Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
File:                     67568c6a-cd1a-4586-a397-580b374dbdb0.roa (raw, json)
Hash identifier:          Oy2yaR+hMZp4Ns9eBkuRXNh/wg7iE0Ad9bL8AcoC7DE=
Subject key identifier:   97:D7:D7:66:06:94:A4:C6:2F:65:04:1B:66:98:5F:33:26:82:C4:B0
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5A9331DB3FE18DF96DFDDEB482751A99332037F5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.60.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:93:31:db:3f:e1:8d:f9:6d:fd:de:b4:82:75:1a:99:33:20:37:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f2:6d:30:68:f4:48:4d:71:ab:db:d6:c3:dc:
                    9b:20:9c:5d:42:21:70:b1:24:e4:ce:9a:b6:c7:18:
                    ae:5c:93:7a:ed:b8:af:92:3b:ee:dc:c8:37:4a:b0:
                    21:8a:59:e5:63:e6:95:12:b9:71:21:df:7a:20:55:
                    8f:8e:42:bb:41:2e:eb:5e:bc:57:30:cf:69:4a:ab:
                    59:66:31:36:5a:97:ea:1b:34:a0:8b:75:28:19:1b:
                    41:f9:17:71:c9:d4:07:1c:05:9f:ae:f8:92:8e:00:
                    9c:6e:d4:97:2a:c6:2f:ba:5c:4a:15:3b:4f:fc:a6:
                    05:45:d8:75:1f:ba:0a:28:51:54:41:4d:36:51:0d:
                    a3:f4:1f:e9:e4:88:79:ce:2f:d6:fb:f7:09:6c:75:
                    a5:6f:ad:f9:48:16:ca:dd:9e:03:a3:98:8a:01:ed:
                    ba:c6:44:42:df:1b:bc:49:71:30:0e:3a:74:04:65:
                    a4:56:35:bb:a7:a1:8b:ec:ae:bb:ca:2e:91:34:8d:
                    b6:41:c5:10:ac:50:26:3e:de:ea:73:27:2c:b6:a6:
                    aa:ab:cf:4f:8f:6c:59:86:e4:51:2e:5f:38:6f:30:
                    2f:28:07:ff:0b:d4:bf:ee:da:4d:a3:c7:41:93:ff:
                    25:5f:b9:57:4f:1a:c7:2a:fd:3e:02:d9:98:de:a8:
                    de:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:D7:D7:66:06:94:A4:C6:2F:65:04:1B:66:98:5F:33:26:82:C4:B0
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.60.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5d:fe:dc:0a:bf:50:23:04:e2:d0:62:9c:bf:46:f1:7b:8c:37:
         e3:7a:dd:50:93:25:84:58:17:86:44:c6:b1:f3:73:85:4f:a5:
         60:08:8c:a2:6d:19:9b:7a:fe:51:74:30:18:a9:10:62:85:41:
         f1:07:92:cd:9c:05:5d:6f:25:c7:7f:2f:6f:02:ec:3c:d6:26:
         d1:9c:c6:3e:3f:68:56:8e:67:ad:1d:22:3c:e1:b2:0c:ce:cd:
         c5:4c:87:6a:ab:16:f0:a1:b5:b3:e7:9f:89:6a:c1:33:63:8e:
         48:f0:4a:b5:a5:ca:78:65:61:dc:7e:65:05:19:3e:d1:f4:7a:
         16:71:78:e8:2d:12:d2:60:65:72:e0:88:7a:96:fa:38:e4:2c:
         9f:f7:ef:b1:c5:60:94:d3:21:23:5e:b4:5a:88:4d:6c:4e:9d:
         d7:4f:a2:35:af:d9:57:49:b3:0d:1a:c0:c0:11:ab:7c:4d:96:
         10:06:72:c7:9b:2a:3d:73:87:84:d2:e4:ad:7c:37:7c:51:3e:
         32:81:e3:13:57:45:85:38:99:2c:46:30:44:40:c9:e7:3e:09:
         44:c5:11:6a:90:bd:1c:c9:8b:6c:1c:86:10:c9:42:f1:91:3b:
         1b:52:5d:0e:77:47:8f:93:14:3a:a6:14:1d:90:7c:47:38:4c:
         7e:67:f9:49
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUWpMx2z/hjflt/d60gnUamTMgN/UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGU3MmJkMzc4MzQ3ZWMwMTUzMWU4M2E4ZGRjOWU4NjVhZDNiODZjZTA2ZTJl
NzkzODkzOGQwN2JlZmU3MzcyN2UxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ3ybTBo9EhNcavb1sPcmyCcXUIhcLEk5M6atscYrlyTeu24r5I77tzIN0qw
IYpZ5WPmlRK5cSHfeiBVj45Cu0Eu6168VzDPaUqrWWYxNlqX6hs0oIt1KBkbQfkX
ccnUBxwFn674ko4AnG7UlyrGL7pcShU7T/ymBUXYdR+6CihRVEFNNlENo/Qf6eSI
ec4v1vv3CWx1pW+t+UgWyt2eA6OYigHtusZEQt8bvElxMA46dARlpFY1u6ehi+yu
u8oukTSNtkHFEKxQJj7e6nMnLLamqqvPT49sWYbkUS5fOG8wLygH/wvUv+7aTaPH
QZP/JV+5V08axyr9PgLZmN6o3k8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSX19dm
BpSkxi9lBBtmmF8zJoLEsDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njc1NjhjNmEtY2QxYS00NTg2LWEzOTctNTgwYjM3NGRiZGIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADM8MA0G
CSqGSIb3DQEBCwUAA4IBAQBd/twKv1AjBOLQYpy/RvF7jDfjet1QkyWEWBeGRMax
83OFT6VgCIyibRmbev5RdDAYqRBihUHxB5LNnAVdbyXHfy9vAuw81ibRnMY+P2hW
jmetHSI84bIMzs3FTIdqqxbwobWz55+JasEzY45I8Eq1pcp4ZWHcfmUFGT7R9HoW
cXjoLRLSYGVy4Ih6lvo45Cyf9++xxWCU0yEjXrRaiE1sTp3XT6I1r9lXSbMNGsDA
Eat8TZYQBnLHmyo9c4eE0uStfDd8UT4ygeMTV0WFOJksRjBEQMnnPglExRFqkL0c
yYtsHIYQyULxkTsbUl0Od0ePkxQ6phQdkHxHOEx+Z/lJ
-----END CERTIFICATE-----