Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4ed45413-5d05-4a62-b756-1f16aacf1cb3.roa
File:                     4ed45413-5d05-4a62-b756-1f16aacf1cb3.roa (raw, json)
Hash identifier:          7WIaJSwVr5BnvK2jJcQH1bxy4UTpcEDjTvvwzK19XuQ=
Subject key identifier:   8B:3C:68:B4:E8:4A:AA:40:E9:5A:E8:53:23:5C:7E:52:6D:1A:57:A9
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5493943FC3FCD9DBD27708815B11B7D98246CDB9
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4ed45413-5d05-4a62-b756-1f16aacf1cb3.roa
Signing time:             Wed 19 Feb 2025 00:40:07 +0000
ROA not before:           Wed 19 Feb 2025 00:40:07 +0000
ROA not after:            Wed 26 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.48.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:93:94:3f:c3:fc:d9:db:d2:77:08:81:5b:11:b7:d9:82:46:cd:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb 19 00:40:07 2025 GMT
            Not After : Mar 26 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:00:be:34:83:7c:9e:8a:05:a4:21:1e:45:df:
                    9c:cb:18:6d:91:ed:4b:49:01:44:c7:f3:cd:9e:6d:
                    16:ce:50:d1:b1:fb:86:a7:9e:dd:18:e8:c7:58:4e:
                    b1:cd:ad:3a:6e:48:77:33:15:44:b2:ee:a2:ce:c8:
                    d9:53:a8:3f:21:42:09:cc:76:7e:fc:83:f3:28:a5:
                    dc:25:94:20:6e:e3:42:0b:94:c2:7c:6f:ed:25:26:
                    66:88:2d:74:cd:d3:bc:8f:3e:93:0e:fc:28:e7:e7:
                    d5:61:42:4e:0f:93:e0:5d:66:ce:02:99:34:21:67:
                    21:96:ed:8b:16:2b:06:7d:f6:a5:8f:f9:2c:27:b3:
                    35:d0:7c:fa:76:49:ca:5a:66:1d:f7:d6:51:3d:85:
                    d3:f0:3a:55:9c:bc:58:e8:b0:a2:68:a9:5b:8a:b1:
                    8f:54:24:c7:c1:79:1e:7a:5b:ea:eb:ae:01:fb:36:
                    13:a0:17:82:7c:38:36:76:f5:88:44:6c:fd:73:c9:
                    f7:d4:82:4c:fa:cf:ae:77:99:2f:77:fd:c5:fd:02:
                    1f:56:b0:28:c3:d0:5b:cf:03:86:5d:3e:c0:02:f4:
                    69:79:68:9c:d8:95:78:4a:1d:b4:e3:92:c5:e5:f9:
                    8b:c9:b4:ce:8e:a7:ef:77:4a:50:c5:af:39:43:46:
                    5b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:3C:68:B4:E8:4A:AA:40:E9:5A:E8:53:23:5C:7E:52:6D:1A:57:A9
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4ed45413-5d05-4a62-b756-1f16aacf1cb3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.48.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         c6:1c:bf:38:28:28:17:c0:3c:d6:a0:a1:91:84:50:43:41:a2:
         7c:ec:24:b8:45:5a:a8:b4:28:21:5e:82:d9:47:c8:78:bd:1a:
         0a:6c:62:ae:bd:c4:14:ff:fb:8f:12:9e:bf:08:9d:8b:41:9b:
         75:3c:92:8d:1f:9a:29:cf:4c:25:38:f6:42:0e:60:d2:69:f7:
         fa:cc:88:a3:3f:82:29:dd:ac:8c:e8:31:b7:82:78:91:11:1e:
         93:f6:37:7d:9e:52:57:5f:5d:00:fa:f3:03:58:25:96:d9:83:
         52:e8:c3:90:b7:1d:97:00:82:bc:91:61:8b:d9:8a:ed:19:0e:
         b1:89:82:0d:09:1c:94:c6:fc:d5:9c:19:2c:09:b5:12:94:b7:
         4c:16:67:b3:5d:78:ab:96:77:15:ef:da:67:89:c4:03:9a:b3:
         bf:cb:06:ea:09:01:43:4e:0b:06:00:7e:bd:a8:f1:56:fb:cf:
         80:a8:b5:1e:84:e2:c8:b0:f0:c6:50:c0:5a:11:43:6c:1f:58:
         a6:af:3f:71:8d:61:83:ae:fe:ac:7d:87:c0:41:54:ae:c1:c8:
         61:92:d0:17:ae:a9:6d:20:b2:8c:90:08:b1:5e:5e:ee:6f:2e:
         1f:f4:bd:b8:6c:96:d6:7d:24:96:7f:4f:d1:f5:a1:6d:66:66:
         bc:f0:ba:a4
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUVJOUP8P82dvSdwiBWxG32YJGzbkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMTkwMDQwMDdaFw0yNTAzMjYyMzU5NTlaMHoxSTBHBgNV
BAUTQDVmYzdlZGJmZmNhYTA0MDhhMjNkODllM2VlYjkwMDI2OTQyODg0MDc2YmUw
MDA0YWQyNjUwOWNmMGQ2YzZlYzMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK8AvjSDfJ6KBaQhHkXfnMsYbZHtS0kBRMfzzZ5tFs5Q0bH7hqee3Rjox1hO
sc2tOm5IdzMVRLLuos7I2VOoPyFCCcx2fvyD8yil3CWUIG7jQguUwnxv7SUmZogt
dM3TvI8+kw78KOfn1WFCTg+T4F1mzgKZNCFnIZbtixYrBn32pY/5LCezNdB8+nZJ
ylpmHffWUT2F0/A6VZy8WOiwomipW4qxj1Qkx8F5Hnpb6uuuAfs2E6AXgnw4Nnb1
iERs/XPJ99SCTPrPrneZL3f9xf0CH1awKMPQW88Dhl0+wAL0aXlonNiVeEodtOOS
xeX5i8m0zo6n73dKUMWvOUNGW70CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSLPGi0
6EqqQOla6FMjXH5SbRpXqTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NGVkNDU0MTMtNWQwNS00YTYyLWI3NTYtMWYxNmFhY2YxY2IzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATMwMA0G
CSqGSIb3DQEBCwUAA4IBAQDGHL84KCgXwDzWoKGRhFBDQaJ87CS4RVqotCghXoLZ
R8h4vRoKbGKuvcQU//uPEp6/CJ2LQZt1PJKNH5opz0wlOPZCDmDSaff6zIijP4Ip
3ayM6DG3gniRER6T9jd9nlJXX10A+vMDWCWW2YNS6MOQtx2XAIK8kWGL2YrtGQ6x
iYINCRyUxvzVnBksCbUSlLdMFmezXXirlncV79pnicQDmrO/ywbqCQFDTgsGAH69
qPFW+8+AqLUehOLIsPDGUMBaEUNsH1imrz9xjWGDrv6sfYfAQVSuwchhktAXrqlt
ILKMkAixXl7uby4f9L24bJbWfSSWf0/R9aFtZma88Lqk
-----END CERTIFICATE-----