Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf51afdd-468d-4999-b2cd-4c6517505aee.roa
File:                     cf51afdd-468d-4999-b2cd-4c6517505aee.roa (raw, json)
Hash identifier:          jgJNSSwoTQVnkC2T0pQ0gPqZk3u0m+I+IdMR2z2HJ0Y=
Subject key identifier:   B0:C4:83:42:DD:17:A2:A2:99:B5:1D:A4:48:F2:9D:A1:C4:7D:0A:DD
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       53C44336ADD821CDA6DE7A6FC1078C39AC1FE9D2
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf51afdd-468d-4999-b2cd-4c6517505aee.roa
Signing time:             Mon 31 Mar 2025 21:30:56 +0000
ROA not before:           Mon 31 Mar 2025 21:30:56 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.202.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:c4:43:36:ad:d8:21:cd:a6:de:7a:6f:c1:07:8c:39:ac:1f:e9:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 31 21:30:56 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:eb:dd:00:43:22:26:d1:56:b4:48:da:f6:0a:
                    b7:6c:e7:52:67:86:9b:ab:ff:c2:df:58:60:3d:e8:
                    fd:85:11:ba:d3:4a:ce:21:a9:d8:51:20:2b:ba:e3:
                    53:8c:37:5b:23:a6:a9:05:2b:b8:f5:15:81:04:54:
                    b8:25:0a:ab:ba:cd:cf:3a:80:a9:06:cd:26:11:10:
                    52:b3:e5:d9:49:63:95:36:18:f6:ca:f1:6c:11:e3:
                    6e:e5:da:b3:fe:1d:ac:22:73:af:64:ca:f8:1f:79:
                    cc:bf:7d:13:85:a2:b0:b6:95:28:0f:9f:4d:1a:ec:
                    60:83:fa:a0:12:1e:28:b6:5b:a0:14:ea:4e:33:31:
                    af:c3:bb:4a:36:38:61:e9:a4:2b:da:82:8f:7b:55:
                    b3:1c:92:d1:21:11:58:ec:84:32:96:a6:5e:78:38:
                    fe:74:a3:ca:3f:18:2a:a1:4b:18:77:88:40:d9:43:
                    f2:47:db:2a:9a:87:a6:38:72:e2:ab:a6:a2:11:3d:
                    7a:65:a1:a7:b1:74:01:b1:49:7b:5d:c3:b7:cf:37:
                    91:b3:09:6a:ac:97:4e:0f:f4:96:4c:dc:02:5f:24:
                    a2:ea:72:ee:83:b3:25:ea:28:00:01:25:10:d1:a6:
                    25:18:70:ef:96:1d:0b:85:b1:c0:c3:9f:0a:d2:16:
                    e3:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:C4:83:42:DD:17:A2:A2:99:B5:1D:A4:48:F2:9D:A1:C4:7D:0A:DD
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf51afdd-468d-4999-b2cd-4c6517505aee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.202.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         8e:6f:6e:1f:47:ab:4b:fd:d8:94:9c:44:90:46:b9:87:e7:4f:
         9a:e9:e0:00:b9:8b:58:cb:61:55:9e:f8:10:2a:48:6e:71:94:
         e4:66:13:d5:0a:bb:ba:7d:a0:ac:3e:de:02:58:35:db:02:1b:
         6b:a0:da:ba:74:ca:13:c7:45:5b:77:1a:b3:17:95:0e:76:91:
         09:13:66:2f:0b:35:86:16:ee:62:d3:9d:6d:e1:99:60:be:bd:
         10:a1:82:6b:19:f3:b1:a6:f8:7e:34:7a:04:d2:6e:b8:01:c5:
         5c:00:21:9f:c4:7f:61:a4:c2:ed:3f:62:17:a4:a7:21:9d:60:
         b9:07:54:f3:e0:74:d3:0b:ab:8c:eb:09:80:e7:8d:32:eb:f2:
         00:29:18:d7:b9:34:6c:24:c5:bd:7d:48:56:71:51:d5:a6:5d:
         33:c9:cf:74:95:f8:15:e9:d5:4c:e0:a4:86:68:20:9a:59:72:
         78:b2:ab:d0:3b:b5:75:46:09:0e:24:9d:59:79:5c:6f:8c:db:
         83:59:95:6b:4e:5a:e2:03:00:e6:db:b7:3d:e4:71:03:89:b9:
         d1:5f:8a:3e:87:7f:50:79:5f:dc:c4:b9:08:26:83:e9:9a:60:
         86:bc:80:54:f2:7e:69:e6:46:4d:34:90:c9:ee:35:61:da:f8:
         a6:11:38:bd
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUU8RDNq3YIc2m3npvwQeMOawf6dIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMzEyMTMwNTZaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDg5OTk5MmVkZmU2ZWQ0YjU2NWNkZDQ1OWE0ZDFjOTAwZTAyYzY1MTc4YjE5
MGU3M2QyZThmODFiMmY0YjZmZDIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALHr3QBDIibRVrRI2vYKt2znUmeGm6v/wt9YYD3o/YURutNKziGp2FEgK7rj
U4w3WyOmqQUruPUVgQRUuCUKq7rNzzqAqQbNJhEQUrPl2UljlTYY9srxbBHjbuXa
s/4drCJzr2TK+B95zL99E4WisLaVKA+fTRrsYIP6oBIeKLZboBTqTjMxr8O7SjY4
YemkK9qCj3tVsxyS0SERWOyEMpamXng4/nSjyj8YKqFLGHeIQNlD8kfbKpqHpjhy
4qumohE9emWhp7F0AbFJe13Dt883kbMJaqyXTg/0lkzcAl8koupy7oOzJeooAAEl
ENGmJRhw75YdC4WxwMOfCtIW46UCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSwxINC
3Reiopm1HaRI8p2hxH0K3TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Y2Y1MWFmZGQtNDY4ZC00OTk5LWIyY2QtNGM2NTE3NTA1YWVlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPKMA0G
CSqGSIb3DQEBCwUAA4IBAQCOb24fR6tL/diUnESQRrmH50+a6eAAuYtYy2FVnvgQ
KkhucZTkZhPVCru6faCsPt4CWDXbAhtroNq6dMoTx0VbdxqzF5UOdpEJE2YvCzWG
Fu5i051t4Zlgvr0QoYJrGfOxpvh+NHoE0m64AcVcACGfxH9hpMLtP2IXpKchnWC5
B1Tz4HTTC6uM6wmA540y6/IAKRjXuTRsJMW9fUhWcVHVpl0zyc90lfgV6dVM4KSG
aCCaWXJ4sqvQO7V1RgkOJJ1ZeVxvjNuDWZVrTlriAwDm27c95HEDibnRX4o+h39Q
eV/cxLkIJoPpmmCGvIBU8n5p5kZNNJDJ7jVh2vimETi9
-----END CERTIFICATE-----