Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f9c2130f-6f88-42ac-853e-f39d188adb6d.roa
File:                     f9c2130f-6f88-42ac-853e-f39d188adb6d.roa (raw, json)
Hash identifier:          MBR+iMbbJ5faSGV/Q+78jG99syshTk2ss8oYFDT3EU0=
Subject key identifier:   47:EF:54:7D:F6:A4:FD:5C:8A:F2:24:A1:18:54:BD:A2:DB:68:2C:7A
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       04BA1EA7E0869D74E87917869C6C9B06901833D1
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f9c2130f-6f88-42ac-853e-f39d188adb6d.roa
Signing time:             Mon 17 Mar 2025 15:40:57 +0000
ROA not before:           Mon 17 Mar 2025 15:40:57 +0000
ROA not after:            Mon 21 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.232.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:ba:1e:a7:e0:86:9d:74:e8:79:17:86:9c:6c:9b:06:90:18:33:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 17 15:40:57 2025 GMT
            Not After : Apr 21 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a5:50:37:cf:c7:d5:06:d2:f1:d4:08:0e:9f:
                    11:1a:c8:c5:f5:1f:a6:0b:f1:a7:ac:a0:d1:a5:e9:
                    8e:9a:c2:32:ff:c4:61:2b:0f:08:d6:8a:c1:39:3b:
                    10:68:4e:fb:af:bc:73:31:3e:8f:37:e5:0e:49:7b:
                    e4:da:92:d5:71:0e:e7:b6:d2:33:44:a1:77:59:9e:
                    2b:01:8c:94:0a:ea:bf:a2:ce:16:d8:ef:fa:ba:f1:
                    5c:91:b6:95:4e:49:60:0c:01:92:68:91:a8:1b:d7:
                    7b:32:1f:29:3b:69:92:a1:70:6f:26:97:10:ed:ac:
                    cd:72:3c:61:2c:5d:b6:ac:1b:14:4b:35:6b:4c:29:
                    d8:a2:d9:45:af:0a:f8:f6:a5:e2:1d:ba:99:c5:d3:
                    c9:85:18:6c:ee:52:78:af:d4:a5:e6:00:9c:ad:fb:
                    bc:03:bf:de:06:c5:97:92:57:1e:eb:12:0f:e3:35:
                    51:23:42:e9:11:95:0e:a5:7a:78:7b:b8:91:87:c4:
                    70:1f:ae:73:43:a3:33:43:59:16:89:39:65:dd:68:
                    45:b4:cb:cc:60:25:9d:83:d4:48:2a:c3:49:40:e5:
                    81:e2:ad:f4:86:30:51:d5:00:4c:00:e1:80:18:c3:
                    d7:0f:57:40:80:26:db:74:62:cb:46:a4:2f:ca:41:
                    8e:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:EF:54:7D:F6:A4:FD:5C:8A:F2:24:A1:18:54:BD:A2:DB:68:2C:7A
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f9c2130f-6f88-42ac-853e-f39d188adb6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.232.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         84:2b:dc:dd:34:63:64:a1:3e:76:c7:e5:ed:c2:a5:c2:85:51:
         29:78:1c:c9:1d:5a:3d:84:65:e2:7d:29:ab:75:0c:69:d8:d9:
         a2:5b:50:cb:0f:ad:6d:59:0a:38:44:47:c3:bc:60:3f:f9:e0:
         1f:55:a2:f0:88:f6:d3:ab:c8:fc:b0:25:34:91:a1:9c:70:6a:
         b8:0b:81:56:84:d1:c8:38:19:77:55:60:2a:07:9f:fe:f9:fe:
         72:e9:35:02:62:74:52:0c:d5:22:7f:2f:f1:49:49:b8:7a:a6:
         e5:24:19:c3:16:20:00:3e:b8:f6:9b:ec:7c:02:93:de:4a:35:
         be:da:4c:76:ac:12:2c:5c:9f:78:09:12:7d:d1:c5:d6:a8:d8:
         4d:63:5c:44:23:23:03:cd:e4:99:fd:ae:f6:17:bb:01:fb:f7:
         46:82:ec:94:3c:06:bf:52:45:5a:d4:18:d1:5f:ec:da:fa:db:
         a6:f0:f1:36:8d:3b:e3:ea:8d:2b:13:c9:55:dc:08:24:48:51:
         22:c5:34:91:77:1c:af:8e:7e:0e:70:08:26:bf:e9:7d:c4:95:
         ff:76:82:7c:96:11:39:c6:6b:46:31:23:ff:15:b0:d8:72:3c:
         20:d7:e4:65:7a:2d:36:73:ab:05:3f:b6:ce:3b:b1:2d:89:80:
         38:42:34:e0
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUBLoep+CGnXToeReGnGybBpAYM9EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMTcxNTQwNTdaFw0yNTA0MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDMwZjgwYzk1YjQzNzM3ZDBlOGJlMDMxMTBjNTJkYTQ4NGE1MTNkMWQzZDdi
MGY3OWZjYzRkY2UzOTJmOTM1OTQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKmlUDfPx9UG0vHUCA6fERrIxfUfpgvxp6yg0aXpjprCMv/EYSsPCNaKwTk7
EGhO+6+8czE+jzflDkl75NqS1XEO57bSM0Shd1meKwGMlArqv6LOFtjv+rrxXJG2
lU5JYAwBkmiRqBvXezIfKTtpkqFwbyaXEO2szXI8YSxdtqwbFEs1a0wp2KLZRa8K
+Pal4h26mcXTyYUYbO5SeK/UpeYAnK37vAO/3gbFl5JXHusSD+M1USNC6RGVDqV6
eHu4kYfEcB+uc0OjM0NZFok5Zd1oRbTLzGAlnYPUSCrDSUDlgeKt9IYwUdUATADh
gBjD1w9XQIAm23Riy0akL8pBjtMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRH71R9
9qT9XIryJKEYVL2i22gsejAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZjljMjEzMGYtNmY4OC00MmFjLTg1M2UtZjM5ZDE4OGFkYjZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPoMA0G
CSqGSIb3DQEBCwUAA4IBAQCEK9zdNGNkoT52x+XtwqXChVEpeBzJHVo9hGXifSmr
dQxp2NmiW1DLD61tWQo4REfDvGA/+eAfVaLwiPbTq8j8sCU0kaGccGq4C4FWhNHI
OBl3VWAqB5/++f5y6TUCYnRSDNUify/xSUm4eqblJBnDFiAAPrj2m+x8ApPeSjW+
2kx2rBIsXJ94CRJ90cXWqNhNY1xEIyMDzeSZ/a72F7sB+/dGguyUPAa/UkVa1BjR
X+za+tum8PE2jTvj6o0rE8lV3AgkSFEixTSRdxyvjn4OcAgmv+l9xJX/doJ8lhE5
xmtGMSP/FbDYcjwg1+Rlei02c6sFP7bOO7EtiYA4QjTg
-----END CERTIFICATE-----