Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/01305f95-02db-46f4-a135-5ff585346b72.roa
File:                     01305f95-02db-46f4-a135-5ff585346b72.roa (raw, json)
Hash identifier:          L0LsvMgt2D/3/CHUkO4g9Olb/cjASsxqkzlwZ9N55lM=
Subject key identifier:   69:9E:CD:35:95:75:65:65:48:C7:F7:E3:6B:9D:0D:30:8E:98:F1:EB
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5A825BA6451955211BD64E9106F814D6BB224A6A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/01305f95-02db-46f4-a135-5ff585346b72.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.204.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:82:5b:a6:45:19:55:21:1b:d6:4e:91:06:f8:14:d6:bb:22:4a:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:28:4a:09:0d:7e:b5:65:c5:90:09:2e:a8:11:
                    c9:c5:a7:b4:99:9a:f1:1d:29:8e:81:90:e4:44:bd:
                    a4:5b:4c:0b:14:43:82:64:62:26:52:f7:14:b7:ac:
                    07:07:70:44:ff:dd:3b:32:85:6e:9f:31:8e:2d:48:
                    de:f9:b1:1a:ee:9a:a9:c5:79:07:4f:f9:af:84:f5:
                    e0:4d:2c:47:06:2e:5f:10:6c:6a:2b:9a:d8:dd:c1:
                    9a:4c:9c:2a:cc:3b:9f:25:bd:a0:e4:23:b9:b3:ed:
                    e8:6e:88:0d:94:71:42:b4:0f:5e:cb:a8:5c:7f:c5:
                    29:d8:3d:4c:93:a0:8d:09:77:a6:ab:8b:dd:40:a8:
                    7e:ca:e3:bd:5c:20:11:a1:21:c3:19:33:6a:0e:6b:
                    f1:6d:e2:3a:9b:b4:6a:8c:42:95:ea:30:8b:7a:30:
                    b3:b0:9e:a8:22:38:4c:16:4e:ae:d1:66:51:14:b7:
                    38:76:26:85:01:2a:0f:b9:97:b0:e4:3e:4a:b6:11:
                    3b:18:4b:3c:85:3f:c6:e6:40:57:2c:31:6d:5c:6d:
                    0e:85:63:ab:34:41:80:ba:97:03:24:4d:0e:fb:23:
                    87:d8:e7:3b:30:32:e2:18:0d:a3:3d:74:c0:b7:d0:
                    4a:b0:93:fb:28:81:11:13:e7:1b:d0:13:ab:e5:cf:
                    39:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:9E:CD:35:95:75:65:65:48:C7:F7:E3:6B:9D:0D:30:8E:98:F1:EB
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/01305f95-02db-46f4-a135-5ff585346b72.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.204.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         50:16:bf:a5:a7:59:51:16:12:44:1d:c5:c0:37:6e:01:46:24:
         13:95:36:78:d9:f8:ae:e3:f4:ce:34:cd:fd:68:6f:a1:eb:61:
         8a:65:1b:85:15:03:da:b2:cd:b3:55:3e:7e:8c:90:b5:62:ca:
         f9:f2:8a:9e:f9:e2:bf:70:59:3f:e2:0b:90:82:56:4d:36:5b:
         41:b1:a4:76:18:36:b7:ee:d3:f5:93:76:bd:4b:97:74:71:d0:
         fb:a8:b3:c2:48:57:e4:f9:b1:b2:64:17:7a:e2:4b:63:da:2e:
         23:8b:9b:2b:49:95:d2:7d:f6:48:70:bb:00:80:e7:ef:a9:82:
         8e:df:04:e2:40:d8:72:21:ba:97:0a:1d:89:50:54:91:2f:11:
         b5:8f:16:02:18:e5:f2:3d:79:11:52:5f:33:9a:28:0f:82:fd:
         3f:be:65:8e:cc:3f:9f:73:cc:71:97:0d:0b:cc:62:93:93:e9:
         ed:38:76:7c:dd:24:99:f7:c1:49:10:35:1f:b0:66:e3:00:7a:
         42:5b:d3:b9:53:56:71:a5:31:6a:8b:34:53:5b:43:ed:fe:d6:
         4a:5c:8f:5b:42:7a:72:06:67:4e:b3:d9:7c:8a:38:1d:7c:28:
         cc:4c:18:6c:d8:f9:fd:f4:b7:51:45:5d:fe:13:c1:87:f1:72:
         89:aa:15:b1
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUWoJbpkUZVSEb1k6RBvgU1rsiSmowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGMwOTAzM2I5ODI3NTU3MzQ1ODYzNTNlZmEzYzc2MTZmODUwYjY5Mjk4Nzk2
NWU0MTNiYTYzZjg4ZDA1NzRkOWExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ8oSgkNfrVlxZAJLqgRycWntJma8R0pjoGQ5ES9pFtMCxRDgmRiJlL3FLes
BwdwRP/dOzKFbp8xji1I3vmxGu6aqcV5B0/5r4T14E0sRwYuXxBsaiua2N3Bmkyc
Ksw7nyW9oOQjubPt6G6IDZRxQrQPXsuoXH/FKdg9TJOgjQl3pquL3UCofsrjvVwg
EaEhwxkzag5r8W3iOpu0aoxCleowi3ows7CeqCI4TBZOrtFmURS3OHYmhQEqD7mX
sOQ+SrYROxhLPIU/xuZAVywxbVxtDoVjqzRBgLqXAyRNDvsjh9jnOzAy4hgNoz10
wLfQSrCT+yiBERPnG9ATq+XPOVMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRpns01
lXVlZUjH9+NrnQ0wjpjx6zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MDEzMDVmOTUtMDJkYi00NmY0LWExMzUtNWZmNTg1MzQ2YjcyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPMMA0G
CSqGSIb3DQEBCwUAA4IBAQBQFr+lp1lRFhJEHcXAN24BRiQTlTZ42fiu4/TONM39
aG+h62GKZRuFFQPass2zVT5+jJC1Ysr58oqe+eK/cFk/4guQglZNNltBsaR2GDa3
7tP1k3a9S5d0cdD7qLPCSFfk+bGyZBd64ktj2i4ji5srSZXSffZIcLsAgOfvqYKO
3wTiQNhyIbqXCh2JUFSRLxG1jxYCGOXyPXkRUl8zmigPgv0/vmWOzD+fc8xxlw0L
zGKTk+ntOHZ83SSZ98FJEDUfsGbjAHpCW9O5U1ZxpTFqizRTW0Pt/tZKXI9bQnpy
BmdOs9l8ijgdfCjMTBhs2Pn99LdRRV3+E8GH8XKJqhWx
-----END CERTIFICATE-----