Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e2093baf-9227-4159-b7ff-180369fe3bda.roa
File:                     e2093baf-9227-4159-b7ff-180369fe3bda.roa (raw, json)
Hash identifier:          j7nBmk3JQMRjtKAJiYhUBglYlUSVGVFASt2R4r1r7tE=
Subject key identifier:   96:0C:EC:2E:77:59:18:A1:9D:1D:F3:9B:FE:89:DB:AB:50:2A:5C:F0
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       1EAFD774FB6F76EEF9233AA7A4A3CFC07206FD6D
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e2093baf-9227-4159-b7ff-180369fe3bda.roa
Signing time:             Mon 31 Mar 2025 21:40:12 +0000
ROA not before:           Mon 31 Mar 2025 21:40:12 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.88.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:af:d7:74:fb:6f:76:ee:f9:23:3a:a7:a4:a3:cf:c0:72:06:fd:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 31 21:40:12 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:73:f7:00:79:65:ae:dc:d2:1c:9d:e0:c9:5d:
                    06:8a:64:48:6d:0d:38:47:4b:67:a4:46:67:81:90:
                    d9:e5:f0:50:9a:62:2d:52:b3:9e:54:2e:03:26:70:
                    d0:85:8f:c5:c9:ec:4c:53:d4:8a:b5:e4:81:41:0d:
                    a9:00:c1:5c:5e:d8:fe:4e:f9:84:16:28:b7:0f:10:
                    eb:66:9f:14:e3:cf:9f:0f:95:b5:b4:04:e2:7f:79:
                    a9:c5:a8:bb:b1:81:a6:a6:ae:d7:5a:a9:c7:92:5f:
                    7b:08:d9:a3:0b:fe:ae:c4:b8:56:0a:b5:58:2e:28:
                    5d:21:70:b1:16:78:24:56:ac:eb:ab:fb:6c:a6:cc:
                    5d:c7:3e:c1:26:46:ae:3a:96:1a:f9:fe:18:4b:47:
                    66:39:d1:ba:ae:98:f2:0e:2f:09:e9:8d:e5:3b:0f:
                    1a:e2:c0:97:fd:40:07:33:af:4f:1e:65:f2:af:a9:
                    1f:b6:f0:c0:2d:4e:88:8d:4a:bb:79:49:c2:9a:cc:
                    d4:64:22:4e:d3:29:8e:6a:33:b3:80:1a:10:24:1c:
                    69:dc:52:6c:8f:18:a6:b0:61:08:de:0f:09:42:73:
                    cc:fd:3c:a0:d2:b1:b7:6c:40:ba:c8:dc:05:86:f9:
                    ce:a7:64:3d:ee:c2:83:58:88:3b:56:fd:b6:c3:d5:
                    e0:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:0C:EC:2E:77:59:18:A1:9D:1D:F3:9B:FE:89:DB:AB:50:2A:5C:F0
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e2093baf-9227-4159-b7ff-180369fe3bda.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.88.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d4:97:1f:ef:26:12:97:27:71:f8:17:91:e9:58:45:35:79:17:
         45:d0:28:3a:9f:22:23:d7:90:f0:97:a4:32:7b:17:aa:9b:f8:
         63:12:4b:57:19:be:3e:1c:1e:fa:f2:36:25:9c:d9:9a:7f:e8:
         aa:2c:19:28:49:b1:48:1c:f4:21:34:d6:a6:07:40:9d:79:e9:
         3b:01:58:3e:1b:48:b6:f9:ce:92:1f:cb:2c:ee:dc:a2:2d:6f:
         9a:f3:ea:2e:78:43:a9:0d:c2:2e:a6:74:41:f8:ba:9b:d1:c8:
         dc:03:fe:47:00:ea:fc:ea:bf:5e:cb:0d:8c:7f:ed:9a:19:13:
         bd:ae:c9:8f:b1:2a:b7:03:57:6c:aa:0f:23:2a:dc:93:41:ad:
         d4:57:cd:6e:9f:f8:ae:bd:33:c8:c4:03:51:32:33:6e:14:85:
         d5:8a:13:bd:f1:1a:21:1a:ea:80:2c:78:ef:0f:ef:e3:f2:b1:
         61:8c:35:34:cf:a8:be:20:eb:e5:51:bb:93:34:93:05:c5:88:
         86:f8:40:19:d5:6c:ea:12:fc:c1:4a:af:c0:7f:32:ad:bd:8c:
         85:af:34:e7:98:19:ef:38:1b:4d:47:d3:a7:35:91:8b:c9:09:
         12:b9:da:d7:bd:87:83:9b:6a:6a:b5:1e:61:56:34:b0:88:32:
         ef:5e:93:89
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUHq/XdPtvdu75IzqnpKPPwHIG/W0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMzEyMTQwMTJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDNlNTg3ZWRmYTUzZTE1NmIwNzk2OGJlZWZmNGIxNjAxYjc5YTFkZDliNzZj
OGQ0YmNmMzNiMTJjMGIwZTJjYTgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO5z9wB5Za7c0hyd4MldBopkSG0NOEdLZ6RGZ4GQ2eXwUJpiLVKznlQuAyZw
0IWPxcnsTFPUirXkgUENqQDBXF7Y/k75hBYotw8Q62afFOPPnw+VtbQE4n95qcWo
u7GBpqau11qpx5JfewjZowv+rsS4Vgq1WC4oXSFwsRZ4JFas66v7bKbMXcc+wSZG
rjqWGvn+GEtHZjnRuq6Y8g4vCemN5TsPGuLAl/1ABzOvTx5l8q+pH7bwwC1OiI1K
u3lJwprM1GQiTtMpjmozs4AaECQcadxSbI8YprBhCN4PCUJzzP08oNKxt2xAusjc
BYb5zqdkPe7Cg1iIO1b9tsPV4NMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSWDOwu
d1kYoZ0d85v+idurUCpc8DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZTIwOTNiYWYtOTIyNy00MTU5LWI3ZmYtMTgwMzY5ZmUzYmRhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNYMA0G
CSqGSIb3DQEBCwUAA4IBAQDUlx/vJhKXJ3H4F5HpWEU1eRdF0Cg6nyIj15Dwl6Qy
exeqm/hjEktXGb4+HB768jYlnNmaf+iqLBkoSbFIHPQhNNamB0Cdeek7AVg+G0i2
+c6SH8ss7tyiLW+a8+oueEOpDcIupnRB+Lqb0cjcA/5HAOr86r9eyw2Mf+2aGRO9
rsmPsSq3A1dsqg8jKtyTQa3UV81un/iuvTPIxANRMjNuFIXVihO98RohGuqALHjv
D+/j8rFhjDU0z6i+IOvlUbuTNJMFxYiG+EAZ1WzqEvzBSq/AfzKtvYyFrzTnmBnv
OBtNR9OnNZGLyQkSudrXvYeDm2pqtR5hVjSwiDLvXpOJ
-----END CERTIFICATE-----