Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/97585122-fbed-4029-849a-162097054103.roa
File:                     97585122-fbed-4029-849a-162097054103.roa (raw, json)
Hash identifier:          8CVdrlH2nAwgXAZAHjZPZq+pzws3h1a/PJXAKchPkDw=
Subject key identifier:   14:13:13:0A:37:82:99:3B:60:5F:E1:CE:D4:4A:14:80:18:1C:A5:2C
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       0C13625E9B1C962733AC043CEBCC12C600012D9B
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/97585122-fbed-4029-849a-162097054103.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.72.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:13:62:5e:9b:1c:96:27:33:ac:04:3c:eb:cc:12:c6:00:01:2d:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a0:64:8a:bc:38:62:86:4a:bf:a3:64:b5:5b:
                    ad:7c:fd:d5:c8:94:8c:99:80:bc:5b:25:89:67:c3:
                    99:a4:42:d2:86:f5:b9:eb:d9:09:01:5d:6b:0c:34:
                    f7:08:9a:f0:14:c2:9d:51:13:86:d5:8b:fc:93:27:
                    c9:2e:04:8e:c0:7f:a7:5a:6f:03:69:0c:31:7e:c9:
                    19:ce:4d:98:c3:0b:bf:6e:39:41:c8:c1:89:00:f7:
                    a2:e7:54:bc:b1:60:28:e8:76:51:4b:6b:b2:fd:18:
                    7a:6a:95:40:48:9a:01:cc:77:83:ac:fd:68:eb:a2:
                    fe:b2:a5:fc:0d:1b:34:71:31:7f:89:59:fc:7c:d7:
                    b0:4c:98:46:a1:78:59:5e:cc:30:eb:06:6d:77:c0:
                    0f:87:db:ec:b5:67:cc:32:0f:37:2b:04:03:ac:44:
                    f3:71:d4:40:ba:64:45:3f:9c:f3:60:e7:c8:58:37:
                    c7:4b:01:e4:48:0e:74:89:15:04:34:86:7b:34:63:
                    18:34:e1:a9:af:3b:b2:fd:75:02:c6:da:ec:eb:52:
                    05:24:12:d4:cf:4e:80:e0:9f:ec:49:66:3d:23:4c:
                    31:4e:94:cd:5c:a3:07:46:43:25:90:50:f5:bc:b4:
                    17:e4:f5:24:d0:70:ea:6f:be:fd:60:2d:b1:c8:05:
                    f3:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:13:13:0A:37:82:99:3B:60:5F:E1:CE:D4:4A:14:80:18:1C:A5:2C
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/97585122-fbed-4029-849a-162097054103.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.72.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         80:f0:98:85:6f:58:e3:d9:47:7c:fd:9c:93:84:10:c8:d3:f6:
         f2:bf:d7:ee:81:2e:9c:ad:8a:34:ef:7c:97:c3:45:e9:e9:81:
         7e:65:57:74:b8:33:d6:1c:b5:e7:e0:b9:03:fa:35:b3:21:cb:
         a7:9a:10:97:c1:7e:7c:6d:7f:a0:c0:4d:39:e3:6b:8c:17:d0:
         e1:3c:90:73:4b:d2:20:d2:3e:90:b5:6b:f9:bb:2b:12:bb:82:
         0f:30:14:15:2b:9d:0c:ea:cd:ea:06:f2:8d:f7:b4:3d:87:04:
         47:00:1e:19:86:1e:e2:30:26:85:f9:99:d1:e7:95:ec:cd:4c:
         8e:41:eb:59:d6:5f:2d:d9:7a:03:bc:57:f6:6e:d4:0b:03:f0:
         06:e2:5c:3f:ec:78:ac:4e:da:83:a8:74:ad:9c:52:13:05:ea:
         48:cf:b0:c5:aa:31:d3:19:d6:a6:b6:a0:13:20:f1:41:77:f6:
         45:db:be:53:fe:da:9c:5e:b0:5a:51:5f:1f:e7:61:aa:4a:13:
         37:45:e0:46:c8:de:1a:43:84:38:36:7c:52:e8:64:56:14:13:
         e2:b2:88:ef:78:0d:ad:c1:aa:35:b3:2b:87:3d:25:d2:12:27:
         09:3c:b7:00:39:95:15:a2:fc:aa:0a:6c:62:0e:55:6f:0c:7a:
         6c:e3:c3:90
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUDBNiXpscliczrAQ868wSxgABLZswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAxMjQwMDAwMDBaFw0yNTAyMjgyMzU5NTlaMHoxSTBHBgNV
BAUTQDJkZWU4MzAzMjgzNThmNTUxYTQ0NWI3MGViMzI5MWNkNDQzNGQxNDFjODBj
YTAyZDFlMTIxZTg0NGYyMTA0MzgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALOgZIq8OGKGSr+jZLVbrXz91ciUjJmAvFsliWfDmaRC0ob1uevZCQFdaww0
9wia8BTCnVEThtWL/JMnyS4EjsB/p1pvA2kMMX7JGc5NmMMLv245QcjBiQD3oudU
vLFgKOh2UUtrsv0YemqVQEiaAcx3g6z9aOui/rKl/A0bNHExf4lZ/HzXsEyYRqF4
WV7MMOsGbXfAD4fb7LVnzDIPNysEA6xE83HUQLpkRT+c82DnyFg3x0sB5EgOdIkV
BDSGezRjGDThqa87sv11Asba7OtSBSQS1M9OgOCf7ElmPSNMMU6UzVyjB0ZDJZBQ
9by0F+T1JNBw6m++/WAtscgF81kCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQUExMK
N4KZO2Bf4c7UShSAGBylLDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTc1ODUxMjItZmJlZC00MDI5LTg0OWEtMTYyMDk3MDU0MTAzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNIMA0G
CSqGSIb3DQEBCwUAA4IBAQCA8JiFb1jj2Ud8/ZyThBDI0/byv9fugS6crYo073yX
w0Xp6YF+ZVd0uDPWHLXn4LkD+jWzIcunmhCXwX58bX+gwE0542uMF9DhPJBzS9Ig
0j6QtWv5uysSu4IPMBQVK50M6s3qBvKN97Q9hwRHAB4Zhh7iMCaF+ZnR55XszUyO
QetZ1l8t2XoDvFf2btQLA/AG4lw/7HisTtqDqHStnFITBepIz7DFqjHTGdamtqAT
IPFBd/ZF275T/tqcXrBaUV8f52GqShM3ReBGyN4aQ4Q4NnxS6GRWFBPisojveA2t
wao1syuHPSXSEicJPLcAOZUVovyqCmxiDlVvDHps48OQ
-----END CERTIFICATE-----