Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0f6bc0d2-8628-4ccd-a0d9-39bab00ce826.roa
File:                     0f6bc0d2-8628-4ccd-a0d9-39bab00ce826.roa (raw, json)
Hash identifier:          Jkd901AJOkA/y1vx2wXModkZZRYBCv3o1WRun4m//+A=
Subject key identifier:   DD:16:A1:E0:2F:99:93:E5:BC:DF:06:39:A6:31:AA:76:03:5F:BB:77
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6BD01D03D122699B31739E063FB9A4F4384AC8C0
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0f6bc0d2-8628-4ccd-a0d9-39bab00ce826.roa
Signing time:             Wed 19 Feb 2025 00:40:05 +0000
ROA not before:           Wed 19 Feb 2025 00:40:05 +0000
ROA not after:            Wed 26 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.168.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:d0:1d:03:d1:22:69:9b:31:73:9e:06:3f:b9:a4:f4:38:4a:c8:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb 19 00:40:05 2025 GMT
            Not After : Mar 26 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:dd:12:b5:e8:3a:1e:e6:00:83:c8:f5:35:06:
                    42:7d:a8:ea:e0:16:50:78:79:2e:00:89:0e:8d:59:
                    ce:37:57:bf:0f:b7:a4:40:71:f2:13:97:5b:d1:a4:
                    7d:2c:cb:0b:c9:4e:5c:28:8f:dc:0b:03:bf:9d:12:
                    bd:c0:9b:ad:ab:de:ac:37:bd:9d:c3:26:c3:67:42:
                    e2:d0:79:6e:37:93:d0:24:0b:1b:e1:95:9b:92:2b:
                    a2:f5:1a:e5:43:cc:b7:c7:44:26:bc:60:b8:6d:f9:
                    96:f0:cc:a2:31:78:44:0b:56:24:5e:81:e8:0d:be:
                    6b:ac:a7:21:f7:1c:8f:14:55:19:80:25:cf:e3:b1:
                    33:16:cd:06:4b:b2:ef:98:30:be:9c:4a:c1:ad:64:
                    46:53:ee:23:d1:42:a8:3f:d3:a2:6c:a5:81:35:4b:
                    e9:da:12:e8:c8:22:9b:42:5c:8c:8a:fe:ae:93:e1:
                    be:13:95:b9:89:3e:a4:84:e9:f9:41:93:ac:c3:c5:
                    e4:af:1b:d1:bc:98:46:a1:23:96:50:32:6b:cc:42:
                    1c:b2:06:4d:1d:62:ad:60:4b:42:6c:3c:33:bc:1b:
                    ec:b4:91:30:b0:58:11:17:94:cc:89:c9:a8:90:e3:
                    79:0d:ee:b0:0f:88:b0:04:2d:3e:55:cf:d5:bb:d9:
                    b0:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:16:A1:E0:2F:99:93:E5:BC:DF:06:39:A6:31:AA:76:03:5F:BB:77
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0f6bc0d2-8628-4ccd-a0d9-39bab00ce826.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.168.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         d4:cd:04:2c:ae:bf:45:ee:3b:5b:36:35:75:80:55:65:a7:f6:
         e9:22:40:07:ee:51:f6:b8:4e:58:ee:08:a5:60:ed:c6:d2:e9:
         91:bb:e1:00:11:5c:0c:c7:b0:a5:eb:3b:ed:51:76:5d:e9:44:
         ad:4a:da:da:dd:c7:b4:3d:a3:d7:f0:0d:28:13:80:af:9f:97:
         be:1b:f4:f6:22:22:01:ee:b1:e8:23:df:ec:58:fe:a3:b6:52:
         da:26:c0:a9:d3:cc:19:72:76:f4:0b:b9:79:74:94:62:2f:98:
         de:fb:ac:5c:b7:ab:9c:c8:10:5e:c1:b3:eb:77:89:88:f1:6f:
         5e:18:2a:13:a5:8f:f6:8b:84:22:06:9c:fe:fa:33:24:3d:30:
         18:d1:88:3a:2d:5a:ca:dc:2f:e2:08:a4:6b:02:53:0a:b8:1e:
         a1:64:a3:72:30:35:6d:29:2e:43:92:86:b7:e5:3c:53:bd:f2:
         c5:e2:2f:af:47:d4:e7:e0:48:1b:4e:fd:2d:1b:2e:27:26:39:
         67:c8:fc:cc:35:4e:11:33:4d:b5:37:84:19:de:06:13:91:d7:
         10:c1:cd:fc:50:b0:79:46:76:06:ca:ea:aa:0b:d1:00:18:07:
         cb:25:fe:e8:e0:9e:95:a2:ce:ae:f4:0b:66:7b:76:67:55:10:
         47:cc:1f:98
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUa9AdA9EiaZsxc54GP7mk9DhKyMAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMTkwMDQwMDVaFw0yNTAzMjYyMzU5NTlaMHoxSTBHBgNV
BAUTQGRlZTVhYWYwNjIyMDg1MDYxNDAyMjI1MTIwZjgzZTUwYzhlNGE0OWU2Zjc4
NDQ3MzcyNjQ5YTk4YTM0YTc3MmYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL/dErXoOh7mAIPI9TUGQn2o6uAWUHh5LgCJDo1ZzjdXvw+3pEBx8hOXW9Gk
fSzLC8lOXCiP3AsDv50SvcCbraverDe9ncMmw2dC4tB5bjeT0CQLG+GVm5IrovUa
5UPMt8dEJrxguG35lvDMojF4RAtWJF6B6A2+a6ynIfccjxRVGYAlz+OxMxbNBkuy
75gwvpxKwa1kRlPuI9FCqD/TomylgTVL6doS6Mgim0JcjIr+rpPhvhOVuYk+pITp
+UGTrMPF5K8b0byYRqEjllAya8xCHLIGTR1irWBLQmw8M7wb7LSRMLBYEReUzInJ
qJDjeQ3usA+IsAQtPlXP1bvZsPsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTdFqHg
L5mT5bzfBjmmMap2A1+7dzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MGY2YmMwZDItODYyOC00Y2NkLWEwZDktMzliYWIwMGNlODI2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOoMA0G
CSqGSIb3DQEBCwUAA4IBAQDUzQQsrr9F7jtbNjV1gFVlp/bpIkAH7lH2uE5Y7gil
YO3G0umRu+EAEVwMx7Cl6zvtUXZd6UStStra3ce0PaPX8A0oE4Cvn5e+G/T2IiIB
7rHoI9/sWP6jtlLaJsCp08wZcnb0C7l5dJRiL5je+6xct6ucyBBewbPrd4mI8W9e
GCoTpY/2i4QiBpz++jMkPTAY0Yg6LVrK3C/iCKRrAlMKuB6hZKNyMDVtKS5Dkoa3
5TxTvfLF4i+vR9Tn4EgbTv0tGy4nJjlnyPzMNU4RM021N4QZ3gYTkdcQwc38ULB5
RnYGyuqqC9EAGAfLJf7o4J6Vos6u9Atme3ZnVRBHzB+Y
-----END CERTIFICATE-----