Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5f332a53-b8fa-4d61-9e5a-9ca4e586588d.roa
File:                     5f332a53-b8fa-4d61-9e5a-9ca4e586588d.roa (raw, json)
Hash identifier:          Tu3MQQaedb9/6luoPv50OoqMv9t33aOV4RhqfQ4O0SU=
Subject key identifier:   49:FE:B3:E1:89:61:67:30:2D:02:A0:8D:89:0C:CF:62:27:B0:FB:E9
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       74B1E75904E10D378D5317305A024DF3FE331D8A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5f332a53-b8fa-4d61-9e5a-9ca4e586588d.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        83.129.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:b1:e7:59:04:e1:0d:37:8d:53:17:30:5a:02:4d:f3:fe:33:1d:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:a0:27:5b:90:fc:7e:d6:b9:f9:bf:ac:fb:59:
                    f0:89:b6:8d:b0:05:69:52:16:26:00:36:22:79:4a:
                    f9:f5:f2:ff:34:2f:1b:eb:01:a6:06:c9:a6:e8:ca:
                    35:a5:2f:ff:a0:50:68:00:33:d8:de:95:3e:ed:50:
                    53:ee:ba:c9:72:c2:30:43:7e:5b:af:93:1c:52:5e:
                    33:09:58:3a:99:8a:aa:18:c3:58:76:af:c8:3c:22:
                    a6:c4:0d:e4:ac:17:fe:ab:92:d4:ea:52:4c:c9:05:
                    e7:05:16:bc:0a:2e:8f:b4:15:fa:a0:8b:96:25:e7:
                    90:c6:1c:68:dc:30:fe:a6:25:f9:11:4c:9c:a2:71:
                    23:01:6e:bb:e9:6f:7e:d7:24:ae:db:ab:a4:24:b2:
                    ee:58:a3:55:95:53:40:e9:92:35:1c:56:b6:d8:a7:
                    06:b4:db:fb:e9:44:3d:7f:d0:fe:20:55:a1:a4:28:
                    bc:8d:37:9b:35:5e:17:5f:1c:da:c9:cc:bd:fb:7c:
                    c5:2e:55:a8:ec:21:7f:fb:8c:5b:f8:44:d7:6e:b9:
                    3d:e5:41:02:d1:90:8a:28:d2:3b:13:02:51:7d:a2:
                    4b:1c:cf:4e:f9:87:f0:cb:90:a8:3d:71:39:b9:d9:
                    e3:18:36:d8:6c:76:3e:cc:49:95:60:29:4a:04:fb:
                    b6:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:FE:B3:E1:89:61:67:30:2D:02:A0:8D:89:0C:CF:62:27:B0:FB:E9
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5f332a53-b8fa-4d61-9e5a-9ca4e586588d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.129.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         30:53:d0:33:a5:56:07:64:00:d4:3a:ba:40:42:3b:46:cf:7b:
         34:b7:7f:69:76:56:ab:67:d9:07:c1:ca:ab:4b:fb:4c:14:17:
         5c:ea:88:4b:91:db:7a:91:21:78:a7:50:ae:4a:28:0d:5d:4f:
         89:c2:66:c9:04:5d:e7:2d:48:bc:d7:67:a7:f8:d6:de:21:14:
         0f:f7:1f:57:e2:d1:03:79:88:eb:0b:dd:68:c1:d7:96:cf:69:
         c9:aa:22:ff:0d:c5:92:03:65:16:73:9f:05:39:24:5d:3d:85:
         1f:b9:d9:19:50:a4:a7:05:49:9a:f2:a6:3a:d9:92:b4:cc:69:
         12:67:63:56:68:30:38:be:9d:1f:c0:ed:7a:33:dc:b9:2c:3b:
         5a:1e:dc:50:79:72:ab:03:00:66:fa:50:fb:d1:36:9a:49:46:
         76:47:c2:9e:98:5f:35:7a:ae:b5:48:99:98:f4:15:f9:30:15:
         05:40:77:a4:96:d4:86:fd:0d:20:98:11:f3:83:e6:ab:18:e9:
         aa:01:1a:b8:f9:8d:94:0a:28:95:e4:58:3d:68:28:19:c5:82:
         63:12:6d:cc:fd:a0:9d:7e:d4:cb:dc:21:a9:46:ff:40:65:ec:
         5f:04:84:b6:90:a6:75:94:9d:45:32:13:f8:ca:0a:e1:2d:bc:
         4a:5d:ed:ec
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUdLHnWQThDTeNUxcwWgJN8/4zHYowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAxMjQwMDAwMDBaFw0yNTAyMjgyMzU5NTlaMHoxSTBHBgNV
BAUTQDRjNjJmMjAxNDMyOTc4MWQzZDJiZGVlZmMzZWY3YjBmM2NmMmY3MjFhM2Zi
MGUzYThhNTE1ZDQ5NTE0NWNmOWYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN+gJ1uQ/H7Wufm/rPtZ8Im2jbAFaVIWJgA2InlK+fXy/zQvG+sBpgbJpujK
NaUv/6BQaAAz2N6VPu1QU+66yXLCMEN+W6+THFJeMwlYOpmKqhjDWHavyDwipsQN
5KwX/quS1OpSTMkF5wUWvAouj7QV+qCLliXnkMYcaNww/qYl+RFMnKJxIwFuu+lv
ftckrturpCSy7lijVZVTQOmSNRxWttinBrTb++lEPX/Q/iBVoaQovI03mzVeF18c
2snMvft8xS5VqOwhf/uMW/hE1265PeVBAtGQiijSOxMCUX2iSxzPTvmH8MuQqD1x
ObnZ4xg22Gx2PsxJlWApSgT7tmkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRJ/rPh
iWFnMC0CoI2JDM9iJ7D76TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NWYzMzJhNTMtYjhmYS00ZDYxLTllNWEtOWNhNGU1ODY1ODhkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAFOBMA0G
CSqGSIb3DQEBCwUAA4IBAQAwU9AzpVYHZADUOrpAQjtGz3s0t39pdlarZ9kHwcqr
S/tMFBdc6ohLkdt6kSF4p1CuSigNXU+JwmbJBF3nLUi812en+NbeIRQP9x9X4tED
eYjrC91owdeWz2nJqiL/DcWSA2UWc58FOSRdPYUfudkZUKSnBUma8qY62ZK0zGkS
Z2NWaDA4vp0fwO16M9y5LDtaHtxQeXKrAwBm+lD70TaaSUZ2R8KemF81eq61SJmY
9BX5MBUFQHekltSG/Q0gmBHzg+arGOmqARq4+Y2UCiiV5Fg9aCgZxYJjEm3M/aCd
ftTL3CGpRv9AZexfBIS2kKZ1lJ1FMhP4ygrhLbxKXe3s
-----END CERTIFICATE-----