Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc353215-935f-47d2-9298-767ccc0eae1a.roa
File:                     fc353215-935f-47d2-9298-767ccc0eae1a.roa (raw, json)
Hash identifier:          NmcXoJE+yKR33VuxrTCEIb/VpyHSzN2AwRiJ8zbDWWc=
Subject key identifier:   AE:93:F5:D9:30:F9:49:13:9C:A1:60:25:D3:8F:B2:7E:19:CC:41:28
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       21EA5359B4B721FD5F4D87E89107672826A20709
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc353215-935f-47d2-9298-767ccc0eae1a.roa
Signing time:             Mon 31 Mar 2025 21:40:18 +0000
ROA not before:           Mon 31 Mar 2025 21:40:18 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        85.151.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:ea:53:59:b4:b7:21:fd:5f:4d:87:e8:91:07:67:28:26:a2:07:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 31 21:40:18 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b1:38:11:ac:20:60:95:d8:e4:c8:26:5c:64:
                    f8:1a:29:89:53:d1:0b:1e:49:71:34:60:c8:c3:ba:
                    10:7d:8f:25:5a:89:e7:f1:61:6f:ac:6c:42:a4:cb:
                    ff:64:05:8e:11:a5:1b:19:98:cb:2a:8f:61:45:cc:
                    96:06:01:e5:7d:8d:68:bb:80:d0:19:80:6f:31:f8:
                    2d:f9:c6:6a:4b:80:3d:31:35:c8:4b:c8:e7:92:24:
                    1d:74:0f:da:80:b2:20:e8:52:26:32:e5:e1:e7:d4:
                    05:f0:55:60:7d:40:2c:c4:50:07:0f:14:de:21:f8:
                    02:84:a8:ae:df:0d:45:67:e0:9c:00:1f:cc:c5:ad:
                    8e:19:82:30:04:60:3d:30:7a:fe:b6:62:61:fb:21:
                    6e:4e:00:69:df:bc:5f:d7:4b:01:54:82:b3:10:00:
                    d5:ea:f2:90:8c:a4:99:db:37:bf:34:b5:5f:e9:78:
                    fb:84:a5:af:1a:5c:af:e1:27:59:e4:d6:eb:2c:ba:
                    16:e8:49:bb:1b:81:c4:b2:5f:29:2e:aa:c8:d9:f6:
                    c9:a9:aa:38:f3:7b:c1:25:9b:73:a7:c5:bf:51:dc:
                    32:10:ee:b5:b2:fe:a7:2c:71:71:bb:9f:e5:f3:53:
                    e7:59:dc:ef:da:3f:d1:9f:28:a5:12:c4:b2:77:2e:
                    cf:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:93:F5:D9:30:F9:49:13:9C:A1:60:25:D3:8F:B2:7E:19:CC:41:28
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc353215-935f-47d2-9298-767ccc0eae1a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.151.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         98:e3:48:20:f6:f0:9c:9e:a1:ae:c7:ea:03:d7:c4:37:33:f3:
         b7:88:60:ff:5b:0e:9b:23:91:35:a8:16:d2:53:dd:09:c8:e5:
         af:3d:0c:a6:c9:e7:ce:72:06:2e:8d:ed:10:d8:09:de:ae:11:
         f8:af:e8:1e:c9:a0:d4:1d:49:a6:f6:e7:8a:db:76:61:95:9f:
         be:ab:7f:fa:01:5e:57:35:f8:bf:7b:e1:c5:ed:f4:7f:a4:fd:
         8c:72:0b:97:c3:99:9d:56:a7:5b:a1:f6:4b:cb:57:68:ba:f2:
         2c:9b:58:f7:43:51:68:b4:ab:e3:60:d4:a4:2e:13:d3:60:d6:
         f1:28:6c:1f:48:32:07:d4:2b:14:b0:41:96:81:5c:66:00:85:
         47:64:42:61:cf:e7:5e:23:34:86:9e:c0:87:18:37:7f:d7:66:
         cb:35:4e:ab:d2:6c:21:00:a6:2b:e8:42:db:ad:d0:4e:0a:bb:
         26:1e:a2:8f:58:ec:fd:f8:66:24:3e:a4:6f:53:16:31:11:29:
         04:aa:1f:c3:13:3d:3b:80:95:02:27:c1:13:5e:a1:6d:0a:77:
         53:3c:62:8e:32:c9:6e:47:c7:c9:b4:88:8b:25:60:a9:4f:cc:
         72:42:32:cb:f5:df:93:d2:49:35:1d:e5:79:ff:6c:b5:5e:d9:
         a9:e1:ad:51
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUIepTWbS3If1fTYfokQdnKCaiBwkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMzEyMTQwMThaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGMyMzQ3Y2Y4ODM4NTdkMWRiOGZmMzM4Y2NhODI5OTU3N2ViNmMwMGJjZWFh
MWI5YWY1ZjFiYWNmZmNlNjAwYmExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKyxOBGsIGCV2OTIJlxk+BopiVPRCx5JcTRgyMO6EH2PJVqJ5/Fhb6xsQqTL
/2QFjhGlGxmYyyqPYUXMlgYB5X2NaLuA0BmAbzH4LfnGakuAPTE1yEvI55IkHXQP
2oCyIOhSJjLl4efUBfBVYH1ALMRQBw8U3iH4AoSort8NRWfgnAAfzMWtjhmCMARg
PTB6/rZiYfshbk4Aad+8X9dLAVSCsxAA1erykIykmds3vzS1X+l4+4Slrxpcr+En
WeTW6yy6FuhJuxuBxLJfKS6qyNn2yamqOPN7wSWbc6fFv1HcMhDutbL+pyxxcbuf
5fNT51nc79o/0Z8opRLEsncuzwUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSuk/XZ
MPlJE5yhYCXTj7J+GcxBKDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmMzNTMyMTUtOTM1Zi00N2QyLTkyOTgtNzY3Y2NjMGVhZTFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAFWXMA0G
CSqGSIb3DQEBCwUAA4IBAQCY40gg9vCcnqGux+oD18Q3M/O3iGD/Ww6bI5E1qBbS
U90JyOWvPQymyefOcgYuje0Q2AnerhH4r+geyaDUHUmm9ueK23ZhlZ++q3/6AV5X
Nfi/e+HF7fR/pP2McguXw5mdVqdbofZLy1douvIsm1j3Q1FotKvjYNSkLhPTYNbx
KGwfSDIH1CsUsEGWgVxmAIVHZEJhz+deIzSGnsCHGDd/12bLNU6r0mwhAKYr6ELb
rdBOCrsmHqKPWOz9+GYkPqRvUxYxESkEqh/DEz07gJUCJ8ETXqFtCndTPGKOMslu
R8fJtIiLJWCpT8xyQjLL9d+T0kk1HeV5/2y1Xtmp4a1R
-----END CERTIFICATE-----