Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b2cfc52a-1f15-43b9-93f9-9828d60fbe69.roa
File:                     b2cfc52a-1f15-43b9-93f9-9828d60fbe69.roa (raw, json)
Hash identifier:          JaJAWaBIw/Bw+DCkQMTo6yoWvTi8Eq/EpooFdBpdfws=
Subject key identifier:   D3:F5:81:BB:EC:87:70:9F:8C:D9:0D:82:15:99:C3:AF:2B:67:FB:C3
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       7DFF7E0BA9763684E7E414B8B82B36977A5599FE
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b2cfc52a-1f15-43b9-93f9-9828d60fbe69.roa
Signing time:             Mon 31 Mar 2025 21:20:13 +0000
ROA not before:           Mon 31 Mar 2025 21:20:13 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        193.218.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:ff:7e:0b:a9:76:36:84:e7:e4:14:b8:b8:2b:36:97:7a:55:99:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 31 21:20:13 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:f6:b6:4e:06:c8:24:b7:82:a9:fb:01:0b:63:
                    67:ec:c5:36:ab:64:41:18:18:78:b7:fd:f8:24:f8:
                    e0:93:df:c4:e1:82:59:be:4f:d9:b2:9e:e5:6d:88:
                    65:ad:87:a4:19:96:a5:c8:ca:17:d8:6f:62:12:59:
                    a6:1b:30:a3:70:57:39:02:fe:01:eb:ec:58:6f:37:
                    55:91:f8:2c:fa:54:01:fa:6d:47:da:5a:81:77:94:
                    da:37:16:79:22:5f:13:f0:49:3e:1c:42:18:7c:ad:
                    fc:f0:df:09:33:2b:70:eb:a3:e8:e4:18:f1:45:0c:
                    6e:23:81:53:ba:77:05:7b:63:82:e5:77:fa:a1:22:
                    e2:94:61:50:28:a3:24:b4:10:df:2f:4d:d6:14:12:
                    60:ac:f8:77:75:57:bb:ca:82:0c:35:4f:5c:40:40:
                    2d:00:4c:76:59:1b:d4:96:5e:0f:27:88:90:80:46:
                    ff:bd:cf:d6:bd:db:d8:24:97:ec:9e:85:28:7a:c8:
                    df:86:af:db:21:c5:4b:36:44:de:47:bd:a2:84:e0:
                    9e:c6:43:97:1a:b3:1f:46:f8:5a:f9:f6:39:08:79:
                    86:90:db:d7:e5:ef:0e:48:a0:8d:5f:c8:6e:dd:63:
                    e8:06:9e:3a:c8:a4:5d:0f:f5:80:03:06:7a:98:c3:
                    b4:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:F5:81:BB:EC:87:70:9F:8C:D9:0D:82:15:99:C3:AF:2B:67:FB:C3
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b2cfc52a-1f15-43b9-93f9-9828d60fbe69.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.218.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:51:2b:36:55:03:82:a7:73:9b:33:c9:66:eb:bd:4f:46:36:
         2f:87:17:96:85:01:01:39:10:ab:3b:c8:44:a0:09:f4:82:31:
         5e:c7:e9:20:52:8a:8d:34:d5:c5:8b:c0:48:e7:c0:d4:67:d1:
         4c:b3:48:ed:ab:42:03:6b:1b:a0:12:b5:c0:e7:7d:75:9c:df:
         46:53:82:53:1f:a2:e3:0a:13:0a:31:df:b7:0e:fa:d8:6a:64:
         b1:f4:4f:7c:ff:3a:a4:40:80:33:5f:13:06:00:c1:b7:d9:1c:
         ad:f9:4e:5b:50:0f:db:0f:0a:5c:42:dc:4c:a7:26:a5:6d:13:
         2a:ed:6f:05:e6:3e:71:53:8c:96:67:dc:85:f2:c0:5b:c6:f5:
         f7:99:68:f9:57:9d:7d:a7:d7:9e:dd:ee:35:56:2d:81:fd:58:
         74:f9:ba:45:22:3a:cf:06:62:c2:f8:70:f5:5a:36:9f:5d:f9:
         e6:71:3f:77:3c:0b:b2:6e:41:de:fd:9f:68:1e:80:98:a3:3c:
         00:f6:a6:cf:2f:1c:a1:99:c5:72:5e:b6:35:b5:57:f1:12:7e:
         74:1e:63:44:ac:e3:94:48:f3:61:03:bc:eb:d7:46:af:b6:b9:
         fa:01:c3:59:eb:08:5d:cb:ca:62:42:a2:8c:d4:af:dc:63:bf:
         c7:90:9c:60
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUff9+C6l2NoTn5BS4uCs2l3pVmf4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMzEyMTIwMTNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGEwZjdhZGMxMGJmZDI4NmE2MWZkMDczZDIzZWJmMmI0Yjk3MjkxMGU3MWUy
OWM3YTczZWQzNmExNGM5ZWViZmIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANz2tk4GyCS3gqn7AQtjZ+zFNqtkQRgYeLf9+CT44JPfxOGCWb5P2bKe5W2I
Za2HpBmWpcjKF9hvYhJZphswo3BXOQL+AevsWG83VZH4LPpUAfptR9pagXeU2jcW
eSJfE/BJPhxCGHyt/PDfCTMrcOuj6OQY8UUMbiOBU7p3BXtjguV3+qEi4pRhUCij
JLQQ3y9N1hQSYKz4d3VXu8qCDDVPXEBALQBMdlkb1JZeDyeIkIBG/73P1r3b2CSX
7J6FKHrI34av2yHFSzZE3ke9ooTgnsZDlxqzH0b4Wvn2OQh5hpDb1+XvDkigjV/I
bt1j6AaeOsikXQ/1gAMGepjDtF8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTT9YG7
7Idwn4zZDYIVmcOvK2f7wzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YjJjZmM1MmEtMWYxNS00M2I5LTkzZjktOTgyOGQ2MGZiZTY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMHaejAN
BgkqhkiG9w0BAQsFAAOCAQEAplErNlUDgqdzmzPJZuu9T0Y2L4cXloUBATkQqzvI
RKAJ9IIxXsfpIFKKjTTVxYvASOfA1GfRTLNI7atCA2sboBK1wOd9dZzfRlOCUx+i
4woTCjHftw762GpksfRPfP86pECAM18TBgDBt9kcrflOW1AP2w8KXELcTKcmpW0T
Ku1vBeY+cVOMlmfchfLAW8b195lo+VedfafXnt3uNVYtgf1YdPm6RSI6zwZiwvhw
9Vo2n1355nE/dzwLsm5B3v2faB6AmKM8APamzy8coZnFcl62NbVX8RJ+dB5jRKzj
lEjzYQO869dGr7a5+gHDWesIXcvKYkKijNSv3GO/x5CcYA==
-----END CERTIFICATE-----