Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2740a5f5-ec55-42ac-b7df-f4c863c83981.roa
File:                     2740a5f5-ec55-42ac-b7df-f4c863c83981.roa (raw, json)
Hash identifier:          5Du6UJx/zakyCSDlfTYLQOf3irzeHb0BhFLDaffaqow=
Subject key identifier:   E9:F8:BA:2A:E5:55:BD:53:B1:88:D8:52:9D:1D:C1:FA:10:00:D9:92
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       59C27DA67F710881C7EBEF621141AF5E7E5092EC
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2740a5f5-ec55-42ac-b7df-f4c863c83981.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.125.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:c2:7d:a6:7f:71:08:81:c7:eb:ef:62:11:41:af:5e:7e:50:92:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f7:d5:d1:23:cb:1e:01:0c:26:d6:5e:3f:58:
                    c7:9e:e6:d4:f9:2b:b7:78:7f:87:12:09:b8:7b:75:
                    54:34:86:35:5e:12:cc:a8:63:75:4a:29:7d:bf:c7:
                    c6:40:2a:97:b0:10:a2:78:3c:e4:37:df:00:1d:41:
                    c2:be:aa:15:b2:8e:61:e0:90:44:65:60:c1:31:5b:
                    4a:2b:30:ba:40:20:b4:f8:05:4e:0f:7c:32:17:ba:
                    b8:d8:53:a1:b7:50:47:d2:51:97:74:d3:f4:29:a0:
                    52:ee:3e:1a:c4:ee:70:be:6a:b8:e3:00:5c:67:0e:
                    81:7c:c1:1a:16:dc:36:0a:25:ab:8f:d6:79:b0:2f:
                    a6:79:8e:f9:1b:f1:22:dd:17:0e:b1:38:9b:3e:ae:
                    3f:97:08:d6:b5:83:d3:bd:15:67:7b:03:ec:b1:8a:
                    fb:b3:aa:ac:3e:b7:d6:5d:e7:2b:d1:09:84:d0:6e:
                    df:0b:35:4b:b9:06:6f:dd:b7:7a:f9:01:30:09:02:
                    7e:da:f5:38:1c:99:01:56:d4:cb:55:c3:ac:98:1a:
                    ea:51:d5:6b:9a:c4:ea:61:db:d2:e2:6a:94:e1:56:
                    24:66:f4:3d:17:8f:cf:15:ff:d4:63:34:95:1f:14:
                    84:0a:1b:1b:02:40:84:a1:4d:9a:7f:45:6e:c9:8e:
                    3d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:F8:BA:2A:E5:55:BD:53:B1:88:D8:52:9D:1D:C1:FA:10:00:D9:92
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2740a5f5-ec55-42ac-b7df-f4c863c83981.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.125.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         38:80:10:52:66:b4:3a:22:b8:26:c2:52:41:e5:08:55:54:92:
         ee:4d:9f:ff:ac:ab:9c:da:f6:3c:e0:a4:31:55:db:ee:2d:f7:
         01:c8:5b:6f:42:f6:cf:94:e7:b1:47:f7:3b:7c:4b:59:15:89:
         a3:d5:b0:79:85:fd:e9:27:77:9e:ec:7d:ab:f0:1f:c6:40:72:
         de:d0:85:c7:af:b9:65:16:fe:4d:7c:c6:d3:2e:68:54:00:ac:
         e7:75:f0:f4:d7:07:af:1e:c3:d9:7f:a4:83:26:5b:5e:a5:5f:
         90:f9:9b:54:1b:83:20:96:84:54:8d:c4:d6:62:f4:3e:59:ca:
         c8:4b:60:47:5b:ca:16:57:24:00:0c:86:45:ec:af:88:c8:0f:
         c9:f8:40:0c:ae:a9:73:88:f4:91:40:f6:29:07:3b:8c:57:3f:
         23:e4:57:fb:5f:8b:b1:9f:88:cc:9d:33:7c:33:77:70:5c:7f:
         fc:8a:54:ea:01:d0:b3:b7:15:21:12:6c:30:7f:8d:7c:59:40:
         c9:fe:3f:4a:f3:6d:e1:34:91:af:17:39:53:9b:a6:ec:1a:13:
         ab:76:f0:98:be:f2:8c:77:d4:ba:37:c4:0f:b6:84:97:2d:f7:
         c1:c4:17:e9:b0:06:46:55:72:1e:ca:50:b7:4e:1d:29:39:5c:
         97:aa:51:40
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUWcJ9pn9xCIHH6+9iEUGvXn5QkuwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDA3NWQyM2E5Yzk1YTU2YjFiMTJhMzNiOTczODQxYmFmOWQzNTU4Yjg2MDEy
Mzg4Y2VkNTBkNWI0MTcwNjQzOGUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMT31dEjyx4BDCbWXj9Yx57m1Pkrt3h/hxIJuHt1VDSGNV4SzKhjdUopfb/H
xkAql7AQong85DffAB1Bwr6qFbKOYeCQRGVgwTFbSiswukAgtPgFTg98Mhe6uNhT
obdQR9JRl3TT9CmgUu4+GsTucL5quOMAXGcOgXzBGhbcNgolq4/WebAvpnmO+Rvx
It0XDrE4mz6uP5cI1rWD070VZ3sD7LGK+7OqrD631l3nK9EJhNBu3ws1S7kGb923
evkBMAkCftr1OByZAVbUy1XDrJga6lHVa5rE6mHb0uJqlOFWJGb0PRePzxX/1GM0
lR8UhAobGwJAhKFNmn9FbsmOPf0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTp+Loq
5VW9U7GI2FKdHcH6EADZkjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Mjc0MGE1ZjUtZWM1NS00MmFjLWI3ZGYtZjRjODYzYzgzOTgxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADN9MA0G
CSqGSIb3DQEBCwUAA4IBAQA4gBBSZrQ6IrgmwlJB5QhVVJLuTZ//rKuc2vY84KQx
VdvuLfcByFtvQvbPlOexR/c7fEtZFYmj1bB5hf3pJ3ee7H2r8B/GQHLe0IXHr7ll
Fv5NfMbTLmhUAKzndfD01wevHsPZf6SDJltepV+Q+ZtUG4MgloRUjcTWYvQ+WcrI
S2BHW8oWVyQADIZF7K+IyA/J+EAMrqlziPSRQPYpBzuMVz8j5Ff7X4uxn4jMnTN8
M3dwXH/8ilTqAdCztxUhEmwwf418WUDJ/j9K823hNJGvFzlTm6bsGhOrdvCYvvKM
d9S6N8QPtoSXLffBxBfpsAZGVXIeylC3Th0pOVyXqlFA
-----END CERTIFICATE-----