Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0cdce43b-0ed9-46d0-bf13-e6d99a26e097.roa
File:                     0cdce43b-0ed9-46d0-bf13-e6d99a26e097.roa (raw, json)
Hash identifier:          MXWORNygKo4tAruEGn0R9Zma7cvLP/SeG+azFdTQN2w=
Subject key identifier:   01:24:28:D8:7D:C9:91:B5:31:CD:82:02:7D:5F:6C:EF:8C:FB:1D:50
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       0AF4F91A1763DC37D9A55670BE63981AFB02D955
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0cdce43b-0ed9-46d0-bf13-e6d99a26e097.roa
Signing time:             Tue 11 Mar 2025 00:10:16 +0000
ROA not before:           Tue 11 Mar 2025 00:10:16 +0000
ROA not after:            Tue 15 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        193.57.170.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:f4:f9:1a:17:63:dc:37:d9:a5:56:70:be:63:98:1a:fb:02:d9:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 11 00:10:16 2025 GMT
            Not After : Apr 15 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:35:02:84:c1:e2:e4:61:7a:d5:71:82:ab:fc:
                    66:ab:c3:e7:08:7d:46:52:51:1e:0a:6a:66:c4:d4:
                    9f:24:fd:9e:bf:24:06:e0:c5:9e:e0:51:b0:d7:e9:
                    3f:0f:58:10:08:24:5a:22:bf:d0:d2:25:59:22:b0:
                    43:6e:26:8a:2d:64:96:1e:bc:e3:76:12:51:66:e5:
                    7c:09:05:b7:a4:7c:fd:92:6a:c6:da:58:01:d6:3e:
                    f5:e4:ce:33:9f:f0:ed:a9:33:16:68:02:d3:77:33:
                    9b:eb:6d:d0:e4:4d:86:2d:71:6d:bf:40:a2:60:0c:
                    33:04:ae:b3:c0:6a:63:98:57:85:bd:82:01:cb:5e:
                    6f:a8:10:cc:15:3d:ad:b4:2a:5b:ca:ad:20:e7:66:
                    75:f7:8b:e6:11:a2:e0:0c:27:de:40:52:9e:d9:3b:
                    3b:bd:ff:61:72:d1:c4:6c:49:e4:12:c8:91:67:bb:
                    c2:2e:7c:eb:da:66:da:e9:f9:10:f3:92:70:67:3c:
                    2f:99:60:9e:12:01:96:2d:c1:a2:b0:ba:a4:7b:04:
                    fe:07:1b:44:a9:85:78:f8:5f:da:06:2d:3c:51:9d:
                    03:5e:b3:c2:27:79:46:36:4b:02:b9:3c:f6:d0:f1:
                    c3:13:91:b1:d2:6a:2e:af:b0:23:7e:ec:02:a3:7f:
                    5e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:24:28:D8:7D:C9:91:B5:31:CD:82:02:7D:5F:6C:EF:8C:FB:1D:50
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0cdce43b-0ed9-46d0-bf13-e6d99a26e097.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:7d:42:ce:37:c9:4f:24:d7:a3:77:1e:66:c9:8e:e2:f3:8f:
         54:2b:0d:b1:bd:3b:86:2e:86:9d:1b:4a:aa:72:43:4c:17:b0:
         2f:1e:e9:3e:86:f6:c1:46:ee:64:7e:78:9d:d6:d7:81:59:d7:
         12:67:d9:d7:af:ac:4b:79:ee:6d:73:b7:2b:80:c9:aa:d5:fd:
         c9:f6:48:c1:53:b8:71:27:55:4f:d2:f7:eb:1f:57:21:0f:8c:
         e3:03:e0:0e:2d:c9:8a:7e:b2:d3:3a:f7:58:46:0d:27:4d:04:
         88:ba:df:2d:8d:01:81:b6:43:c8:cc:32:8a:02:b1:dc:2a:99:
         0e:13:14:57:8f:99:14:cd:0b:9e:9a:8e:67:6a:9d:fe:2d:4c:
         86:c1:df:d9:3f:76:22:40:d0:e0:4f:30:bd:13:17:d8:5e:65:
         bb:a6:a3:75:47:8c:07:a5:ad:52:e9:01:74:c0:31:25:db:6f:
         e5:81:61:f1:d4:90:aa:d2:76:f3:b9:4f:6e:5f:fe:ac:90:fc:
         43:17:cd:df:e0:b4:1a:fc:76:7c:a6:5f:8f:bd:60:5e:b9:fa:
         33:9e:9a:5c:b1:c0:78:3b:db:c9:ea:43:34:ed:7a:c5:81:69:
         66:ab:5c:62:cd:3f:97:a9:8e:e3:2f:28:d4:d2:16:69:05:e1:
         39:c8:a0:27
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUCvT5Ghdj3DfZpVZwvmOYGvsC2VUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMTEwMDEwMTZaFw0yNTA0MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGMyZDM1NjlkZWJmNzk4MjkyMjExOTU4MWRjZDhhY2Q2ZmQ5YTlmYjk4MTFj
OTA0MzhlYjBlNmExNTkyNzFkMGYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMA1AoTB4uRhetVxgqv8ZqvD5wh9RlJRHgpqZsTUnyT9nr8kBuDFnuBRsNfp
Pw9YEAgkWiK/0NIlWSKwQ24mii1klh6843YSUWblfAkFt6R8/ZJqxtpYAdY+9eTO
M5/w7akzFmgC03czm+tt0ORNhi1xbb9AomAMMwSus8BqY5hXhb2CActeb6gQzBU9
rbQqW8qtIOdmdfeL5hGi4Awn3kBSntk7O73/YXLRxGxJ5BLIkWe7wi5869pm2un5
EPOScGc8L5lgnhIBli3BorC6pHsE/gcbRKmFePhf2gYtPFGdA16zwid5RjZLArk8
9tDxwxORsdJqLq+wI37sAqN/Xr0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQBJCjY
fcmRtTHNggJ9X2zvjPsdUDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MGNkY2U0M2ItMGVkOS00NmQwLWJmMTMtZTZkOTlhMjZlMDk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcE5qjAN
BgkqhkiG9w0BAQsFAAOCAQEAin1CzjfJTyTXo3ceZsmO4vOPVCsNsb07hi6GnRtK
qnJDTBewLx7pPob2wUbuZH54ndbXgVnXEmfZ16+sS3nubXO3K4DJqtX9yfZIwVO4
cSdVT9L36x9XIQ+M4wPgDi3Jin6y0zr3WEYNJ00EiLrfLY0BgbZDyMwyigKx3CqZ
DhMUV4+ZFM0LnpqOZ2qd/i1MhsHf2T92IkDQ4E8wvRMX2F5lu6ajdUeMB6WtUukB
dMAxJdtv5YFh8dSQqtJ287lPbl/+rJD8QxfN3+C0Gvx2fKZfj71gXrn6M56aXLHA
eDvbyepDNO16xYFpZqtcYs0/l6mO4y8o1NIWaQXhOcigJw==
-----END CERTIFICATE-----