Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/46b220b9-837f-4174-97e6-c711958273ea.roa
File:                     46b220b9-837f-4174-97e6-c711958273ea.roa (raw, json)
Hash identifier:          RB9nrzPjibzaiGIb9Oy0Ch9n9zJHsEIa1loqvszHIX0=
Subject key identifier:   43:20:76:2D:F6:D1:AA:9D:B9:A8:1E:D6:2D:6D:1A:56:B0:45:8A:94
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       7D7B1BCD2BCDC5DD13E93D180616F452FB4815F9
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/46b220b9-837f-4174-97e6-c711958273ea.roa
Signing time:             Wed 05 Mar 2025 17:51:58 +0000
ROA not before:           Wed 05 Mar 2025 17:51:58 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.78.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:7b:1b:cd:2b:cd:c5:dd:13:e9:3d:18:06:16:f4:52:fb:48:15:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 17:51:58 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:5e:ee:e2:eb:0b:97:81:5a:d0:45:e5:04:72:
                    1f:4f:d1:59:65:c1:a3:15:ce:53:a6:ae:17:35:01:
                    94:30:2d:e9:f1:f7:e7:f8:b6:a6:69:78:91:ba:45:
                    4e:1f:0d:a4:25:97:6d:64:75:b2:50:13:bc:39:f3:
                    4f:57:e3:86:c9:29:10:f0:79:ab:3b:1c:e2:ed:c9:
                    84:ca:93:e1:77:53:a9:5f:c0:cf:0d:f5:3d:a8:9d:
                    ee:66:ce:d0:bb:f5:ff:49:e3:54:1c:fe:57:f8:04:
                    ad:88:10:ed:af:8b:af:82:21:43:e3:3e:ca:f1:76:
                    01:52:df:05:6d:15:36:ad:bd:d1:93:9a:97:40:56:
                    30:ec:1e:e1:94:c1:f4:7d:ce:cc:d8:f8:be:76:01:
                    5b:b3:88:eb:7d:5a:23:9b:62:aa:70:c4:7f:85:ac:
                    e5:7f:11:8e:78:5e:2d:17:15:89:5b:11:f5:ac:4f:
                    ad:3b:e5:47:7a:ad:3e:bb:50:a5:d9:51:7d:f4:d0:
                    ee:38:5f:46:b8:fc:e6:25:b3:b6:ae:ff:67:ed:14:
                    78:7a:ec:fb:42:dd:ea:2a:84:eb:2b:eb:44:09:6c:
                    6b:0a:53:b1:d1:43:70:53:1a:93:e1:04:ae:dc:2e:
                    32:63:48:df:3b:71:5f:e8:c2:5a:e5:28:c4:16:5c:
                    cf:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:20:76:2D:F6:D1:AA:9D:B9:A8:1E:D6:2D:6D:1A:56:B0:45:8A:94
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/46b220b9-837f-4174-97e6-c711958273ea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.78.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0f:1c:0f:e2:aa:c1:69:57:78:0d:0e:a6:47:ff:f0:8a:62:33:
         60:55:6c:24:78:86:35:03:4a:94:af:7b:ae:49:e7:2a:05:62:
         5c:c4:01:d4:d9:83:38:f0:69:f6:a0:dd:07:28:c3:25:94:42:
         e4:cc:8d:0a:50:e1:59:ab:b0:46:c3:bb:8d:46:97:2b:6f:63:
         47:e9:49:fb:1c:ce:04:17:4d:2c:5a:cf:1f:42:1c:0f:85:da:
         30:0d:7c:f4:48:a6:1c:22:7a:c5:19:d9:3d:88:cf:09:7c:a6:
         31:0f:a0:36:94:c0:c7:7b:87:25:7e:eb:77:a8:7b:b2:be:aa:
         dc:f8:4d:78:06:79:01:9a:29:f5:30:fc:cc:b6:b9:93:93:2c:
         42:f0:c3:0d:8e:96:9f:31:75:6c:3b:49:34:e8:50:63:72:55:
         1e:ce:62:71:87:54:02:9a:93:03:14:cc:55:21:3c:eb:42:b9:
         18:6f:f6:f8:95:43:45:7e:79:67:d7:ec:e0:25:44:f5:dd:d0:
         0d:d1:29:73:be:09:06:3e:d2:81:e6:43:3d:5a:29:bd:ea:27:
         1b:6e:13:11:35:c3:d7:b9:a0:85:e0:52:2c:b4:f5:c9:49:5b:
         bc:af:87:70:40:c2:c4:64:ae:60:3d:d8:87:96:ba:62:f7:e1:
         07:77:37:d0
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUfXsbzSvNxd0T6T0YBhb0UvtIFfkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMDUxNzUxNThaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDRlOWFhNmMxNjM0Y2YzZThmZGJiYzZkMzI5OTllZDJkZWVkZTNkODUyNTc0
NDI2MjY5ZTdiNjE0YmJkOWI3MzYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM1e7uLrC5eBWtBF5QRyH0/RWWXBoxXOU6auFzUBlDAt6fH35/i2pml4kbpF
Th8NpCWXbWR1slATvDnzT1fjhskpEPB5qzsc4u3JhMqT4XdTqV/Azw31Paid7mbO
0Lv1/0njVBz+V/gErYgQ7a+Lr4IhQ+M+yvF2AVLfBW0VNq290ZOal0BWMOwe4ZTB
9H3OzNj4vnYBW7OI631aI5tiqnDEf4Ws5X8RjnheLRcViVsR9axPrTvlR3qtPrtQ
pdlRffTQ7jhfRrj85iWztq7/Z+0UeHrs+0Ld6iqE6yvrRAlsawpTsdFDcFMak+EE
rtwuMmNI3ztxX+jCWuUoxBZczxUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRDIHYt
9tGqnbmoHtYtbRpWsEWKlDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDZiMjIwYjktODM3Zi00MTc0LTk3ZTYtYzcxMTk1ODI3M2VhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNOMA0G
CSqGSIb3DQEBCwUAA4IBAQAPHA/iqsFpV3gNDqZH//CKYjNgVWwkeIY1A0qUr3uu
SecqBWJcxAHU2YM48Gn2oN0HKMMllELkzI0KUOFZq7BGw7uNRpcrb2NH6Un7HM4E
F00sWs8fQhwPhdowDXz0SKYcInrFGdk9iM8JfKYxD6A2lMDHe4clfut3qHuyvqrc
+E14BnkBmin1MPzMtrmTkyxC8MMNjpafMXVsO0k06FBjclUezmJxh1QCmpMDFMxV
ITzrQrkYb/b4lUNFfnln1+zgJUT13dAN0SlzvgkGPtKB5kM9Wim96icbbhMRNcPX
uaCF4FIstPXJSVu8r4dwQMLEZK5gPdiHlrpi9+EHdzfQ
-----END CERTIFICATE-----