Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecfa3c13-cba9-4529-84cf-7b6bf8e5cd4a.roa
File:                     ecfa3c13-cba9-4529-84cf-7b6bf8e5cd4a.roa (raw, json)
Hash identifier:          3wnE/wxLDUl6qDNblZk0meNlTSalKkIQmr7Qs0rN/Lc=
Subject key identifier:   B0:26:5B:B6:E9:39:6B:CE:59:B6:10:66:09:C1:0F:78:A5:D6:2A:1D
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6DFB0638CF8AE26BD63FE62061DC7CDDC6A37C56
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecfa3c13-cba9-4529-84cf-7b6bf8e5cd4a.roa
Signing time:             Mon 31 Mar 2025 21:30:56 +0000
ROA not before:           Mon 31 Mar 2025 21:30:56 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.200.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:fb:06:38:cf:8a:e2:6b:d6:3f:e6:20:61:dc:7c:dd:c6:a3:7c:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 31 21:30:56 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:8d:7f:c1:12:e9:97:29:1e:13:17:8b:f8:3c:
                    fe:5e:7f:fb:b8:fa:6b:da:e4:f2:de:29:96:3d:36:
                    a0:ed:f4:f6:ee:75:be:10:9b:fb:8f:3a:2f:cb:a0:
                    1a:0f:f2:7f:c5:eb:7e:ba:66:ae:53:4e:6a:38:fd:
                    ed:2c:c3:46:9e:59:00:9d:54:32:df:a6:11:b1:5e:
                    fc:29:4d:b8:d9:37:08:e8:e7:04:0a:d3:95:df:45:
                    ac:00:86:4e:06:7d:10:d1:84:dc:90:2c:0b:08:4d:
                    2f:3f:f6:10:aa:49:af:3b:81:4f:a2:42:15:02:fd:
                    cd:22:7c:e7:48:5d:82:74:6b:dd:61:a0:27:01:2f:
                    85:84:c6:af:30:ce:1e:d1:d4:00:d1:dc:00:a6:ac:
                    93:9f:f7:63:8e:97:fd:6b:62:2c:a6:c8:5c:7e:2c:
                    16:14:4a:53:77:8e:c5:08:cf:9d:23:db:4c:e4:2c:
                    a7:8c:b0:11:68:44:3a:63:73:5f:12:63:97:06:42:
                    95:54:b5:42:5d:91:37:df:f9:91:9b:ba:06:69:c8:
                    4e:e3:eb:e9:34:6c:2b:7a:c8:55:01:ca:19:88:c7:
                    7a:93:8c:82:63:95:a6:cc:8a:6c:cf:4a:1b:be:3f:
                    75:e9:af:22:62:b4:4c:3d:dc:1f:5c:d9:b4:10:72:
                    4c:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:26:5B:B6:E9:39:6B:CE:59:B6:10:66:09:C1:0F:78:A5:D6:2A:1D
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecfa3c13-cba9-4529-84cf-7b6bf8e5cd4a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.200.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         22:7d:46:ef:5f:66:e0:d6:d2:20:e8:60:85:b6:75:cd:15:16:
         c8:c4:f6:20:b8:df:88:38:c1:b6:50:d9:22:24:26:42:6c:29:
         2f:26:5f:3b:5c:f2:59:da:e7:af:2a:b2:6a:39:b3:32:47:e2:
         a4:3b:60:d5:f7:7c:e1:82:dd:58:18:7c:1f:c8:e4:c2:1f:2a:
         02:c1:1e:19:e4:1a:be:88:32:71:95:05:6b:3f:84:22:94:95:
         36:80:5d:5e:46:5f:8a:84:8b:34:64:db:a2:cf:46:d4:08:86:
         b6:f9:21:21:69:da:89:12:da:50:3a:13:19:32:97:82:a5:b7:
         b9:98:42:9d:81:db:a8:38:ae:32:a2:ec:90:24:c8:68:2f:6f:
         10:88:50:93:21:09:81:90:80:08:6b:9d:38:84:c5:21:1b:7f:
         7c:9a:d3:ea:89:b6:d7:9a:6b:7f:ed:a0:b4:b0:e0:b7:f6:17:
         34:1f:9f:4e:9e:63:fa:4d:3f:b3:3e:84:28:b9:2c:c6:a2:ce:
         c5:d4:ca:ee:42:ee:c6:ec:d6:e6:66:8a:36:89:b6:c7:14:4e:
         2d:5e:b7:70:9e:cc:df:dd:8e:b7:d5:8d:f1:93:57:9b:66:60:
         df:e0:45:d7:44:b2:d6:91:90:1f:6f:6f:a9:9b:3c:9d:05:5c:
         71:2a:25:61
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUbfsGOM+K4mvWP+YgYdx83cajfFYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMzEyMTMwNTZaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDY1NWIyYWFhNWE4MmQ4ODZmMjUxNTQwNDM3NmM2MGNiNzIyY2Y2ZmU2Mzlm
NzJjZmM1M2I5NGRiNjdkZmFhODQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL6Nf8ES6ZcpHhMXi/g8/l5/+7j6a9rk8t4plj02oO309u51vhCb+486L8ug
Gg/yf8XrfrpmrlNOajj97SzDRp5ZAJ1UMt+mEbFe/ClNuNk3COjnBArTld9FrACG
TgZ9ENGE3JAsCwhNLz/2EKpJrzuBT6JCFQL9zSJ850hdgnRr3WGgJwEvhYTGrzDO
HtHUANHcAKask5/3Y46X/WtiLKbIXH4sFhRKU3eOxQjPnSPbTOQsp4ywEWhEOmNz
XxJjlwZClVS1Ql2RN9/5kZu6BmnITuPr6TRsK3rIVQHKGYjHepOMgmOVpsyKbM9K
G74/demvImK0TD3cH1zZtBByTL0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSwJlu2
6Tlrzlm2EGYJwQ94pdYqHTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZWNmYTNjMTMtY2JhOS00NTI5LTg0Y2YtN2I2YmY4ZTVjZDRhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPIMA0G
CSqGSIb3DQEBCwUAA4IBAQAifUbvX2bg1tIg6GCFtnXNFRbIxPYguN+IOMG2UNki
JCZCbCkvJl87XPJZ2uevKrJqObMyR+KkO2DV93zhgt1YGHwfyOTCHyoCwR4Z5Bq+
iDJxlQVrP4QilJU2gF1eRl+KhIs0ZNuiz0bUCIa2+SEhadqJEtpQOhMZMpeCpbe5
mEKdgduoOK4youyQJMhoL28QiFCTIQmBkIAIa504hMUhG398mtPqibbXmmt/7aC0
sOC39hc0H59OnmP6TT+zPoQouSzGos7F1MruQu7G7NbmZoo2ibbHFE4tXrdwnszf
3Y631Y3xk1ebZmDf4EXXRLLWkZAfb2+pmzydBVxxKiVh
-----END CERTIFICATE-----