Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
File:                     397b5a86-52b0-4a8c-87de-e6da77812b46.roa (raw, json)
Hash identifier:          5eY/Rojx76NF33T/+NoB1tjY3OtqZxpUPj0WbTw15zg=
Subject key identifier:   8B:D7:1D:D5:76:30:04:80:92:05:73:09:DF:84:36:F4:AA:99:27:CE
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       398D9B429C433A24E008E4D1A9339135403152A0
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.248.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:8d:9b:42:9c:43:3a:24:e0:08:e4:d1:a9:33:91:35:40:31:52:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:0d:d0:e3:13:05:db:a3:3b:78:de:c1:41:51:
                    d2:01:73:ce:fe:92:28:db:dc:75:e6:58:01:3c:76:
                    60:49:f9:d8:e2:13:11:6f:b7:15:c6:8d:44:8a:6c:
                    88:4e:85:60:89:59:29:99:8e:14:c7:fb:80:7e:f0:
                    5d:12:14:a8:5a:60:9c:8d:ea:65:9c:cb:42:6c:4e:
                    bc:7b:b5:90:a5:98:3f:ef:c4:9c:b4:ec:26:80:30:
                    7c:33:03:48:59:cd:59:2d:84:a5:b0:86:56:8f:e0:
                    a8:46:5f:56:ba:d1:93:f0:09:59:91:dd:c3:22:e6:
                    44:de:30:93:f6:04:d6:81:8f:fd:90:f3:c7:30:30:
                    27:ae:31:2d:b5:6a:fd:13:6a:c6:b3:f1:2a:4d:a4:
                    a2:9b:5c:a9:a2:b0:56:10:6d:7a:4d:2e:94:f4:f6:
                    66:99:49:1e:e7:6a:18:a4:9d:fd:25:11:9b:a3:93:
                    68:92:c0:5f:df:5d:b2:e8:34:b0:2f:88:ef:4d:95:
                    08:1a:4b:bc:27:d5:8d:09:15:7e:23:10:9a:4f:5d:
                    b1:e7:23:4a:4f:b6:c0:07:00:22:c5:7e:c5:46:fd:
                    35:f9:95:39:6d:b3:81:2a:3f:7b:76:db:01:cd:dd:
                    27:6f:cb:a2:24:7a:5a:4a:d1:b7:4f:60:9c:24:f6:
                    d7:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:D7:1D:D5:76:30:04:80:92:05:73:09:DF:84:36:F4:AA:99:27:CE
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.248.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         8c:60:2a:73:10:63:b2:ce:49:3f:c0:d4:05:90:5b:b1:a9:fd:
         02:66:ec:dc:56:5f:36:cb:4d:57:11:7a:a8:04:1c:96:32:44:
         96:1c:f5:04:74:d0:b7:b7:c5:e2:e8:22:54:be:9a:fb:64:25:
         51:50:21:27:4a:4c:76:40:c1:13:88:03:7e:1e:f7:27:da:bd:
         53:3a:b3:b1:16:49:f2:e5:38:56:fb:cd:9e:95:c5:9c:45:57:
         f2:61:0f:33:71:fc:21:84:56:28:57:e6:6a:ba:32:64:5b:f1:
         af:5d:81:3d:74:0f:24:c8:d4:8b:37:6a:00:e1:6e:92:39:a5:
         a3:5a:38:3f:aa:d3:c1:09:5e:89:5c:b8:69:c3:f4:bc:b5:49:
         41:d4:fa:36:1b:ee:ba:21:48:0a:c2:c8:19:e8:b4:ff:10:da:
         02:82:84:f6:58:f1:10:27:d6:81:10:81:18:b9:0c:2e:2a:91:
         a6:10:25:42:83:19:fa:15:13:b9:4d:99:9f:84:6f:bd:2a:6c:
         0c:5a:3e:ad:bf:13:71:6e:db:1a:fe:61:85:5b:43:af:bf:3c:
         61:1c:c9:70:65:34:eb:dc:2b:20:b7:28:32:e5:31:bb:19:be:
         e9:24:89:e5:9c:45:ed:d3:67:4e:4d:62:51:78:24:31:14:b6:
         e6:df:ad:f8
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUOY2bQpxDOiTgCOTRqTORNUAxUqAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGE1OTllZTY4ZWMzZDMyNWIzOGViZjQ4ZDhmMWQ0ZjA2YWUwNjg5M2Y5ODY3
YTdlOGZkOGI3Nzg2ODYxNzZhM2ExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANIN0OMTBdujO3jewUFR0gFzzv6SKNvcdeZYATx2YEn52OITEW+3FcaNRIps
iE6FYIlZKZmOFMf7gH7wXRIUqFpgnI3qZZzLQmxOvHu1kKWYP+/EnLTsJoAwfDMD
SFnNWS2EpbCGVo/gqEZfVrrRk/AJWZHdwyLmRN4wk/YE1oGP/ZDzxzAwJ64xLbVq
/RNqxrPxKk2koptcqaKwVhBtek0ulPT2ZplJHudqGKSd/SURm6OTaJLAX99dsug0
sC+I702VCBpLvCfVjQkVfiMQmk9dsecjSk+2wAcAIsV+xUb9NfmVOW2zgSo/e3bb
Ac3dJ2/LoiR6WkrRt09gnCT213UCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSL1x3V
djAEgJIFcwnfhDb0qpknzjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Mzk3YjVhODYtNTJiMC00YThjLTg3ZGUtZTZkYTc3ODEyYjQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATP4MA0G
CSqGSIb3DQEBCwUAA4IBAQCMYCpzEGOyzkk/wNQFkFuxqf0CZuzcVl82y01XEXqo
BByWMkSWHPUEdNC3t8Xi6CJUvpr7ZCVRUCEnSkx2QMETiAN+Hvcn2r1TOrOxFkny
5ThW+82elcWcRVfyYQ8zcfwhhFYoV+ZqujJkW/GvXYE9dA8kyNSLN2oA4W6SOaWj
Wjg/qtPBCV6JXLhpw/S8tUlB1Po2G+66IUgKwsgZ6LT/ENoCgoT2WPEQJ9aBEIEY
uQwuKpGmECVCgxn6FRO5TZmfhG+9KmwMWj6tvxNxbtsa/mGFW0OvvzxhHMlwZTTr
3Csgtygy5TG7Gb7pJInlnEXt02dOTWJReCQxFLbm3634
-----END CERTIFICATE-----