Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/41816f61-5ce3-406a-8d78-37c4eafa6915.roa
File:                     41816f61-5ce3-406a-8d78-37c4eafa6915.roa (raw, json)
Hash identifier:          nxBePZ7KUksgTWWKTU/x1ciDkqOWXcWYXGgS9qW7CwU=
Subject key identifier:   A4:5B:C5:BA:2C:E0:08:53:83:28:13:A2:B3:AB:2D:D8:18:B1:7D:34
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5879F46C5DC59991CD375496ABBB12DFF968A0B7
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/41816f61-5ce3-406a-8d78-37c4eafa6915.roa
Signing time:             Wed 05 Mar 2025 17:50:06 +0000
ROA not before:           Wed 05 Mar 2025 17:50:06 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.0.32.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:79:f4:6c:5d:c5:99:91:cd:37:54:96:ab:bb:12:df:f9:68:a0:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 17:50:06 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:87:d9:60:48:fd:0a:43:34:a3:78:65:1d:3a:
                    2f:5c:51:ec:23:0f:b8:b0:a6:7c:24:50:7f:36:a3:
                    97:6a:cd:d6:07:08:b3:78:6b:05:70:65:04:39:b1:
                    1a:b8:09:7b:0f:db:5b:0e:8c:2f:84:12:74:fe:26:
                    fc:c1:7a:df:47:6d:e4:51:02:e7:56:ce:da:62:7f:
                    01:bb:69:da:61:63:a4:9c:45:d0:b8:cd:7e:de:d6:
                    ca:fe:06:51:f2:08:db:fb:2c:c4:91:1c:10:69:d8:
                    11:ab:27:8c:7f:bf:95:be:8f:50:22:33:01:1b:73:
                    b4:d7:34:e9:92:6e:29:1f:53:2a:80:7d:05:dd:f8:
                    47:80:7e:7e:75:7f:c3:cb:f6:05:df:f1:5c:d9:9c:
                    40:43:9c:0c:a6:1d:8c:2f:90:24:db:3f:6d:82:7b:
                    84:cd:68:0f:cc:90:36:db:09:63:64:f9:c0:2a:12:
                    27:b4:f1:70:57:8f:9b:89:99:54:ae:5d:43:8e:4b:
                    7c:93:2e:81:47:97:68:b0:aa:14:2b:ee:40:51:c9:
                    c2:0c:ed:0d:c2:f4:34:a4:ce:d0:ef:46:16:0b:4e:
                    8e:1a:08:c3:4d:77:2c:29:eb:b2:67:63:4e:b3:d5:
                    e5:9b:75:a3:23:5a:4c:8f:8f:04:f4:cd:85:c6:1e:
                    ba:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:5B:C5:BA:2C:E0:08:53:83:28:13:A2:B3:AB:2D:D8:18:B1:7D:34
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/41816f61-5ce3-406a-8d78-37c4eafa6915.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.0.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         ba:44:a4:42:87:a2:20:72:ac:ba:77:07:e9:48:49:34:b8:82:
         14:83:12:dd:2a:f6:c1:c8:e3:99:da:9d:60:cc:f3:0d:2f:5d:
         3a:e6:d7:7b:fe:e8:ea:05:bd:31:2c:97:3d:5c:61:c3:c8:2e:
         fd:e7:c4:f7:53:ed:f5:5d:c6:fc:dd:02:54:fd:d8:59:1d:c1:
         29:3a:52:99:56:02:16:76:ee:be:23:ab:85:39:ce:65:3b:91:
         f0:1d:81:aa:45:8d:73:2a:da:2a:04:e0:cd:ea:10:fc:3d:9f:
         cb:fd:02:d7:6f:32:d4:7a:05:7c:26:14:ed:85:e3:27:7a:9b:
         3f:f0:c9:23:31:4a:8d:46:cf:0a:03:45:ea:17:d0:be:5e:3f:
         66:d2:a7:23:12:0b:d8:7f:0f:ad:23:5a:b1:82:2d:35:6e:73:
         be:83:5a:0e:df:b9:1c:99:32:93:07:74:dc:9e:ef:d0:17:c9:
         52:4d:b6:13:cb:42:eb:95:e7:df:41:b9:8c:dd:f6:84:ce:fd:
         09:67:4f:ab:32:b5:3f:4c:5d:00:cf:ef:79:ab:b1:91:20:f0:
         70:b9:ee:a5:8f:34:12:e0:67:6d:6c:af:cb:2b:dd:c8:12:0b:
         49:90:c5:fa:eb:0d:4d:da:ae:27:95:ba:a9:be:1d:ca:d9:bd:
         23:cb:e9:73
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUWHn0bF3FmZHNN1SWq7sS3/looLcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMDUxNzUwMDZaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDlhODJhZGU5YjQ2YWNiNTQzYjYyYTU3ZTE5MjBhZTc0OGNmNzViNTNlN2I4
ODUzM2E5M2EzZjdmYzgyNjI1MDcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOCH2WBI/QpDNKN4ZR06L1xR7CMPuLCmfCRQfzajl2rN1gcIs3hrBXBlBDmx
GrgJew/bWw6ML4QSdP4m/MF630dt5FEC51bO2mJ/Abtp2mFjpJxF0LjNft7Wyv4G
UfII2/ssxJEcEGnYEasnjH+/lb6PUCIzARtztNc06ZJuKR9TKoB9Bd34R4B+fnV/
w8v2Bd/xXNmcQEOcDKYdjC+QJNs/bYJ7hM1oD8yQNtsJY2T5wCoSJ7TxcFePm4mZ
VK5dQ45LfJMugUeXaLCqFCvuQFHJwgztDcL0NKTO0O9GFgtOjhoIw013LCnrsmdj
TrPV5Zt1oyNaTI+PBPTNhcYeuq0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSkW8W6
LOAIU4MoE6Kzqy3YGLF9NDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDE4MTZmNjEtNWNlMy00MDZhLThkNzgtMzdjNGVhZmE2OTE1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBTMAIDAN
BgkqhkiG9w0BAQsFAAOCAQEAukSkQoeiIHKsuncH6UhJNLiCFIMS3Sr2wcjjmdqd
YMzzDS9dOubXe/7o6gW9MSyXPVxhw8gu/efE91Pt9V3G/N0CVP3YWR3BKTpSmVYC
FnbuviOrhTnOZTuR8B2BqkWNcyraKgTgzeoQ/D2fy/0C128y1HoFfCYU7YXjJ3qb
P/DJIzFKjUbPCgNF6hfQvl4/ZtKnIxIL2H8PrSNasYItNW5zvoNaDt+5HJkykwd0
3J7v0BfJUk22E8tC65Xn30G5jN32hM79CWdPqzK1P0xdAM/veauxkSDwcLnupY80
EuBnbWyvyyvdyBILSZDF+usNTdquJ5W6qb4dytm9I8vpcw==
-----END CERTIFICATE-----