Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa
File:                     7dc90e26-05aa-40c8-bbd0-967e095d6485.roa (raw, json)
Hash identifier:          aYYB4d3TOAIGc9q8fZkG82Pe7zGa3aHVyL8iM1BW/58=
Subject key identifier:   59:84:80:14:62:55:29:26:02:21:F7:3D:43:F2:99:7F:16:2B:A3:B8
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       272DF1837050EB95E58E6BF4C60C2D5749F1854E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa
Signing time:             Wed 05 Mar 2025 17:51:01 +0000
ROA not before:           Wed 05 Mar 2025 17:51:01 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        143.65.0.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:2d:f1:83:70:50:eb:95:e5:8e:6b:f4:c6:0c:2d:57:49:f1:85:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 17:51:01 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:3f:7d:2c:1d:bb:66:13:28:81:4b:79:a4:cb:
                    1e:f2:e9:00:ce:b8:d4:0e:b4:df:0c:a6:e4:0b:aa:
                    db:5e:00:a1:73:8c:5b:04:a5:df:10:94:77:26:30:
                    ac:17:ba:18:76:a1:45:7e:83:47:bd:b8:1c:c9:50:
                    16:01:23:32:be:9f:e0:fe:d9:04:29:da:97:87:46:
                    a1:62:25:59:f2:01:c0:bd:21:e1:8d:44:40:7f:cf:
                    6a:6a:8e:1c:f1:81:06:b5:b9:22:3e:48:d3:c6:cb:
                    e5:6d:46:98:7f:c2:26:36:5c:16:c9:c5:19:5c:88:
                    4a:2e:65:bf:46:04:6f:b0:df:39:79:05:75:40:f1:
                    d7:c1:2f:93:f7:2a:a0:ce:54:3c:0b:41:76:d1:7a:
                    ec:89:57:e3:fc:41:41:fb:06:fd:57:92:37:f7:bb:
                    e1:46:46:08:67:62:de:55:cd:40:7c:86:73:c7:a6:
                    d0:27:d5:7c:72:89:09:4f:37:61:08:a5:3f:1b:f0:
                    26:7f:b9:9e:91:bc:c5:be:e4:d8:a7:63:3f:36:d1:
                    c6:a1:cc:ee:6b:a9:ae:82:80:65:00:19:df:75:1d:
                    9e:b1:85:8e:d4:6d:4a:e2:56:2e:ef:fc:81:e0:5f:
                    a8:77:81:cb:18:6e:32:d0:9d:15:c5:23:5b:97:bd:
                    66:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:84:80:14:62:55:29:26:02:21:F7:3D:43:F2:99:7F:16:2B:A3:B8
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.65.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         46:e0:fe:4d:21:88:5f:bf:03:41:b3:8b:b1:bc:3f:af:21:5c:
         23:4f:eb:5e:b3:8b:40:d4:e6:4b:1f:8c:fd:3f:00:c9:9a:f6:
         68:de:00:33:c9:9b:4f:fc:d0:2d:cb:d4:8a:80:fe:3e:85:f4:
         28:c9:80:26:9c:9f:90:db:19:04:26:39:fa:4a:57:e4:03:2d:
         5e:a3:78:07:91:78:6e:d2:d6:22:7f:6e:4f:0b:1d:79:a0:e8:
         4a:89:d1:3a:f0:ed:78:42:a4:be:cf:71:3d:73:c8:f3:3e:47:
         98:6b:e9:93:5e:01:1d:5c:c2:99:b1:12:e1:4c:40:f8:19:c3:
         d9:5a:48:49:1d:7a:75:40:67:20:fa:e8:78:93:01:93:19:c9:
         23:2d:90:4f:a4:d8:84:12:c8:63:08:95:62:9e:85:9a:2b:0b:
         3d:1c:e5:02:55:0f:b1:c6:ff:79:79:f6:44:bf:19:9f:a3:09:
         9d:28:a1:21:40:da:40:02:f5:6d:53:6e:e2:bc:45:8d:d2:ff:
         ac:cb:24:26:de:94:78:86:e4:66:63:8d:eb:dd:69:82:fd:b6:
         47:1c:0c:90:9b:7f:60:d6:7a:ff:99:83:f0:bb:e2:ae:45:eb:
         55:3b:6c:68:d5:4b:ea:5e:d2:58:b3:56:b2:ef:f1:a4:df:d7:
         ff:8f:e8:64
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUJy3xg3BQ65Xljmv0xgwtV0nxhU4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMDUxNzUxMDFaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDA5MzcxYmI2MjQ4NWMzMzBlMDJkNzEzNjkzNTdlY2E5YTM3MzdkMzU4Y2Uy
Y2Y1YzZjNjlkODFjOTYyNmM3ZGYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALg/fSwdu2YTKIFLeaTLHvLpAM641A603wym5Auq214AoXOMWwSl3xCUdyYw
rBe6GHahRX6DR724HMlQFgEjMr6f4P7ZBCnal4dGoWIlWfIBwL0h4Y1EQH/PamqO
HPGBBrW5Ij5I08bL5W1GmH/CJjZcFsnFGVyISi5lv0YEb7DfOXkFdUDx18Evk/cq
oM5UPAtBdtF67IlX4/xBQfsG/VeSN/e74UZGCGdi3lXNQHyGc8em0CfVfHKJCU83
YQilPxvwJn+5npG8xb7k2KdjPzbRxqHM7muproKAZQAZ33UdnrGFjtRtSuJWLu/8
geBfqHeByxhuMtCdFcUjW5e9ZqcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRZhIAU
YlUpJgIh9z1D8pl/FiujuDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
N2RjOTBlMjYtMDVhYS00MGM4LWJiZDAtOTY3ZTA5NWQ2NDg1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB49BADAN
BgkqhkiG9w0BAQsFAAOCAQEARuD+TSGIX78DQbOLsbw/ryFcI0/rXrOLQNTmSx+M
/T8AyZr2aN4AM8mbT/zQLcvUioD+PoX0KMmAJpyfkNsZBCY5+kpX5AMtXqN4B5F4
btLWIn9uTwsdeaDoSonROvDteEKkvs9xPXPI8z5HmGvpk14BHVzCmbES4UxA+BnD
2VpISR16dUBnIProeJMBkxnJIy2QT6TYhBLIYwiVYp6FmisLPRzlAlUPscb/eXn2
RL8Zn6MJnSihIUDaQAL1bVNu4rxFjdL/rMskJt6UeIbkZmON691pgv22RxwMkJt/
YNZ6/5mD8LvirkXrVTtsaNVL6l7SWLNWsu/xpN/X/4/oZA==
-----END CERTIFICATE-----