Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0cdce43b-0ed9-46d0-bf13-e6d99a26e097.roa
File:                     0cdce43b-0ed9-46d0-bf13-e6d99a26e097.roa (raw, json)
Hash identifier:          dhOsUyT/0Yc7PF0gzFGyTjoLqWK4PEZZatxrp8iLkOI=
Subject key identifier:   BD:7B:62:19:27:46:57:60:C3:98:C9:7D:A4:CF:B4:87:3B:5C:08:71
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5C227E97090B60D5FB75A5CC3418C621D154591C
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0cdce43b-0ed9-46d0-bf13-e6d99a26e097.roa
Signing time:             Fri 14 Feb 2025 00:20:14 +0000
ROA not before:           Fri 14 Feb 2025 00:20:14 +0000
ROA not after:            Fri 21 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        193.57.170.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:22:7e:97:09:0b:60:d5:fb:75:a5:cc:34:18:c6:21:d1:54:59:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb 14 00:20:14 2025 GMT
            Not After : Mar 21 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f3:fb:a3:11:08:8d:48:c8:ad:db:cb:b3:1e:
                    29:ca:95:d6:bd:e7:69:c5:19:70:74:db:44:7b:45:
                    dd:4f:6b:da:40:21:69:fd:f9:0c:93:51:a3:0c:96:
                    fd:a2:f6:25:55:5c:b6:89:e4:60:3b:c8:bb:1f:90:
                    a8:11:87:c8:9f:f2:1f:5f:2e:c2:01:2b:f4:75:8b:
                    fe:90:90:22:9e:eb:dc:90:81:b9:96:4e:02:7a:17:
                    63:44:34:58:b7:b6:11:b6:4a:c3:80:2f:10:d8:8b:
                    25:7b:a6:c6:d5:a8:03:9c:a0:cb:5e:91:eb:39:fa:
                    d8:c8:15:d3:c4:6d:d7:c0:ad:be:d8:7a:69:10:e9:
                    7c:98:22:ba:67:10:fd:c7:1c:2e:8c:da:5e:d9:fa:
                    b7:77:7a:1f:79:0b:21:d6:c1:e0:a6:6f:94:1b:4f:
                    d6:36:6f:f0:25:d6:63:6e:3a:82:78:1b:ce:04:84:
                    56:fb:ba:51:21:18:66:a8:1b:1f:e2:68:ef:88:0f:
                    e5:fc:5e:01:60:1f:71:22:03:3a:64:08:e2:e4:6f:
                    8f:8e:ac:12:fe:cb:1f:6f:ce:f3:13:87:99:a4:d5:
                    5d:0a:d3:7a:44:f4:2e:32:b7:53:6d:77:61:df:00:
                    09:c3:70:38:b6:4d:8f:d2:5e:6b:d8:9d:be:c2:ce:
                    25:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:7B:62:19:27:46:57:60:C3:98:C9:7D:A4:CF:B4:87:3B:5C:08:71
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0cdce43b-0ed9-46d0-bf13-e6d99a26e097.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:6f:bd:35:a4:be:02:5a:7d:31:96:22:c7:ff:8b:6a:96:69:
         78:0b:49:48:2d:dd:0f:5e:01:36:75:a7:1e:09:69:df:c1:e9:
         a0:d0:19:82:d1:aa:66:b8:9c:12:54:51:c1:f1:79:76:2e:fb:
         27:14:53:42:ce:81:4d:35:de:5a:f6:6d:c2:0d:9e:ad:1d:c4:
         e9:53:aa:12:50:e7:41:37:29:87:69:aa:56:6a:7f:9f:48:ba:
         27:e9:77:a8:29:2a:35:7d:6b:f6:ea:67:ad:2e:66:3a:b0:5f:
         6d:ff:4f:f8:b3:e0:8f:91:df:63:c7:13:c8:03:a6:65:2c:15:
         fc:c2:04:1f:70:f3:a4:f3:ec:34:24:64:fa:1b:41:ea:2d:65:
         41:47:54:58:54:0a:0b:d0:a3:cd:bb:59:9a:81:d0:a8:1b:8d:
         b1:49:32:75:30:6f:12:a7:88:50:d2:87:9c:53:9c:05:c7:d4:
         19:8b:78:f2:5e:99:dc:cc:be:ab:51:79:e9:c4:3f:b2:35:28:
         c3:5e:a0:21:33:b1:f4:8f:55:92:12:b2:dd:b8:c6:b4:f4:9d:
         5a:a3:36:97:db:00:23:50:02:dc:97:6e:22:0c:48:f8:c6:95:
         9e:69:9f:18:55:af:f8:21:e4:96:64:81:a4:8a:67:81:66:b2:
         b0:69:ac:13
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUXCJ+lwkLYNX7daXMNBjGIdFUWRwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMTQwMDIwMTRaFw0yNTAzMjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDExNDIzMGRlMWNhNzM1ZDk5ZTNmZWEzYTVmMTdlNzA1NGQ5ZWQ5YjlkY2Y1
YWY3NzQxNTQwNGFhMWZhMTBmYTMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK3z+6MRCI1IyK3by7MeKcqV1r3nacUZcHTbRHtF3U9r2kAhaf35DJNRowyW
/aL2JVVctonkYDvIux+QqBGHyJ/yH18uwgEr9HWL/pCQIp7r3JCBuZZOAnoXY0Q0
WLe2EbZKw4AvENiLJXumxtWoA5ygy16R6zn62MgV08Rt18Ctvth6aRDpfJgiumcQ
/cccLozaXtn6t3d6H3kLIdbB4KZvlBtP1jZv8CXWY246gngbzgSEVvu6USEYZqgb
H+Jo74gP5fxeAWAfcSIDOmQI4uRvj46sEv7LH2/O8xOHmaTVXQrTekT0LjK3U213
Yd8ACcNwOLZNj9Jea9idvsLOJQ8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBS9e2IZ
J0ZXYMOYyX2kz7SHO1wIcTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MGNkY2U0M2ItMGVkOS00NmQwLWJmMTMtZTZkOTlhMjZlMDk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcE5qjAN
BgkqhkiG9w0BAQsFAAOCAQEAKm+9NaS+Alp9MZYix/+LapZpeAtJSC3dD14BNnWn
Hglp38HpoNAZgtGqZricElRRwfF5di77JxRTQs6BTTXeWvZtwg2erR3E6VOqElDn
QTcph2mqVmp/n0i6J+l3qCkqNX1r9upnrS5mOrBfbf9P+LPgj5HfY8cTyAOmZSwV
/MIEH3DzpPPsNCRk+htB6i1lQUdUWFQKC9CjzbtZmoHQqBuNsUkydTBvEqeIUNKH
nFOcBcfUGYt48l6Z3My+q1F56cQ/sjUow16gITOx9I9VkhKy3bjGtPSdWqM2l9sA
I1AC3JduIgxI+MaVnmmfGFWv+CHklmSBpIpngWaysGmsEw==
-----END CERTIFICATE-----