Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/63e023f1-83fd-412f-8365-33afe1ac80af.roa
File:                     63e023f1-83fd-412f-8365-33afe1ac80af.roa (raw, json)
Hash identifier:          CP6NNZaEoBCqrclx2v1j3ArGd0rtD8wvgLtKLpyLJ18=
Subject key identifier:   87:2A:BE:2D:A7:23:D9:47:37:D9:F4:81:AA:C2:BC:C4:0C:A1:60:5E
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       0EA7DABA1773AFF3384C02CC4E5387748F220822
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/63e023f1-83fd-412f-8365-33afe1ac80af.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.160.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:a7:da:ba:17:73:af:f3:38:4c:02:cc:4e:53:87:74:8f:22:08:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ea:c0:9b:84:4c:fe:b0:25:06:b1:b5:1f:5d:
                    d1:6a:fa:97:cc:98:7e:10:c4:ef:32:65:4c:06:5a:
                    17:3b:32:2d:06:cc:be:d2:57:83:ef:16:91:72:6b:
                    8b:a6:09:aa:4e:90:53:99:38:ff:68:da:fb:79:2f:
                    2f:e9:6b:02:2c:ff:20:cc:d7:82:13:8c:e1:8f:ab:
                    01:90:a6:fa:be:6e:e0:a8:b3:79:b8:33:72:95:90:
                    7c:78:b4:d0:62:93:5a:7c:5f:72:40:4e:fe:67:dc:
                    8a:ca:87:5d:07:c2:44:7f:d6:58:9a:92:ee:9b:c9:
                    19:7c:c1:44:6d:96:b8:f8:85:01:40:2f:ac:02:b2:
                    1c:61:24:ed:91:f9:dd:60:b0:28:7f:5c:20:ec:19:
                    e7:2e:e5:53:07:f4:05:30:6a:e3:3c:7b:c6:63:5a:
                    2a:e5:92:59:29:96:de:c8:ac:ab:dd:30:78:b3:59:
                    7c:ca:68:db:8e:d0:25:8c:c1:46:9f:19:56:ec:dd:
                    2b:df:3b:a1:00:0c:e4:b4:d6:84:8c:d6:dd:d0:fc:
                    02:bd:86:fb:2f:a9:b9:f0:81:22:c1:60:5f:29:eb:
                    0d:a9:3a:21:86:cb:20:cf:33:9e:d6:d7:99:dc:55:
                    b6:a6:d0:55:37:58:93:69:78:d7:af:2f:76:a4:8e:
                    88:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:2A:BE:2D:A7:23:D9:47:37:D9:F4:81:AA:C2:BC:C4:0C:A1:60:5E
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/63e023f1-83fd-412f-8365-33afe1ac80af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.160.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a4:e5:d1:e6:ce:ef:64:04:f2:3b:6b:d4:28:af:de:c5:87:b5:
         3f:e7:54:47:1e:cf:16:89:05:49:5a:10:b2:f4:48:e0:4c:01:
         09:da:1b:41:13:74:df:27:9d:41:a1:92:87:d2:f0:07:c6:86:
         76:4b:a1:ae:5c:2a:cf:91:1f:62:6d:3d:15:71:bf:e5:f4:71:
         34:2f:99:22:bc:c3:71:ff:e4:56:05:76:4c:b7:c3:bf:64:ff:
         c6:46:b0:2c:32:b1:4d:6d:92:87:29:3a:56:2f:e3:6e:3c:64:
         78:ba:ea:6f:6c:4c:54:a0:75:9d:c2:b6:b2:01:ab:55:cb:fc:
         6d:c1:af:ee:d8:bf:8f:b7:4f:2c:93:19:72:09:4d:c9:31:5d:
         17:10:38:4d:38:99:43:b8:09:b1:88:ee:7c:63:aa:78:2b:20:
         7d:ea:a8:26:89:df:ec:bc:19:58:6a:48:18:fb:b3:68:75:a4:
         8f:4f:8b:cd:c3:81:1f:83:fe:e9:89:36:73:0c:7a:e7:32:1c:
         3c:88:9c:7c:f8:b5:b0:72:6b:f9:fb:a8:ed:f8:d1:1b:a0:ef:
         2e:ac:e8:e6:36:cd:85:2e:02:07:d1:99:a6:19:c4:03:7d:24:
         83:2d:94:33:8c:12:a0:3d:05:23:aa:b2:eb:76:01:39:d2:2a:
         81:b8:61:bb
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUDqfauhdzr/M4TALMTlOHdI8iCCIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGQzZjIyNDZiNjUwMGFmYzI0MmZkYzNmMDYwYWUzZDMxODhiZjY5YjM1ZmNk
ODY3MTE2MDU3NGZkZDU2NWYwNDgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJHqwJuETP6wJQaxtR9d0Wr6l8yYfhDE7zJlTAZaFzsyLQbMvtJXg+8WkXJr
i6YJqk6QU5k4/2ja+3kvL+lrAiz/IMzXghOM4Y+rAZCm+r5u4KizebgzcpWQfHi0
0GKTWnxfckBO/mfcisqHXQfCRH/WWJqS7pvJGXzBRG2WuPiFAUAvrAKyHGEk7ZH5
3WCwKH9cIOwZ5y7lUwf0BTBq4zx7xmNaKuWSWSmW3sisq90weLNZfMpo247QJYzB
Rp8ZVuzdK987oQAM5LTWhIzW3dD8Ar2G+y+pufCBIsFgXynrDak6IYbLIM8zntbX
mdxVtqbQVTdYk2l4168vdqSOiP8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSHKr4t
pyPZRzfZ9IGqwrzEDKFgXjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjNlMDIzZjEtODNmZC00MTJmLTgzNjUtMzNhZmUxYWM4MGFmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOgMA0G
CSqGSIb3DQEBCwUAA4IBAQCk5dHmzu9kBPI7a9Qor97Fh7U/51RHHs8WiQVJWhCy
9EjgTAEJ2htBE3TfJ51BoZKH0vAHxoZ2S6GuXCrPkR9ibT0Vcb/l9HE0L5kivMNx
/+RWBXZMt8O/ZP/GRrAsMrFNbZKHKTpWL+NuPGR4uupvbExUoHWdwrayAatVy/xt
wa/u2L+Pt08skxlyCU3JMV0XEDhNOJlDuAmxiO58Y6p4KyB96qgmid/svBlYakgY
+7NodaSPT4vNw4Efg/7piTZzDHrnMhw8iJx8+LWwcmv5+6jt+NEboO8urOjmNs2F
LgIH0ZmmGcQDfSSDLZQzjBKgPQUjqrLrdgE50iqBuGG7
-----END CERTIFICATE-----