Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa
File:                     7dc90e26-05aa-40c8-bbd0-967e095d6485.roa (raw, json)
Hash identifier:          ZsUBn8j+Q/R0TYPZhM4GTRPYPt2lOnrgRksniV7Uc3o=
Subject key identifier:   37:77:EE:8F:A2:66:D9:8D:E9:52:7F:BC:9E:79:1B:B8:D2:A1:2D:E9
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6A38FCB885454E22B048D978D653B33BC33BFB59
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        143.65.0.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:38:fc:b8:85:45:4e:22:b0:48:d9:78:d6:53:b3:3b:c3:3b:fb:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f8:53:2b:9c:7c:c6:c7:82:ff:ac:b8:75:51:
                    79:6d:ee:57:a1:9b:0a:a4:c8:fc:98:08:26:f5:53:
                    00:88:87:18:48:b8:ac:20:a3:de:7c:05:d5:56:10:
                    6e:d3:f4:86:92:c3:08:8d:84:e2:8f:09:b0:c3:79:
                    c4:8e:f5:57:47:50:45:64:a1:d8:fc:e7:79:ef:80:
                    bf:4a:94:d2:c5:fe:36:4e:18:55:7d:cb:76:5d:e5:
                    8c:27:d7:7e:64:5c:92:0c:aa:a9:a3:68:54:46:3e:
                    82:61:38:f4:7a:d0:34:50:ed:6c:ac:df:ba:77:37:
                    5a:aa:9c:5b:34:c1:09:a4:2f:47:b6:f9:b7:7b:9a:
                    4e:75:5c:e1:cb:6b:e5:af:bd:ae:a3:c7:54:17:b5:
                    d6:3c:5c:a7:da:62:f2:68:35:91:26:5c:95:54:d9:
                    6b:b1:77:e0:a2:62:63:3c:b3:f5:36:30:6e:31:83:
                    ab:dc:25:6a:77:19:d4:33:a4:b1:05:cd:b1:4f:83:
                    53:74:c8:3c:82:4e:94:a6:48:b4:8c:ea:63:34:5f:
                    c1:05:14:ce:19:c3:e1:26:fc:ba:ff:d0:59:1c:87:
                    4a:4d:d6:d8:88:12:ea:66:96:79:1a:6c:65:ae:ec:
                    da:b2:9b:fd:d6:7b:4c:00:ba:15:d8:6b:2a:4c:62:
                    df:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:77:EE:8F:A2:66:D9:8D:E9:52:7F:BC:9E:79:1B:B8:D2:A1:2D:E9
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.65.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         ce:b2:79:80:9d:a2:08:38:47:64:4c:6b:91:37:dc:30:94:36:
         31:f9:f9:c6:93:d9:f0:56:95:29:10:d1:87:6b:b9:7b:bc:01:
         78:b4:9f:85:1d:bc:12:89:e1:df:8c:c4:58:77:ff:15:28:72:
         c9:1e:b1:49:9f:17:cf:86:b3:b1:be:87:08:b8:e3:e6:1b:f6:
         35:4a:8f:27:1d:3c:85:fc:47:47:ed:37:08:f2:21:ec:36:1c:
         48:83:1e:2f:6f:61:d7:5f:7b:97:62:cd:7c:b8:4f:c4:d8:96:
         0a:89:93:a8:c7:d7:33:29:a2:3f:df:1f:33:d0:e4:b0:c4:ed:
         ef:d3:cf:4c:1e:1d:97:96:ce:72:37:b9:c5:47:66:d6:80:45:
         16:42:76:aa:d9:7a:32:46:30:66:d0:3e:13:f4:65:ed:8a:c6:
         bf:ff:78:00:2e:7c:5d:f2:f6:3b:c6:f8:d8:ab:67:ae:3a:99:
         ca:fa:30:9d:59:16:92:b0:97:3a:00:93:1f:68:be:68:1d:0c:
         dd:6e:2d:ee:a6:cb:72:96:49:0a:02:64:f0:76:dd:9f:6e:d1:
         9d:5e:2a:ca:3f:c6:97:c4:b6:55:12:fa:97:53:dc:85:22:1b:
         53:2e:61:7f:e8:38:00:16:f6:87:ae:8c:17:a0:6f:17:ca:8c:
         f6:73:aa:d8
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUajj8uIVFTiKwSNl41lOzO8M7+1kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGMzNWY1YjhkODYzNzRkMWQyZGU0ZTkyNTIxYTdkMGE1NmIxMjM4NTIwZWRk
OGFkZTBiMTM1NzU4Zjc3YjU5YTkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK/4UyucfMbHgv+suHVReW3uV6GbCqTI/JgIJvVTAIiHGEi4rCCj3nwF1VYQ
btP0hpLDCI2E4o8JsMN5xI71V0dQRWSh2Pznee+Av0qU0sX+Nk4YVX3Ldl3ljCfX
fmRckgyqqaNoVEY+gmE49HrQNFDtbKzfunc3WqqcWzTBCaQvR7b5t3uaTnVc4ctr
5a+9rqPHVBe11jxcp9pi8mg1kSZclVTZa7F34KJiYzyz9TYwbjGDq9wlancZ1DOk
sQXNsU+DU3TIPIJOlKZItIzqYzRfwQUUzhnD4Sb8uv/QWRyHSk3W2IgS6maWeRps
Za7s2rKb/dZ7TAC6FdhrKkxi35kCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQ3d+6P
ombZjelSf7yeeRu40qEt6TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
N2RjOTBlMjYtMDVhYS00MGM4LWJiZDAtOTY3ZTA5NWQ2NDg1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB49BADAN
BgkqhkiG9w0BAQsFAAOCAQEAzrJ5gJ2iCDhHZExrkTfcMJQ2Mfn5xpPZ8FaVKRDR
h2u5e7wBeLSfhR28Eonh34zEWHf/FShyyR6xSZ8Xz4azsb6HCLjj5hv2NUqPJx08
hfxHR+03CPIh7DYcSIMeL29h1197l2LNfLhPxNiWComTqMfXMymiP98fM9DksMTt
79PPTB4dl5bOcje5xUdm1oBFFkJ2qtl6MkYwZtA+E/Rl7YrGv/94AC58XfL2O8b4
2KtnrjqZyvownVkWkrCXOgCTH2i+aB0M3W4t7qbLcpZJCgJk8Hbdn27RnV4qyj/G
l8S2VRL6l1PchSIbUy5hf+g4ABb2h66MF6BvF8qM9nOq2A==
-----END CERTIFICATE-----