Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c3872047-e1f4-4ee3-832d-c624ea352355.roa
File:                     c3872047-e1f4-4ee3-832d-c624ea352355.roa (raw, json)
Hash identifier:          uj+LmW+OkQVnfNKU/93Qsg00WIanugD/l9mH4XQoJoc=
Subject key identifier:   9A:C3:64:13:9F:AB:8E:B9:2D:78:65:F6:2B:64:FE:B6:51:A7:C8:AF
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       700936C7DFC779CDA0B187D963D1F928881C5226
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c3872047-e1f4-4ee3-832d-c624ea352355.roa
Signing time:             Mon 31 Mar 2025 21:20:15 +0000
ROA not before:           Mon 31 Mar 2025 21:20:15 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        193.57.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:09:36:c7:df:c7:79:cd:a0:b1:87:d9:63:d1:f9:28:88:1c:52:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 31 21:20:15 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:7b:97:aa:68:65:10:94:4a:a1:70:56:54:a2:
                    7c:41:1b:ed:04:e3:0d:a1:c4:5d:6f:be:0f:3a:8d:
                    84:95:5e:ae:80:f4:bc:82:f3:0e:b1:84:72:91:20:
                    33:7b:cc:61:6b:24:b9:91:b7:0c:4c:68:52:de:26:
                    a2:4d:0d:90:f2:5a:70:c0:9b:80:e1:b8:67:0a:fd:
                    c9:a0:63:c5:46:e1:a0:62:d9:7d:f7:f3:37:ee:93:
                    76:28:64:19:59:3a:e1:8c:4d:4e:1c:93:81:73:f6:
                    6e:84:ff:0e:d1:a2:da:dc:a3:a7:04:54:d4:60:c4:
                    46:e3:08:f4:83:5b:f1:86:0b:6c:94:29:d6:72:d5:
                    f1:7a:d4:ab:45:73:1c:82:93:fc:19:52:3f:4e:6f:
                    1e:63:44:dc:98:82:91:a5:be:65:8c:f0:a3:50:fd:
                    6c:14:39:44:c0:71:33:32:d2:fd:91:aa:db:42:29:
                    eb:ce:08:0e:54:4e:82:78:44:e9:7a:bf:18:ba:24:
                    df:d2:b6:0c:ea:ba:59:19:b9:3f:b3:0c:72:b6:a8:
                    92:75:c5:4a:22:45:61:28:5a:33:bf:6c:3b:bf:a0:
                    b4:f7:e7:63:00:cb:a9:b3:51:48:09:d6:ab:b2:ad:
                    68:31:7d:90:3c:2d:85:9d:f6:2b:a7:ec:c4:9a:2d:
                    97:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:C3:64:13:9F:AB:8E:B9:2D:78:65:F6:2B:64:FE:B6:51:A7:C8:AF
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c3872047-e1f4-4ee3-832d-c624ea352355.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:a9:f2:8e:bc:dc:85:5e:e8:80:d0:df:6a:bd:ee:d6:f6:51:
         75:f9:69:24:70:4a:70:dd:b4:a7:e5:03:a4:a8:d4:ab:43:a6:
         6b:f6:bd:bc:04:ae:27:53:34:52:a4:13:a7:cd:9a:97:da:7b:
         52:16:7e:5a:a1:c0:9a:9b:7d:21:c5:21:5f:11:66:7f:a5:66:
         be:64:ff:b0:b8:bb:60:8e:75:5f:65:d7:ca:09:1a:34:25:07:
         2c:bd:ae:a7:6c:28:42:39:e4:84:31:73:ce:af:87:58:42:1e:
         48:87:8d:2e:3f:46:04:7b:69:ce:a9:b8:c9:23:1e:36:62:e2:
         5f:c0:1c:36:a7:94:10:22:94:08:e5:84:2c:a2:68:11:e2:b6:
         7d:51:df:58:e6:58:ab:7c:b3:26:f6:38:56:53:31:11:b9:45:
         0e:37:52:a9:92:3b:b4:13:e8:3b:74:c9:19:6b:5f:a5:70:d9:
         e0:03:00:5c:28:a1:78:47:1a:b4:ce:89:b6:d0:30:b1:47:43:
         e9:3e:bd:e6:b7:9d:de:34:07:cd:92:b5:ff:05:c6:51:39:95:
         0f:c0:50:eb:42:79:e7:7f:27:a6:8b:d0:81:4b:48:02:23:2e:
         ad:10:0d:79:ae:8b:ac:8d:5f:2f:24:0b:ae:02:e4:52:81:a5:
         62:6b:7c:51
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUcAk2x9/Hec2gsYfZY9H5KIgcUiYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMzEyMTIwMTVaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDY3ZDk0NTFkNWNlMjg1MGY5NDBjNzMyZWMwM2QzZDk4MDVhODZhYzVmOTVj
ZGY4MmZiMWY5OTgwMTIwMzQzZDgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK57l6poZRCUSqFwVlSifEEb7QTjDaHEXW++DzqNhJVeroD0vILzDrGEcpEg
M3vMYWskuZG3DExoUt4mok0NkPJacMCbgOG4Zwr9yaBjxUbhoGLZfffzN+6Tdihk
GVk64YxNThyTgXP2boT/DtGi2tyjpwRU1GDERuMI9INb8YYLbJQp1nLV8XrUq0Vz
HIKT/BlSP05vHmNE3JiCkaW+ZYzwo1D9bBQ5RMBxMzLS/ZGq20Ip684IDlROgnhE
6Xq/GLok39K2DOq6WRm5P7MMcraoknXFSiJFYShaM79sO7+gtPfnYwDLqbNRSAnW
q7KtaDF9kDwthZ32K6fsxJotlx0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSaw2QT
n6uOuS14ZfYrZP62UafIrzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YzM4NzIwNDctZTFmNC00ZWUzLTgzMmQtYzYyNGVhMzUyMzU1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAME5qTAN
BgkqhkiG9w0BAQsFAAOCAQEANqnyjrzchV7ogNDfar3u1vZRdflpJHBKcN20p+UD
pKjUq0Oma/a9vASuJ1M0UqQTp82al9p7UhZ+WqHAmpt9IcUhXxFmf6VmvmT/sLi7
YI51X2XXygkaNCUHLL2up2woQjnkhDFzzq+HWEIeSIeNLj9GBHtpzqm4ySMeNmLi
X8AcNqeUECKUCOWELKJoEeK2fVHfWOZYq3yzJvY4VlMxEblFDjdSqZI7tBPoO3TJ
GWtfpXDZ4AMAXCiheEcatM6JttAwsUdD6T695red3jQHzZK1/wXGUTmVD8BQ60J5
538npovQgUtIAiMurRANea6LrI1fLyQLrgLkUoGlYmt8UQ==
-----END CERTIFICATE-----