Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ff2e2d46-44f0-4790-a453-0090beda0015.roa
File:                     ff2e2d46-44f0-4790-a453-0090beda0015.roa (raw, json)
Hash identifier:          1S3IH4piplkxptr8AhzL8LFJVm1tdLOT6nBQko1DVbg=
Subject key identifier:   4D:26:CD:6F:F7:0E:1A:BA:91:02:94:19:C6:8E:A7:EA:75:C9:98:F2
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       45EAFB2821D9F03CD7D87E764BE7078C1F5E9EF1
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ff2e2d46-44f0-4790-a453-0090beda0015.roa
Signing time:             Mon 31 Mar 2025 21:30:09 +0000
ROA not before:           Mon 31 Mar 2025 21:30:09 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        195.247.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:ea:fb:28:21:d9:f0:3c:d7:d8:7e:76:4b:e7:07:8c:1f:5e:9e:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 31 21:30:09 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:e5:40:d1:6c:63:e4:fe:b9:34:36:6f:a2:5f:
                    8b:27:ec:f1:64:30:07:fc:1d:22:f2:8e:46:6d:b2:
                    cf:e9:4a:62:12:5d:a1:8f:f4:9c:87:12:61:68:70:
                    f1:87:85:3d:50:a0:6d:53:ea:67:f1:9d:c3:45:03:
                    c6:7b:8b:5d:80:f2:bf:92:ee:8f:e3:a9:5f:3b:ca:
                    15:6f:f7:dc:01:67:85:04:40:48:15:1d:2a:98:21:
                    bc:9d:56:30:33:a5:6b:50:73:a4:94:e2:40:df:83:
                    dc:a7:cb:89:1a:3a:e9:47:b1:ec:35:ad:ff:76:bb:
                    00:9a:b7:a2:76:f9:33:cf:3b:b4:86:f2:01:f0:ab:
                    eb:f2:82:f0:73:58:30:3d:f5:2f:57:f1:73:f1:34:
                    10:cc:e3:d6:a4:2f:a4:fd:60:10:f2:ab:c3:4d:bb:
                    bd:d1:bc:40:9e:65:e2:f1:f6:79:37:f8:71:34:16:
                    88:ab:b9:81:bb:f2:a5:36:ee:af:38:91:bd:50:74:
                    a3:73:10:da:0a:0c:f9:e7:1c:9b:bd:53:3c:09:72:
                    46:6b:60:00:af:ca:bc:5f:a5:d9:5b:8b:95:89:74:
                    e0:74:b4:22:de:4e:e5:5b:c7:94:35:2e:03:44:9c:
                    de:06:d4:d8:c5:2d:ab:20:3b:53:97:0f:28:a8:78:
                    15:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:26:CD:6F:F7:0E:1A:BA:91:02:94:19:C6:8E:A7:EA:75:C9:98:F2
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ff2e2d46-44f0-4790-a453-0090beda0015.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.247.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a9:52:98:65:0b:52:15:30:28:8e:1f:5d:40:45:f4:97:ee:3d:
         dd:41:a8:c5:18:a8:0e:b3:89:75:79:21:95:b3:90:a1:c9:06:
         52:ea:4b:6f:f6:73:76:4e:83:62:b1:0d:57:22:4e:cb:bc:82:
         5e:a2:a6:84:22:61:3b:e0:8a:99:16:ae:81:72:82:ac:83:d5:
         a8:30:9c:4b:e5:42:4a:cb:5b:e4:75:e4:36:4b:e0:96:db:fe:
         7d:b7:d1:87:cf:2a:64:eb:33:1a:c1:90:8c:a1:49:99:30:08:
         84:b7:f1:6e:5b:6d:33:c1:73:3a:7b:26:06:bc:9e:f2:a9:76:
         47:4a:be:dd:fc:73:5d:6e:f4:75:32:02:91:15:64:4f:fa:fb:
         6b:e8:36:d5:15:b1:8d:2a:80:2c:85:41:f8:d7:70:9b:ad:27:
         17:18:26:6d:b0:b1:f3:87:ba:14:22:b9:73:c0:7b:4c:9b:96:
         f0:a5:77:8c:af:c9:6f:bd:1e:58:c7:0d:9c:07:65:1b:da:16:
         9c:2d:16:48:99:64:cd:4f:75:5a:af:49:d6:7c:94:c2:52:89:
         e8:37:31:d8:ac:2e:93:00:31:f3:d8:93:ce:1f:f3:c3:63:7f:
         2c:6f:bf:b4:0f:af:fd:bd:93:03:e0:ce:38:d5:12:a8:6a:6c:
         5a:4b:14:21
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIURer7KCHZ8DzX2H52S+cHjB9envEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMzEyMTMwMDlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDg5NWI1MmM2MDNjYTBkY2RhMjAxNjA3ZmU4NGU4OTZkZjU1OGVkYTFiZDc3
MTQ3ODFiMmI1OWM0OTAwOTQyZjYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANzlQNFsY+T+uTQ2b6Jfiyfs8WQwB/wdIvKORm2yz+lKYhJdoY/0nIcSYWhw
8YeFPVCgbVPqZ/Gdw0UDxnuLXYDyv5Luj+OpXzvKFW/33AFnhQRASBUdKpghvJ1W
MDOla1BzpJTiQN+D3KfLiRo66Uex7DWt/3a7AJq3onb5M887tIbyAfCr6/KC8HNY
MD31L1fxc/E0EMzj1qQvpP1gEPKrw027vdG8QJ5l4vH2eTf4cTQWiKu5gbvypTbu
rziRvVB0o3MQ2goM+eccm71TPAlyRmtgAK/KvF+l2VuLlYl04HS0It5O5VvHlDUu
A0Sc3gbU2MUtqyA7U5cPKKh4FVUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRNJs1v
9w4aupEClBnGjqfqdcmY8jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmYyZTJkNDYtNDRmMC00NzkwLWE0NTMtMDA5MGJlZGEwMDE1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMP3MA0G
CSqGSIb3DQEBCwUAA4IBAQCpUphlC1IVMCiOH11ARfSX7j3dQajFGKgOs4l1eSGV
s5ChyQZS6ktv9nN2ToNisQ1XIk7LvIJeoqaEImE74IqZFq6BcoKsg9WoMJxL5UJK
y1vkdeQ2S+CW2/59t9GHzypk6zMawZCMoUmZMAiEt/FuW20zwXM6eyYGvJ7yqXZH
Sr7d/HNdbvR1MgKRFWRP+vtr6DbVFbGNKoAshUH413CbrScXGCZtsLHzh7oUIrlz
wHtMm5bwpXeMr8lvvR5Yxw2cB2Ub2hacLRZImWTNT3Var0nWfJTCUonoNzHYrC6T
ADHz2JPOH/PDY38sb7+0D6/9vZMD4M441RKoamxaSxQh
-----END CERTIFICATE-----