Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/46eb8bb9-8a91-491d-8f3f-9cc4afcf5ecd.roa
File:                     46eb8bb9-8a91-491d-8f3f-9cc4afcf5ecd.roa (raw, json)
Hash identifier:          v7oVLDA7n1FCJPowdzOJ/ALo138SVwytMJ8zJ8XlwQc=
Subject key identifier:   55:F6:D2:39:96:EF:4A:B1:02:BA:E3:7E:1A:1E:C4:58:7A:9C:0A:87
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       03E0448523A55E478525E962FABB02908009C6A0
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/46eb8bb9-8a91-491d-8f3f-9cc4afcf5ecd.roa
Signing time:             Tue 18 Feb 2025 16:40:09 +0000
ROA not before:           Tue 18 Feb 2025 16:40:09 +0000
ROA not after:            Tue 25 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.108.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:e0:44:85:23:a5:5e:47:85:25:e9:62:fa:bb:02:90:80:09:c6:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb 18 16:40:09 2025 GMT
            Not After : Mar 25 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:10:18:e7:b4:09:61:43:ad:9a:88:76:36:c3:
                    af:80:a7:39:5a:cf:57:8f:f5:09:d5:b7:29:39:65:
                    93:50:ff:eb:de:c1:0d:e2:43:15:e6:e3:7a:fd:cf:
                    82:82:62:d7:9d:74:26:fc:5f:1e:5a:0a:97:72:63:
                    3d:1d:57:a8:fe:d9:f7:67:ad:98:26:57:a9:f0:1f:
                    a1:c7:bf:c6:30:30:c6:27:a4:8f:8b:24:62:93:aa:
                    06:d1:96:57:b6:1f:90:ac:5c:57:26:73:f8:da:bf:
                    bf:d0:a7:75:1d:8f:7a:58:1a:65:5f:82:6d:a8:fd:
                    e6:2b:99:26:30:a7:e2:be:65:2c:2a:9c:e3:d3:3f:
                    92:19:4f:6a:31:42:9d:72:73:52:87:7d:88:77:70:
                    93:ad:cb:36:6c:45:3f:1b:d5:d5:56:0b:a2:fd:10:
                    0f:60:ed:42:e0:0c:00:b1:58:cc:16:de:5d:74:53:
                    4b:a0:88:18:2d:91:e9:ae:01:2f:e6:70:67:2b:a5:
                    c8:42:e1:0f:e0:ea:7c:24:c0:48:eb:1a:df:05:c0:
                    c4:92:58:c5:91:a2:f6:d4:95:6a:8f:25:f5:ef:36:
                    99:cc:4d:ee:76:e6:6d:c2:61:de:c6:00:f4:60:a1:
                    0e:6e:da:d9:c7:80:ae:a7:c8:3d:3d:f1:0d:a3:f3:
                    80:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:F6:D2:39:96:EF:4A:B1:02:BA:E3:7E:1A:1E:C4:58:7A:9C:0A:87
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/46eb8bb9-8a91-491d-8f3f-9cc4afcf5ecd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.108.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1f:98:05:c6:41:7e:ca:71:6c:d8:58:5f:bd:e3:bf:1c:01:0d:
         e4:f1:8a:d9:26:a0:7a:6d:9f:5f:cd:b8:4b:77:42:97:cd:bf:
         90:9f:91:19:ba:32:73:5d:f6:28:0e:1b:2e:e3:cc:7d:9e:fb:
         cc:74:04:4a:d2:7f:f8:57:69:9f:d5:2e:e4:6a:1c:61:1e:bf:
         3f:ec:3f:e7:87:d1:ff:09:5e:bc:3f:73:d6:f2:a2:ce:d0:31:
         36:82:bf:f5:6f:56:4f:b5:79:53:55:d0:e6:55:77:28:a3:85:
         64:75:91:ae:dc:f5:06:6d:fe:92:fb:72:ef:7c:c0:9b:3c:10:
         21:f2:fa:b3:2b:5e:89:07:10:fd:4f:73:98:54:85:71:e4:a9:
         18:2a:a7:c0:63:79:4d:52:f1:8c:ae:90:9b:69:1d:6a:ed:5e:
         95:fb:bb:aa:63:8d:89:e7:4f:9b:73:14:4d:4d:4f:82:93:9e:
         e4:2f:23:f3:a1:76:e6:ab:f3:dc:82:18:52:4d:4a:7e:40:9b:
         aa:4e:49:47:fe:ac:44:7a:56:c6:f1:c7:f5:82:13:49:e1:a5:
         67:45:60:e2:f5:21:43:0d:0c:0f:8a:d5:cf:eb:3b:5b:c1:3a:
         a6:27:e7:44:57:75:5b:4a:6f:e7:5f:68:1d:7f:70:80:88:55:
         96:99:c2:44
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUA+BEhSOlXkeFJeli+rsCkIAJxqAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMTgxNjQwMDlaFw0yNTAzMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGI0MTcyMjFkMDI1NzZiYTI1MWJmZjJiMmNkZGU5ZTM2M2JkOWVjMzVlZmYy
YTIxMDJmYjRhZDE1ODI5YWI4YjAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALkQGOe0CWFDrZqIdjbDr4CnOVrPV4/1CdW3KTllk1D/697BDeJDFebjev3P
goJi1510JvxfHloKl3JjPR1XqP7Z92etmCZXqfAfoce/xjAwxiekj4skYpOqBtGW
V7YfkKxcVyZz+Nq/v9CndR2PelgaZV+Cbaj95iuZJjCn4r5lLCqc49M/khlPajFC
nXJzUod9iHdwk63LNmxFPxvV1VYLov0QD2DtQuAMALFYzBbeXXRTS6CIGC2R6a4B
L+ZwZyulyELhD+DqfCTASOsa3wXAxJJYxZGi9tSVao8l9e82mcxN7nbmbcJh3sYA
9GChDm7a2ceArqfIPT3xDaPzgOMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRV9tI5
lu9KsQK6434aHsRYepwKhzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDZlYjhiYjktOGE5MS00OTFkLThmM2YtOWNjNGFmY2Y1ZWNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNsMA0G
CSqGSIb3DQEBCwUAA4IBAQAfmAXGQX7KcWzYWF+9478cAQ3k8YrZJqB6bZ9fzbhL
d0KXzb+Qn5EZujJzXfYoDhsu48x9nvvMdARK0n/4V2mf1S7kahxhHr8/7D/nh9H/
CV68P3PW8qLO0DE2gr/1b1ZPtXlTVdDmVXcoo4VkdZGu3PUGbf6S+3LvfMCbPBAh
8vqzK16JBxD9T3OYVIVx5KkYKqfAY3lNUvGMrpCbaR1q7V6V+7uqY42J50+bcxRN
TU+Ck57kLyPzoXbmq/PcghhSTUp+QJuqTklH/qxEelbG8cf1ghNJ4aVnRWDi9SFD
DQwPitXP6ztbwTqmJ+dEV3VbSm/nX2gdf3CAiFWWmcJE
-----END CERTIFICATE-----