Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4ed45413-5d05-4a62-b756-1f16aacf1cb3.roa
File:                     4ed45413-5d05-4a62-b756-1f16aacf1cb3.roa (raw, json)
Hash identifier:          OpDy3katLxl0/bQloVk8hie13BI1s59WXK4Vxs54JWw=
Subject key identifier:   8C:E7:55:4A:2F:ED:7B:D8:54:93:A1:43:DD:B0:E7:48:30:56:DA:49
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       2BA240B0EF4E160D34532F63D4E5C8978E335E4D
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4ed45413-5d05-4a62-b756-1f16aacf1cb3.roa
Signing time:             Sat 25 Jan 2025 00:00:00 +0000
ROA not before:           Sat 25 Jan 2025 00:00:00 +0000
ROA not after:            Sat 01 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.48.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:a2:40:b0:ef:4e:16:0d:34:53:2f:63:d4:e5:c8:97:8e:33:5e:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jan 25 00:00:00 2025 GMT
            Not After : Mar  1 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9c:e3:ed:14:ba:8e:5c:06:8a:ef:61:36:7a:
                    f4:47:c8:be:fe:0b:17:85:e8:a0:bb:3a:8c:8e:8f:
                    e9:62:6f:e6:5a:d6:0f:ea:c5:4b:77:cd:65:8e:03:
                    4e:1b:11:5d:99:86:24:7d:3d:0b:f7:ed:a1:5e:95:
                    44:f0:99:d2:02:b2:30:e8:6d:14:83:dc:3b:39:36:
                    45:0e:87:a7:21:d9:8e:5d:dc:aa:b7:ed:d6:3d:47:
                    be:f4:3b:e2:32:8f:8a:1a:49:45:0a:a7:1c:e9:c7:
                    bd:9a:24:68:9b:e6:9a:11:90:30:23:d1:36:1d:39:
                    a2:28:2d:fd:17:39:08:32:44:54:16:29:2a:17:21:
                    0f:6f:ba:17:4f:ed:1c:31:05:c8:bc:80:8c:3d:d0:
                    6d:66:4f:29:3f:95:22:fa:e4:2a:a2:7d:76:21:20:
                    92:df:58:fe:07:e0:30:fd:dd:53:90:8c:ae:85:fd:
                    69:47:35:27:29:d6:77:23:ff:ed:b2:f0:96:f0:65:
                    bd:56:4f:0c:11:f9:7e:a5:14:04:4d:7d:d9:a7:e7:
                    73:e3:29:42:20:33:66:26:2a:b9:09:bc:aa:1f:89:
                    45:38:79:76:c5:46:2a:54:b0:d1:ca:bc:76:92:b1:
                    25:f5:ec:a5:71:3e:50:40:0e:39:b0:39:ee:67:f7:
                    4f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:E7:55:4A:2F:ED:7B:D8:54:93:A1:43:DD:B0:E7:48:30:56:DA:49
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4ed45413-5d05-4a62-b756-1f16aacf1cb3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.48.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         9d:ae:62:52:e2:0f:85:dc:23:a2:a9:c1:67:f7:63:be:58:3c:
         c4:12:41:53:b1:dd:91:38:cf:bd:92:28:cd:f5:43:7c:0c:be:
         51:5b:1f:84:ff:59:51:eb:87:c4:1f:4e:29:22:e5:35:32:10:
         e5:2a:9b:22:bc:3a:2f:af:d8:b5:f2:4e:63:c8:28:cb:fb:b9:
         81:6a:b9:aa:0e:e4:fb:0f:d1:57:f6:16:be:0a:26:38:a7:da:
         45:72:3a:02:8b:39:d1:19:3c:53:d5:84:c1:cb:2f:71:fa:2a:
         48:73:13:42:b2:fa:90:70:ae:52:31:f7:b0:c3:ae:7a:71:4e:
         51:25:22:3b:9b:eb:32:3b:34:a4:60:fb:3f:48:97:2a:11:fe:
         ca:9e:37:69:6a:fc:e0:bf:21:bb:c4:27:ee:29:b2:45:80:fe:
         ec:12:61:e5:06:69:3f:b3:96:0f:3a:c2:8c:6c:a0:a5:ba:bc:
         52:75:dd:16:fa:60:cc:f1:09:05:b8:03:16:73:9f:45:ea:e6:
         26:a5:b7:b3:87:f6:2d:5b:02:67:19:bb:dc:c8:14:ef:3c:0f:
         74:84:00:df:ab:53:9b:e7:3d:48:c9:3f:3e:98:af:b0:e0:d9:
         09:47:6c:59:8a:46:1c:ad:0c:0e:a0:71:ea:05:61:7a:33:9d:
         ec:d5:8d:ed
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUK6JAsO9OFg00Uy9j1OXIl44zXk0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAxMjUwMDAwMDBaFw0yNTAzMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQGIzYjkyNTVkYWU2OWFhNmFmYTkyMDViZWM0MjVhYjE4ZTE0YmJjMDM4ZGYz
ZWY2Y2UxYzRkY2M3NGJkM2FhNTAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKGc4+0Uuo5cBorvYTZ69EfIvv4LF4XooLs6jI6P6WJv5lrWD+rFS3fNZY4D
ThsRXZmGJH09C/ftoV6VRPCZ0gKyMOhtFIPcOzk2RQ6HpyHZjl3cqrft1j1HvvQ7
4jKPihpJRQqnHOnHvZokaJvmmhGQMCPRNh05oigt/Rc5CDJEVBYpKhchD2+6F0/t
HDEFyLyAjD3QbWZPKT+VIvrkKqJ9diEgkt9Y/gfgMP3dU5CMroX9aUc1JynWdyP/
7bLwlvBlvVZPDBH5fqUUBE192afnc+MpQiAzZiYquQm8qh+JRTh5dsVGKlSw0cq8
dpKxJfXspXE+UEAOObA57mf3T1cCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSM51VK
L+172FSToUPdsOdIMFbaSTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NGVkNDU0MTMtNWQwNS00YTYyLWI3NTYtMWYxNmFhY2YxY2IzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATMwMA0G
CSqGSIb3DQEBCwUAA4IBAQCdrmJS4g+F3COiqcFn92O+WDzEEkFTsd2ROM+9kijN
9UN8DL5RWx+E/1lR64fEH04pIuU1MhDlKpsivDovr9i18k5jyCjL+7mBarmqDuT7
D9FX9ha+CiY4p9pFcjoCiznRGTxT1YTByy9x+ipIcxNCsvqQcK5SMfeww656cU5R
JSI7m+syOzSkYPs/SJcqEf7KnjdpavzgvyG7xCfuKbJFgP7sEmHlBmk/s5YPOsKM
bKClurxSdd0W+mDM8QkFuAMWc59F6uYmpbezh/YtWwJnGbvcyBTvPA90hADfq1Ob
5z1IyT8+mK+w4NkJR2xZikYcrQwOoHHqBWF6M53s1Y3t
-----END CERTIFICATE-----