Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2fc6a253-dc60-4611-8bc0-f4b11851ccf1.roa
File:                     2fc6a253-dc60-4611-8bc0-f4b11851ccf1.roa (raw, json)
Hash identifier:          RG57KukQacyUNsUA7h3v63ynf6AKIbHuqZ5kPbQOofQ=
Subject key identifier:   42:F8:62:1D:E9:97:05:9E:C2:98:CA:EF:45:0F:3B:3F:44:B2:71:08
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       69AAF3FF399E9110E5158C58A890FE1727483517
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2fc6a253-dc60-4611-8bc0-f4b11851ccf1.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.127.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:aa:f3:ff:39:9e:91:10:e5:15:8c:58:a8:90:fe:17:27:48:35:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:df:a7:64:a6:dd:c7:c7:fa:60:22:5b:62:fd:
                    3e:85:b2:ff:77:f3:fb:25:09:4a:96:31:60:9c:12:
                    c3:0f:eb:68:79:7f:de:54:63:c3:5f:6b:13:bb:3c:
                    99:19:31:e8:a7:5b:62:9a:f7:d2:88:ce:ed:ef:8f:
                    69:42:dd:ee:43:d6:71:a6:69:e9:24:1a:df:00:b8:
                    cd:3c:6f:32:22:f8:bb:9a:eb:87:45:af:a4:20:27:
                    61:15:c0:0a:cc:4e:90:fe:54:16:d4:f9:86:13:6b:
                    54:62:13:67:98:73:f8:48:99:82:c1:93:d9:9d:6a:
                    b2:ca:bb:f6:1c:f4:e9:71:c1:8b:94:e9:80:55:74:
                    9b:34:c8:d4:4f:ca:b4:2a:34:cc:62:55:b8:26:7c:
                    1e:8b:2e:2b:7c:d6:91:64:d2:75:ec:5c:8e:a6:e4:
                    db:da:89:a6:67:56:f9:8f:38:6a:83:e1:71:d0:dd:
                    85:33:b6:87:7a:5d:6e:17:ad:43:bf:0e:e1:c1:24:
                    14:b3:1f:d8:16:8b:ab:a5:71:f8:3c:61:53:65:60:
                    64:47:62:cd:11:78:ce:33:47:1d:07:72:76:a4:87:
                    3c:db:a1:e8:50:e5:5e:2c:0e:b4:14:05:0f:14:34:
                    12:3c:a1:fa:ff:b5:55:19:40:63:3d:dc:a8:a7:62:
                    22:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:F8:62:1D:E9:97:05:9E:C2:98:CA:EF:45:0F:3B:3F:44:B2:71:08
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2fc6a253-dc60-4611-8bc0-f4b11851ccf1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.127.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         72:3f:48:19:f3:7e:44:b1:ab:53:78:4e:f5:e0:3f:e4:4a:87:
         83:26:fc:48:fa:d5:6c:22:f5:ae:0d:18:1f:66:39:bf:b9:f7:
         7a:46:dc:0c:7b:a0:02:84:4e:61:80:04:40:34:d8:cf:ee:85:
         83:30:f2:d7:46:a0:ce:85:87:a5:45:e5:8b:e7:ee:37:86:9f:
         a2:25:b8:87:5b:0b:7b:b7:31:57:fa:2d:c1:52:c1:f1:79:f2:
         52:63:f3:48:40:a6:53:f8:f7:4d:e4:3a:a4:19:3a:67:36:3b:
         f1:1d:e3:6f:b4:b4:01:8a:f2:14:bc:bb:9d:05:c7:d3:b4:85:
         c1:1c:17:ab:7d:d4:98:fd:76:f4:fb:8d:8c:5a:6a:23:b6:63:
         01:f9:91:34:a3:0c:5f:57:be:70:c4:52:14:f0:82:e8:f3:ec:
         24:ca:7a:ef:05:31:39:16:02:0f:bb:97:ee:24:ce:f2:6f:81:
         9c:64:5b:e3:49:c4:f6:65:ea:72:09:bc:8d:d5:af:4f:7a:c5:
         10:2a:ab:6a:d2:7b:29:70:ff:be:35:08:3a:66:e4:65:21:d7:
         91:cc:e0:33:f3:61:f5:03:27:66:5d:9e:b4:14:c0:3c:ef:96:
         c1:6c:02:74:39:6f:8f:23:85:88:c7:6f:de:1b:6f:c3:50:a8:
         a8:f6:2b:ad
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUaarz/zmekRDlFYxYqJD+FydINRcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ2ZDAwMGJhZGExZDZlMGRkMmY1MGVjMjc3NjRjZDY1ODhhODhkMjUzNDMy
MDk2MTkwZDdiMDdjYmYxNTNiZTMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMXfp2Sm3cfH+mAiW2L9PoWy/3fz+yUJSpYxYJwSww/raHl/3lRjw19rE7s8
mRkx6KdbYpr30ojO7e+PaULd7kPWcaZp6SQa3wC4zTxvMiL4u5rrh0WvpCAnYRXA
CsxOkP5UFtT5hhNrVGITZ5hz+EiZgsGT2Z1qssq79hz06XHBi5TpgFV0mzTI1E/K
tCo0zGJVuCZ8HosuK3zWkWTSdexcjqbk29qJpmdW+Y84aoPhcdDdhTO2h3pdbhet
Q78O4cEkFLMf2BaLq6Vx+DxhU2VgZEdizRF4zjNHHQdydqSHPNuh6FDlXiwOtBQF
DxQ0Ejyh+v+1VRlAYz3cqKdiIsUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRC+GId
6ZcFnsKYyu9FDzs/RLJxCDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MmZjNmEyNTMtZGM2MC00NjExLThiYzAtZjRiMTE4NTFjY2YxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADN/MA0G
CSqGSIb3DQEBCwUAA4IBAQByP0gZ835EsatTeE714D/kSoeDJvxI+tVsIvWuDRgf
Zjm/ufd6RtwMe6AChE5hgARANNjP7oWDMPLXRqDOhYelReWL5+43hp+iJbiHWwt7
tzFX+i3BUsHxefJSY/NIQKZT+PdN5DqkGTpnNjvxHeNvtLQBivIUvLudBcfTtIXB
HBerfdSY/Xb0+42MWmojtmMB+ZE0owxfV75wxFIU8ILo8+wkynrvBTE5FgIPu5fu
JM7yb4GcZFvjScT2ZepyCbyN1a9PesUQKqtq0nspcP++NQg6ZuRlIdeRzOAz82H1
AydmXZ60FMA875bBbAJ0OW+PI4WIx2/eG2/DUKio9iut
-----END CERTIFICATE-----