Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/16337db0-8420-40f0-982b-9d50c20f4e08.roa
File:                     16337db0-8420-40f0-982b-9d50c20f4e08.roa (raw, json)
Hash identifier:          triDl9ad2l2uohoi3NVh+n38tdIR62iruK4WP6/FZGg=
Subject key identifier:   22:EF:61:B9:EE:FD:BE:CD:BA:43:50:8C:2A:57:43:91:08:D9:5E:B5
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       2272A51AA5C5048E2E5DE04675F6B3D82C64CF58
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/16337db0-8420-40f0-982b-9d50c20f4e08.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        193.57.254.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:72:a5:1a:a5:c5:04:8e:2e:5d:e0:46:75:f6:b3:d8:2c:64:cf:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:f1:39:08:03:55:ca:2d:0d:3e:35:f0:97:b2:
                    9a:e6:d0:b3:f6:29:45:ea:ac:7c:38:f7:36:c8:c4:
                    df:36:f2:97:d9:fb:e9:dd:2d:16:9e:e2:ad:27:15:
                    46:50:87:db:3a:bd:5d:34:df:a1:62:ab:50:5b:26:
                    65:07:d7:eb:0b:50:8b:30:14:e1:fd:e1:16:e4:70:
                    26:46:64:0f:98:4e:d8:b6:20:f3:88:9c:21:36:7b:
                    35:d1:3d:f6:5f:4e:31:02:f9:f0:91:ac:b3:92:24:
                    49:36:06:76:41:c8:df:a1:5d:cf:d5:ab:4e:63:16:
                    b6:5c:9d:f1:d9:72:fd:0a:7f:7a:ee:6c:c7:27:ed:
                    db:c8:ba:21:d9:49:ae:39:fd:4e:c4:32:96:4e:b7:
                    42:80:28:37:ad:df:3d:9e:d2:cf:0a:33:45:6a:72:
                    80:67:d6:4d:ff:d6:5a:b0:e1:6b:82:db:ef:5e:f4:
                    30:38:59:ab:c5:04:45:5a:9f:3c:a5:20:cb:5e:bc:
                    a8:29:7d:8d:08:52:af:07:c3:77:a1:34:75:18:c1:
                    d8:65:30:95:51:07:2a:44:7d:5f:19:3e:17:e7:0c:
                    e3:7f:5f:a3:7a:c7:24:de:3f:e0:cc:f3:72:8b:ed:
                    1e:82:84:f3:81:f5:35:01:cd:1b:8b:df:1b:32:c1:
                    76:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:EF:61:B9:EE:FD:BE:CD:BA:43:50:8C:2A:57:43:91:08:D9:5E:B5
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/16337db0-8420-40f0-982b-9d50c20f4e08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:6a:dc:dc:57:75:21:0a:c2:32:c9:9b:5f:7a:b5:bd:2d:4a:
         56:72:36:8d:4b:49:4a:96:37:ee:d5:d6:21:1b:3b:d0:17:84:
         81:81:e1:b6:1d:4d:55:f1:79:d9:51:97:66:d1:a8:8e:b6:37:
         4b:d9:67:d6:3e:f3:ff:f8:b2:c8:6c:ed:53:3a:bb:f5:be:5d:
         6e:ec:8f:5e:f9:d8:73:9b:62:11:6d:40:8a:f0:ce:84:91:03:
         7e:30:1e:66:28:85:9b:0b:5d:2c:07:2b:ab:a1:48:4c:2e:e2:
         48:ef:50:c1:18:14:90:09:b1:85:11:a6:f0:e9:31:2f:98:30:
         ae:fa:d2:7e:a8:2f:6c:cf:0a:6e:9b:e1:30:64:0b:67:56:f6:
         42:fd:c4:fe:c5:69:62:85:c7:9a:a0:29:ff:96:b3:5a:17:58:
         0a:28:1a:8b:dd:a2:8c:46:e6:d7:fb:93:7f:ed:fa:75:da:4d:
         cb:89:73:8b:8e:92:66:2e:da:c8:5d:a0:d1:c9:4c:13:76:6c:
         63:92:cb:67:97:ed:98:56:87:15:7f:c0:f3:5d:2d:cb:cb:ad:
         0b:7e:63:bb:2a:e8:48:0c:72:38:e7:a0:d0:29:14:44:69:17:
         b5:ee:7a:54:11:03:2a:14:9a:ef:00:61:38:61:5a:bf:4e:f7:
         64:fc:38:c8
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUInKlGqXFBI4uXeBGdfaz2Cxkz1gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDY3YjMxNjQ0ZDlmMTNlOGY4YWM0ZDk1YmJmOTRkZGUwZWNjYjcxMDg3OTJj
NTFlYTkxOTJjZWIxNjAzMDk3MzkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIzxOQgDVcotDT418JeymubQs/YpReqsfDj3NsjE3zbyl9n76d0tFp7irScV
RlCH2zq9XTTfoWKrUFsmZQfX6wtQizAU4f3hFuRwJkZkD5hO2LYg84icITZ7NdE9
9l9OMQL58JGss5IkSTYGdkHI36Fdz9WrTmMWtlyd8dly/Qp/eu5sxyft28i6IdlJ
rjn9TsQylk63QoAoN63fPZ7SzwozRWpygGfWTf/WWrDha4Lb7170MDhZq8UERVqf
PKUgy168qCl9jQhSrwfDd6E0dRjB2GUwlVEHKkR9Xxk+F+cM439fo3rHJN4/4Mzz
covtHoKE84H1NQHNG4vfGzLBdt8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQi72G5
7v2+zbpDUIwqV0ORCNletTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MTYzMzdkYjAtODQyMC00MGYwLTk4MmItOWQ1MGMyMGY0ZTA4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcE5/jAN
BgkqhkiG9w0BAQsFAAOCAQEAMmrc3Fd1IQrCMsmbX3q1vS1KVnI2jUtJSpY37tXW
IRs70BeEgYHhth1NVfF52VGXZtGojrY3S9ln1j7z//iyyGztUzq79b5dbuyPXvnY
c5tiEW1AivDOhJEDfjAeZiiFmwtdLAcrq6FITC7iSO9QwRgUkAmxhRGm8OkxL5gw
rvrSfqgvbM8KbpvhMGQLZ1b2Qv3E/sVpYoXHmqAp/5azWhdYCigai92ijEbm1/uT
f+36ddpNy4lzi46SZi7ayF2g0clME3ZsY5LLZ5ftmFaHFX/A810ty8utC35juyro
SAxyOOeg0CkURGkXte56VBEDKhSa7wBhOGFav073ZPw4yA==
-----END CERTIFICATE-----