Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5f332a53-b8fa-4d61-9e5a-9ca4e586588d.roa
File:                     5f332a53-b8fa-4d61-9e5a-9ca4e586588d.roa (raw, json)
Hash identifier:          mkBAtwI9I/P3Lxa+72QeRjyZHpDOiPFO3MlxuLb8HoQ=
Subject key identifier:   EE:04:E9:1F:8D:0C:FC:3F:A7:A7:B5:67:04:6C:25:5A:6E:22:89:BD
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       0E64DD2AF5BE7D23A33E13D8F1D5C41A7BA92014
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5f332a53-b8fa-4d61-9e5a-9ca4e586588d.roa
Signing time:             Tue 18 Feb 2025 16:50:01 +0000
ROA not before:           Tue 18 Feb 2025 16:50:01 +0000
ROA not after:            Tue 25 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        83.129.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:64:dd:2a:f5:be:7d:23:a3:3e:13:d8:f1:d5:c4:1a:7b:a9:20:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb 18 16:50:01 2025 GMT
            Not After : Mar 25 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c0:29:cf:d4:06:e4:ac:ba:97:bb:e8:7e:09:
                    00:8a:ca:d4:d7:09:60:35:62:5a:22:19:62:ee:60:
                    10:18:d9:f3:03:b0:d4:1f:45:5b:b0:c7:14:53:35:
                    01:ca:97:20:dc:ca:2f:8d:d1:95:d7:ca:b8:76:c3:
                    72:af:c9:5c:00:8f:b7:bf:8f:f3:f1:23:3e:49:8f:
                    e6:46:26:d3:16:19:1c:3a:b1:70:88:bb:b4:64:0e:
                    ca:5c:eb:a7:7f:89:54:8a:e9:ec:58:7f:43:25:3f:
                    04:b1:77:85:e6:36:ca:2b:ab:2a:3d:9a:b3:6d:f9:
                    4d:f1:b6:56:8a:82:1c:f2:e2:d8:ca:8a:0f:50:fc:
                    bf:7a:ca:13:1f:b8:d4:80:42:e9:88:f9:13:c3:6a:
                    a6:2d:df:bb:41:09:05:58:ea:c8:6b:5d:f9:75:10:
                    a1:6c:67:68:5b:42:f2:28:9e:1f:71:22:87:3d:32:
                    a2:86:95:0d:93:73:e2:00:13:88:7b:66:a2:7c:b6:
                    5c:17:4e:d6:6b:ce:8a:08:96:5c:c2:22:bd:1a:4a:
                    94:d2:dc:24:02:76:fb:a2:43:a8:9e:0b:64:2a:5d:
                    ad:97:5f:13:3b:01:51:cd:9f:a2:82:0a:11:35:56:
                    df:44:4f:a2:32:9e:6b:c9:14:6a:14:5b:15:38:4a:
                    91:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:04:E9:1F:8D:0C:FC:3F:A7:A7:B5:67:04:6C:25:5A:6E:22:89:BD
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5f332a53-b8fa-4d61-9e5a-9ca4e586588d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.129.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         97:04:1f:cf:a5:9d:4e:2a:73:54:03:6e:22:28:9f:b0:03:31:
         33:f8:79:0a:c5:75:5d:5d:bb:c9:a7:b3:03:15:3e:b4:6c:4a:
         ab:75:0b:0c:3c:7d:91:dc:25:19:05:5d:44:25:a2:d4:38:a7:
         72:73:e7:01:44:d6:9c:b5:7d:d2:41:a8:bc:1c:ed:93:0d:b3:
         2e:74:8c:6c:04:ae:c4:66:11:14:90:ce:ab:e4:4b:84:1f:8d:
         25:67:67:2a:70:81:aa:38:be:9e:ba:a2:b8:12:c4:9f:a7:84:
         a2:18:95:4f:de:0f:60:98:6b:d7:a2:ad:5a:9a:da:b5:e2:64:
         da:67:88:31:e3:2b:71:21:15:06:83:4e:08:6a:7f:c9:64:ee:
         31:9a:f6:bd:09:cb:1e:72:4d:27:57:ee:47:b2:43:3a:d0:e2:
         f3:09:14:d8:68:0c:6b:d4:75:35:36:ac:e8:72:23:2b:26:9e:
         2d:ea:58:bc:73:69:92:0d:64:ad:4f:9c:73:2d:28:cd:08:89:
         86:92:ba:58:e1:b6:51:88:75:2b:94:4f:68:db:e8:f6:58:22:
         de:3a:0f:d1:49:be:62:88:fb:90:2b:d3:d3:a7:59:5d:ab:f9:
         74:ed:b0:00:b6:f4:aa:bf:65:4c:b4:8b:ce:a9:30:dd:97:39:
         2d:2e:fe:8c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUDmTdKvW+fSOjPhPY8dXEGnupIBQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMTgxNjUwMDFaFw0yNTAzMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDk4NDM0ZTY4OGVhNzc1M2E1N2NhOTk3YTViNTY4M2I2ODI5NTZlZjIxMjU3
NDhlZTY1YmQ5YTllMzVmYTMzNWIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANLAKc/UBuSsupe76H4JAIrK1NcJYDViWiIZYu5gEBjZ8wOw1B9FW7DHFFM1
AcqXINzKL43RldfKuHbDcq/JXACPt7+P8/EjPkmP5kYm0xYZHDqxcIi7tGQOylzr
p3+JVIrp7Fh/QyU/BLF3heY2yiurKj2as235TfG2VoqCHPLi2MqKD1D8v3rKEx+4
1IBC6Yj5E8Nqpi3fu0EJBVjqyGtd+XUQoWxnaFtC8iieH3Eihz0yooaVDZNz4gAT
iHtmony2XBdO1mvOigiWXMIivRpKlNLcJAJ2+6JDqJ4LZCpdrZdfEzsBUc2fooIK
ETVW30RPojKea8kUahRbFThKkfECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTuBOkf
jQz8P6entWcEbCVabiKJvTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NWYzMzJhNTMtYjhmYS00ZDYxLTllNWEtOWNhNGU1ODY1ODhkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAFOBMA0G
CSqGSIb3DQEBCwUAA4IBAQCXBB/PpZ1OKnNUA24iKJ+wAzEz+HkKxXVdXbvJp7MD
FT60bEqrdQsMPH2R3CUZBV1EJaLUOKdyc+cBRNactX3SQai8HO2TDbMudIxsBK7E
ZhEUkM6r5EuEH40lZ2cqcIGqOL6euqK4EsSfp4SiGJVP3g9gmGvXoq1amtq14mTa
Z4gx4ytxIRUGg04Ian/JZO4xmva9Ccseck0nV+5HskM60OLzCRTYaAxr1HU1Nqzo
ciMrJp4t6li8c2mSDWStT5xzLSjNCImGkrpY4bZRiHUrlE9o2+j2WCLeOg/RSb5i
iPuQK9PTp1ldq/l07bAAtvSqv2VMtIvOqTDdlzktLv6M
-----END CERTIFICATE-----