Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1fa61929-412c-4540-85ff-6ae53d3a9f99.roa
File:                     1fa61929-412c-4540-85ff-6ae53d3a9f99.roa (raw, json)
Hash identifier:          FSGty5IZ1JEn3fE0Z8ngyYqbHqRDLsldF1g5ARf3+os=
Subject key identifier:   8E:FE:96:79:5B:AE:F5:59:9B:C9:82:ED:D7:D7:F5:14:57:98:E7:77
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       53932CCBF29F5BDD6116102ED61DB91AECDB914B
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1fa61929-412c-4540-85ff-6ae53d3a9f99.roa
Signing time:             Wed 05 Mar 2025 17:51:43 +0000
ROA not before:           Wed 05 Mar 2025 17:51:43 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.212.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:93:2c:cb:f2:9f:5b:dd:61:16:10:2e:d6:1d:b9:1a:ec:db:91:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 17:51:43 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:4b:22:a7:06:8d:69:33:47:99:61:d2:16:e7:
                    b1:15:09:e8:42:82:3a:5f:40:05:10:59:67:c6:bf:
                    e4:c2:0a:c9:1f:e4:00:50:8e:1b:65:03:9c:df:e7:
                    f6:3a:1f:b1:a7:35:db:42:81:d3:d3:16:d6:89:42:
                    cb:3f:a9:9e:e5:fb:1e:ae:75:da:da:09:3b:44:9f:
                    a9:97:3b:52:37:53:8a:87:35:3d:0b:37:38:92:a4:
                    3c:72:6a:ae:fd:6e:d2:91:b6:8a:25:ea:33:22:3e:
                    3f:10:9e:54:ea:22:09:c2:a1:b6:83:35:93:dc:55:
                    80:35:4c:35:ba:96:58:fb:8f:f5:ab:e6:fa:ca:68:
                    ca:53:d1:fd:39:73:03:e9:68:39:67:0b:c8:0a:e9:
                    1f:34:bc:35:9b:7b:28:86:a4:5f:aa:5f:01:d8:39:
                    50:04:bb:71:f4:1c:99:08:fb:5a:47:01:dc:8d:b9:
                    43:75:78:34:28:af:a4:16:e5:13:82:33:10:ac:72:
                    ee:76:4d:bd:88:3d:70:92:e5:b3:7c:51:82:96:e1:
                    c8:77:dc:62:51:1d:a7:0e:e1:33:b8:9c:4b:42:93:
                    f8:12:d8:a7:ca:a9:c9:6f:99:95:26:0d:50:33:36:
                    15:8a:6e:34:64:42:52:14:00:ee:c5:f1:09:83:eb:
                    29:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:FE:96:79:5B:AE:F5:59:9B:C9:82:ED:D7:D7:F5:14:57:98:E7:77
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1fa61929-412c-4540-85ff-6ae53d3a9f99.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.212.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         c8:27:33:57:f0:b3:58:7d:32:36:42:4f:a0:7a:c2:15:61:fd:
         90:43:25:87:2e:ea:7d:70:0d:8a:51:40:d7:ef:5e:d6:47:b9:
         ee:86:70:bc:48:16:cc:63:6c:a2:f7:4b:99:2e:bf:b2:d6:77:
         3f:3a:ae:06:b4:e1:d8:65:51:4f:59:ba:d1:62:9a:6b:dd:10:
         9a:07:42:da:4a:8a:1e:32:e4:b3:60:12:f2:12:c6:e3:e6:ce:
         8b:0a:b0:64:1d:25:4f:20:27:f0:cd:a1:f9:a8:c1:1f:87:eb:
         5f:5d:28:03:bc:48:4e:3e:27:9e:bd:c5:a4:ec:81:14:e5:70:
         b7:bf:bb:e4:07:24:fe:4f:49:27:90:6a:a7:f4:de:db:67:24:
         89:7b:df:ea:2e:1b:74:a5:0b:fc:10:7b:e9:fd:5e:d8:8b:81:
         eb:c2:38:d7:63:5a:06:cd:64:96:52:c1:86:2c:e6:7d:e5:b4:
         af:3a:be:51:e7:e1:36:ed:85:0f:bd:b1:da:87:a9:67:f7:35:
         b9:af:90:00:04:74:3e:ff:3b:6f:fe:92:3c:9b:10:77:3a:ce:
         c5:a8:f2:2e:32:ae:c3:83:06:89:2e:17:a7:72:ac:5e:4f:8c:
         ff:35:3b:02:58:c9:91:1e:7d:bf:17:5a:e8:9a:d7:a7:76:00:
         e1:53:82:35
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUU5Msy/KfW91hFhAu1h25GuzbkUswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMDUxNzUxNDNaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDA1YjExZmUyYmU3NGJlNjdjYjdmOWM2ZDU0NWQyOTJmMjA0YmFmZWUzYmQ2
YmQ2YWNiZjE3ZmY2YzlhYjIyYzkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOdLIqcGjWkzR5lh0hbnsRUJ6EKCOl9ABRBZZ8a/5MIKyR/kAFCOG2UDnN/n
9jofsac120KB09MW1olCyz+pnuX7Hq512toJO0SfqZc7UjdTioc1PQs3OJKkPHJq
rv1u0pG2iiXqMyI+PxCeVOoiCcKhtoM1k9xVgDVMNbqWWPuP9avm+spoylPR/Tlz
A+loOWcLyArpHzS8NZt7KIakX6pfAdg5UAS7cfQcmQj7WkcB3I25Q3V4NCivpBbl
E4IzEKxy7nZNvYg9cJLls3xRgpbhyHfcYlEdpw7hM7icS0KT+BLYp8qpyW+ZlSYN
UDM2FYpuNGRCUhQA7sXxCYPrKekCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSO/pZ5
W671WZvJgu3X1/UUV5jndzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MWZhNjE5MjktNDEyYy00NTQwLTg1ZmYtNmFlNTNkM2E5Zjk5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPUMA0G
CSqGSIb3DQEBCwUAA4IBAQDIJzNX8LNYfTI2Qk+gesIVYf2QQyWHLup9cA2KUUDX
717WR7nuhnC8SBbMY2yi90uZLr+y1nc/Oq4GtOHYZVFPWbrRYppr3RCaB0LaSooe
MuSzYBLyEsbj5s6LCrBkHSVPICfwzaH5qMEfh+tfXSgDvEhOPieevcWk7IEU5XC3
v7vkByT+T0knkGqn9N7bZySJe9/qLht0pQv8EHvp/V7Yi4HrwjjXY1oGzWSWUsGG
LOZ95bSvOr5R5+E27YUPvbHah6ln9zW5r5AABHQ+/ztv/pI8mxB3Os7FqPIuMq7D
gwaJLhencqxeT4z/NTsCWMmRHn2/F1romtendgDhU4I1
-----END CERTIFICATE-----