Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/95019996-0ef4-4f98-90e2-dd7efc004375.roa
File:                     95019996-0ef4-4f98-90e2-dd7efc004375.roa (raw, json)
Hash identifier:          n1xdsEL+nKAr4JKR4AhgFgRoPSJMoWR/KvWbxPuqFQs=
Subject key identifier:   54:54:C4:69:7F:92:2A:02:3D:47:34:03:57:79:FD:70:B3:E8:F8:21
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       27E32BDD89DDBAC505801E86E724DF3B21DED021
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/95019996-0ef4-4f98-90e2-dd7efc004375.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        159.244.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:e3:2b:dd:89:dd:ba:c5:05:80:1e:86:e7:24:df:3b:21:de:d0:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:7d:a9:e7:e9:0f:22:c5:4f:8e:71:9d:e7:da:
                    5a:8c:53:86:4d:27:b7:19:3e:51:6f:00:cd:b3:50:
                    03:35:21:e5:0a:ab:bb:41:e3:13:33:68:d9:f5:bb:
                    df:af:9f:18:25:c4:3f:1c:00:5c:29:4c:53:34:c6:
                    7b:64:1a:13:b9:07:41:ad:56:7a:64:d5:3e:be:d0:
                    09:b2:f4:55:b4:e1:30:d4:0f:84:cb:6b:0f:8d:e7:
                    1e:91:23:63:3a:69:85:ee:9d:c3:3e:35:72:11:93:
                    76:a5:d6:fd:99:0e:3c:50:e2:b2:8a:ed:13:bf:72:
                    2e:e0:7a:05:69:ee:65:22:47:d1:eb:b9:3f:4a:4e:
                    e4:3c:ef:69:1f:8f:15:dd:c1:b4:63:89:0d:35:b6:
                    82:0a:f1:83:af:ce:ca:4b:b5:0b:ce:38:de:e4:e3:
                    3e:ad:7e:f5:7e:02:c8:8b:af:8c:28:68:dd:5e:16:
                    ca:5c:cf:d2:db:82:91:15:d7:a4:f1:29:72:47:9b:
                    e2:82:a0:8f:f5:2a:cb:04:0b:a7:58:65:fe:39:2e:
                    c5:c2:ee:3f:97:6f:5c:22:14:2a:03:7c:ee:2f:e5:
                    66:02:c8:91:19:ae:c6:ad:2c:6f:39:8f:10:d9:74:
                    45:6e:7b:d7:a5:af:e4:f4:4c:0f:87:3f:a5:64:06:
                    92:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:54:C4:69:7F:92:2A:02:3D:47:34:03:57:79:FD:70:B3:E8:F8:21
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/95019996-0ef4-4f98-90e2-dd7efc004375.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.244.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b2:ce:da:b4:ee:91:8e:15:41:43:ef:90:31:e9:bd:c7:41:e3:
         5b:3d:bf:04:87:d8:61:70:46:cf:62:a9:ec:7e:85:7f:f3:24:
         ad:80:c4:b5:a3:21:04:a2:ac:24:fc:63:84:ee:d4:31:41:6a:
         88:8c:58:5c:c7:09:b4:6f:ac:f8:10:c4:77:ae:20:43:52:52:
         7d:48:3f:df:dc:a9:57:ed:ba:0e:9a:83:01:a2:7c:dc:11:22:
         17:dd:a9:53:9e:52:16:5e:93:a4:92:69:fe:69:b0:22:0f:7f:
         b4:56:e1:69:a2:87:d5:ba:fb:e9:a7:80:b2:4f:fe:68:29:94:
         73:ba:81:13:34:7c:e8:d0:b5:d6:28:bc:a4:2e:15:ee:17:97:
         d0:fb:c7:0e:47:b4:85:b1:bd:dc:4a:8f:b2:8d:74:fc:df:3d:
         d2:18:e4:7f:20:9e:95:d0:b7:a1:06:d2:03:5b:f4:c8:84:7d:
         b5:08:51:23:57:30:3a:4e:90:8c:9a:27:b7:76:67:b8:a1:25:
         89:e7:fe:5d:2f:a4:75:aa:09:4e:8b:dd:40:0c:71:a9:1d:98:
         ab:b7:f1:25:e1:4f:e6:c6:fc:db:5d:b9:d2:0b:09:80:b4:e2:
         54:0a:d8:b7:16:d8:5d:b2:6d:83:00:14:c2:96:3d:de:c9:a1:
         b1:37:af:19
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUJ+Mr3YndusUFgB6G5yTfOyHe0CEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ5Nzk3NjY0ZTE0NmI5YzFmNjY0N2E3OGZiOTkzNGU5ZjdjNzhkYzcxNmNj
MTc3NTMyYmI0YTA1Yjg0Y2VlMmIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALV9qefpDyLFT45xnefaWoxThk0ntxk+UW8AzbNQAzUh5Qqru0HjEzNo2fW7
36+fGCXEPxwAXClMUzTGe2QaE7kHQa1WemTVPr7QCbL0VbThMNQPhMtrD43nHpEj
Yzpphe6dwz41chGTdqXW/ZkOPFDisortE79yLuB6BWnuZSJH0eu5P0pO5DzvaR+P
Fd3BtGOJDTW2ggrxg6/Oyku1C8443uTjPq1+9X4CyIuvjCho3V4WylzP0tuCkRXX
pPEpckeb4oKgj/UqywQLp1hl/jkuxcLuP5dvXCIUKgN87i/lZgLIkRmuxq0sbzmP
ENl0RW5716Wv5PRMD4c/pWQGktkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRUVMRp
f5IqAj1HNANXef1ws+j4ITAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTUwMTk5OTYtMGVmNC00Zjk4LTkwZTItZGQ3ZWZjMDA0Mzc1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJ/0MA0G
CSqGSIb3DQEBCwUAA4IBAQCyztq07pGOFUFD75Ax6b3HQeNbPb8Eh9hhcEbPYqns
foV/8yStgMS1oyEEoqwk/GOE7tQxQWqIjFhcxwm0b6z4EMR3riBDUlJ9SD/f3KlX
7boOmoMBonzcESIX3alTnlIWXpOkkmn+abAiD3+0VuFpoofVuvvpp4CyT/5oKZRz
uoETNHzo0LXWKLykLhXuF5fQ+8cOR7SFsb3cSo+yjXT83z3SGOR/IJ6V0LehBtID
W/TIhH21CFEjVzA6TpCMmie3dme4oSWJ5/5dL6R1qglOi91ADHGpHZirt/El4U/m
xvzbXbnSCwmAtOJUCti3Fthdsm2DABTClj3eyaGxN68Z
-----END CERTIFICATE-----