57axNK3wYi
-----END CERTIFICATE-----