Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1fa61929-412c-4540-85ff-6ae53d3a9f99.roa
File:                     1fa61929-412c-4540-85ff-6ae53d3a9f99.roa (raw, json)
Hash identifier:          24bEL50I9ht9GyNTafoSSGrO85FiUumL9rgezzHkMM8=
Subject key identifier:   2C:4D:E6:07:45:20:AD:C4:96:3E:2A:55:23:B7:67:74:29:E7:B7:12
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       1D01BAEB14F9018D89529465FCA6EFFD0B60B964
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1fa61929-412c-4540-85ff-6ae53d3a9f99.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.212.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:01:ba:eb:14:f9:01:8d:89:52:94:65:fc:a6:ef:fd:0b:60:b9:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4d:00:b1:23:98:cf:62:8b:b6:12:17:f2:42:
                    c5:72:2d:f9:d2:07:40:76:f2:b5:0b:37:ef:f4:2e:
                    bc:74:cc:b4:62:c9:02:db:53:aa:5a:5a:d3:6a:8a:
                    11:61:1f:2f:a0:bd:ce:62:55:f3:aa:98:c9:c7:e1:
                    1b:38:0e:20:19:88:f6:89:87:77:39:66:64:99:b8:
                    bb:5c:96:f6:ff:36:c6:90:96:59:37:62:72:07:a7:
                    35:9d:a5:ae:5e:9d:60:18:fe:08:b4:97:a6:79:a9:
                    d6:1b:80:91:42:f5:db:2f:22:51:76:d5:64:de:3e:
                    74:be:2a:16:3f:67:b5:f0:76:be:4a:f6:2d:77:65:
                    b2:71:e7:2b:1c:4a:a7:04:b1:7f:e4:62:1e:58:62:
                    cb:8b:da:be:11:41:a0:3d:9e:e7:e7:f3:65:cd:dd:
                    e9:0f:40:79:0b:53:74:84:c9:19:7b:78:0e:fc:f9:
                    b6:2c:5f:d0:8b:18:4f:95:3a:2e:00:47:1e:d7:69:
                    b1:14:62:43:5a:a2:bd:9e:40:fe:1d:d0:b2:17:eb:
                    54:03:8b:0c:bc:85:bc:6d:39:6e:e4:ef:56:84:a7:
                    e6:94:59:b1:70:f9:26:22:04:51:0d:24:1c:cb:36:
                    0b:0b:ff:2d:ae:74:02:25:1a:70:10:c0:03:53:d7:
                    4b:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:4D:E6:07:45:20:AD:C4:96:3E:2A:55:23:B7:67:74:29:E7:B7:12
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1fa61929-412c-4540-85ff-6ae53d3a9f99.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.212.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         82:c2:95:95:5d:f2:b7:0e:76:1c:a5:bc:06:6c:ec:b4:27:48:
         cd:59:23:53:3f:b1:40:88:26:d4:2d:10:a4:4a:97:e7:72:48:
         3c:9f:65:95:d2:22:ba:1d:35:7d:73:c5:93:4b:9a:d7:63:6c:
         b7:d6:37:0c:28:7a:fb:2f:41:8d:84:41:51:5e:94:c7:ca:6c:
         8b:31:1b:d7:9c:08:6f:34:91:e8:88:cf:42:d7:81:8e:2f:7c:
         70:7f:7e:a3:a6:d1:e0:46:0f:78:c3:0b:fb:4e:d2:48:e4:81:
         cf:aa:6a:90:8a:a9:42:5f:2d:e2:39:c7:d2:b9:c0:cb:01:c3:
         38:40:3c:03:ef:82:5c:be:9a:94:b2:d9:3c:7e:74:2a:d2:7b:
         cb:51:c9:df:89:8e:49:18:6e:0e:c6:d8:db:20:da:48:31:18:
         ee:39:92:8a:ae:52:df:79:d9:fc:ef:03:93:22:0e:41:96:b4:
         9b:8c:b1:e8:de:8b:11:c4:e6:fb:cb:16:1d:55:84:82:48:49:
         20:c9:b2:2a:76:79:dd:d4:fe:0e:ef:57:18:ee:df:d9:66:86:
         dc:67:5a:42:87:be:5c:5c:60:b5:ef:4e:e1:0b:2a:47:29:b5:
         58:8e:9e:bb:52:e0:86:a8:68:73:5c:e1:e8:c4:6f:ae:3b:56:
         a6:cd:c1:18
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUHQG66xT5AY2JUpRl/Kbv/QtguWQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGRkNzdjMjU0OWJlYTUxZmJkYWJhZjk2NWNjMDE3ZjNmZWQwZjEwMzZjMjk0
NDJhNDQyM2JmMDFmNDFmNTQxNDgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALhNALEjmM9ii7YSF/JCxXIt+dIHQHbytQs37/QuvHTMtGLJAttTqlpa02qK
EWEfL6C9zmJV86qYycfhGzgOIBmI9omHdzlmZJm4u1yW9v82xpCWWTdicgenNZ2l
rl6dYBj+CLSXpnmp1huAkUL12y8iUXbVZN4+dL4qFj9ntfB2vkr2LXdlsnHnKxxK
pwSxf+RiHlhiy4vavhFBoD2e5+fzZc3d6Q9AeQtTdITJGXt4Dvz5tixf0IsYT5U6
LgBHHtdpsRRiQ1qivZ5A/h3QshfrVAOLDLyFvG05buTvVoSn5pRZsXD5JiIEUQ0k
HMs2Cwv/La50AiUacBDAA1PXS50CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQsTeYH
RSCtxJY+KlUjt2d0Kee3EjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MWZhNjE5MjktNDEyYy00NTQwLTg1ZmYtNmFlNTNkM2E5Zjk5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPUMA0G
CSqGSIb3DQEBCwUAA4IBAQCCwpWVXfK3DnYcpbwGbOy0J0jNWSNTP7FAiCbULRCk
Spfnckg8n2WV0iK6HTV9c8WTS5rXY2y31jcMKHr7L0GNhEFRXpTHymyLMRvXnAhv
NJHoiM9C14GOL3xwf36jptHgRg94wwv7TtJI5IHPqmqQiqlCXy3iOcfSucDLAcM4
QDwD74JcvpqUstk8fnQq0nvLUcnfiY5JGG4OxtjbINpIMRjuOZKKrlLfedn87wOT
Ig5BlrSbjLHo3osRxOb7yxYdVYSCSEkgybIqdnnd1P4O71cY7t/ZZobcZ1pCh75c
XGC1707hCypHKbVYjp67UuCGqGhzXOHoxG+uO1amzcEY
-----END CERTIFICATE-----