Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a2d10e7d-a784-476d-9df5-f7efeb55cf39.roa
File:                     a2d10e7d-a784-476d-9df5-f7efeb55cf39.roa (raw, json)
Hash identifier:          93yEAjzaHQiLkwAZtvcKslNlqF2B9Yat+kXwSmxTjrA=
Subject key identifier:   35:57:D2:82:5A:D0:A8:FE:DD:8B:14:C5:64:62:16:78:8C:BF:CC:FD
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       41563CA16FE5CA7CE2D861DC621224CD3A711737
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a2d10e7d-a784-476d-9df5-f7efeb55cf39.roa
Signing time:             Mon 17 Mar 2025 15:40:56 +0000
ROA not before:           Mon 17 Mar 2025 15:40:56 +0000
ROA not after:            Mon 21 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.206.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:56:3c:a1:6f:e5:ca:7c:e2:d8:61:dc:62:12:24:cd:3a:71:17:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 17 15:40:56 2025 GMT
            Not After : Apr 21 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:dd:d3:f9:45:01:20:6f:57:9f:9e:81:20:09:
                    fc:67:8e:09:24:34:d1:fb:e1:ac:df:98:8f:52:03:
                    fa:fc:17:49:8a:36:3c:c7:ca:f9:0b:bb:93:10:c9:
                    3a:1e:9a:23:f9:47:44:d0:31:87:82:cb:42:0e:ca:
                    a4:86:ab:78:f4:77:0b:9b:8a:44:60:10:e6:f0:e1:
                    18:06:74:cb:5c:ad:99:9e:2b:13:22:55:5f:c7:ff:
                    df:3e:63:fa:86:f4:11:b1:e6:30:cb:f1:4e:4b:b2:
                    ad:7d:0e:a3:cf:0d:21:fa:60:e8:56:e8:2c:cc:94:
                    f9:27:cc:02:9c:85:15:2d:59:fa:2e:f5:7a:b2:4c:
                    d0:78:77:d8:66:9f:b4:03:7f:c9:d7:39:6d:53:9d:
                    b2:c2:15:5f:27:e6:bf:f0:3d:4c:5b:c4:c8:c4:18:
                    88:d1:c1:27:46:d1:7e:5c:53:fe:12:a1:ec:62:d7:
                    13:e6:b0:42:f6:73:e3:df:35:dd:cb:b5:a1:1c:c6:
                    f2:e4:4d:6d:2d:c7:69:3a:c4:22:e8:fd:bc:45:01:
                    55:b3:c4:a5:a5:43:21:b1:0c:dc:81:09:9e:e7:4f:
                    53:2d:9f:89:79:79:92:39:5b:ff:f6:ab:8d:3d:3b:
                    48:4e:cb:ec:ee:07:9b:b4:24:8f:96:7b:77:e1:7b:
                    65:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:57:D2:82:5A:D0:A8:FE:DD:8B:14:C5:64:62:16:78:8C:BF:CC:FD
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a2d10e7d-a784-476d-9df5-f7efeb55cf39.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.206.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         1c:85:40:8d:06:b1:df:2a:5f:cf:5f:9c:8c:3e:7e:b1:ae:1e:
         6d:49:7c:a8:2a:26:f8:06:60:cf:39:ad:89:ff:f5:13:b4:36:
         2b:d8:43:41:e7:da:44:b5:22:56:da:c9:e4:b5:b8:ac:d2:93:
         a5:7b:29:45:ff:16:c8:36:5b:9a:63:93:55:3e:55:c2:e5:c2:
         8d:fd:09:c6:72:63:bb:a5:f3:4f:ad:3d:cd:95:f1:2f:46:c6:
         65:f2:a5:c9:3c:bb:5e:1d:03:25:dc:73:8c:bf:e7:a4:84:b1:
         45:6f:83:f1:c9:20:94:4f:02:20:f9:d6:97:d1:ba:13:37:b2:
         f4:3f:35:a1:22:74:93:af:04:cf:f9:3d:a7:2d:f6:72:7b:da:
         47:75:e2:d5:c8:77:5d:85:d4:05:0f:dc:3d:9c:dd:57:47:cb:
         f7:65:71:fb:a7:55:59:f5:a8:fe:ee:24:fe:4c:cb:fa:c4:bd:
         f0:ca:ce:41:64:05:21:51:87:af:62:59:bf:60:2a:58:7a:db:
         96:68:ba:86:8e:70:68:cf:b4:65:40:ba:93:60:7d:13:64:9f:
         8a:4c:48:85:f2:ac:7b:c1:fd:44:0e:93:05:8a:c6:a6:3d:5a:
         b4:d1:7b:aa:64:ca:dd:8b:40:5d:21:57:35:a1:b4:55:d5:9e:
         06:67:6d:25
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUQVY8oW/lynzi2GHcYhIkzTpxFzcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMTcxNTQwNTZaFw0yNTA0MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDlkZjQxMzc4ZTI0NjhlNjZiMjk3ZDNmZGMzZTdjMTFhYmEzZmI3Zjk3M2M3
NGNjYjIwNDBhNmIwOTU1YWNlNmExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKjd0/lFASBvV5+egSAJ/GeOCSQ00fvhrN+Yj1ID+vwXSYo2PMfK+Qu7kxDJ
Oh6aI/lHRNAxh4LLQg7KpIarePR3C5uKRGAQ5vDhGAZ0y1ytmZ4rEyJVX8f/3z5j
+ob0EbHmMMvxTkuyrX0Oo88NIfpg6FboLMyU+SfMApyFFS1Z+i71erJM0Hh32Gaf
tAN/ydc5bVOdssIVXyfmv/A9TFvEyMQYiNHBJ0bRflxT/hKh7GLXE+awQvZz4981
3cu1oRzG8uRNbS3HaTrEIuj9vEUBVbPEpaVDIbEM3IEJnudPUy2fiXl5kjlb//ar
jT07SE7L7O4Hm7Qkj5Z7d+F7ZQ8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ1V9KC
WtCo/t2LFMVkYhZ4jL/M/TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YTJkMTBlN2QtYTc4NC00NzZkLTlkZjUtZjdlZmViNTVjZjM5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPOMA0G
CSqGSIb3DQEBCwUAA4IBAQAchUCNBrHfKl/PX5yMPn6xrh5tSXyoKib4BmDPOa2J
//UTtDYr2ENB59pEtSJW2snktbis0pOleylF/xbINluaY5NVPlXC5cKN/QnGcmO7
pfNPrT3NlfEvRsZl8qXJPLteHQMl3HOMv+ekhLFFb4PxySCUTwIg+daX0boTN7L0
PzWhInSTrwTP+T2nLfZye9pHdeLVyHddhdQFD9w9nN1XR8v3ZXH7p1VZ9aj+7iT+
TMv6xL3wys5BZAUhUYevYlm/YCpYetuWaLqGjnBoz7RlQLqTYH0TZJ+KTEiF8qx7
wf1EDpMFisamPVq00XuqZMrdi0BdIVc1obRV1Z4GZ20l
-----END CERTIFICATE-----