Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa
File:                     9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa (raw, json)
Hash identifier:          8olG51pXtwEbLFqSTX8J4CQq1zV8+/IpC9eZQKojz/Q=
Subject key identifier:   3E:4E:AC:52:93:DD:34:09:10:FB:2B:0B:99:BF:30:AC:CF:C8:A2:07
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       477C542F3DE37933C7AD920050ACA29F64E298B1
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa
Signing time:             Wed 05 Mar 2025 17:50:15 +0000
ROA not before:           Wed 05 Mar 2025 17:50:15 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.139.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:7c:54:2f:3d:e3:79:33:c7:ad:92:00:50:ac:a2:9f:64:e2:98:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 17:50:15 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:fb:7c:94:01:4f:a8:15:c5:9e:15:af:b2:01:
                    5c:4b:9c:d9:21:f8:5c:fd:0a:03:e9:72:7a:1e:29:
                    e8:0a:13:2a:70:2b:a5:ee:14:84:31:82:a5:5a:ba:
                    0c:f1:84:11:08:f5:26:5d:21:28:99:61:f9:d6:3d:
                    95:50:58:e8:ce:74:97:5a:b0:77:77:eb:66:df:5f:
                    b1:0e:ba:43:49:68:a3:ec:f7:ec:86:a8:b1:09:9e:
                    7b:06:18:97:57:24:4d:90:e9:34:01:8a:4e:62:0b:
                    4d:64:c1:6f:7a:2e:91:69:43:99:93:50:37:6f:31:
                    76:4b:eb:8f:5e:25:92:7f:64:f5:3d:15:5f:c6:0d:
                    ff:16:85:e1:b5:45:60:44:61:d3:1d:f9:87:e2:de:
                    e2:62:ec:fc:b0:68:61:34:51:09:9f:09:ae:15:82:
                    30:20:89:ef:99:bb:91:2e:5c:ca:98:ea:d6:b8:45:
                    4b:f8:a5:b5:bf:b5:5f:82:eb:20:10:7e:83:9f:61:
                    07:8e:66:ef:af:b6:95:50:cb:51:5d:6f:9d:5d:48:
                    6b:11:93:c2:b8:85:59:79:88:74:49:23:dc:dc:5d:
                    be:1d:02:d6:65:6a:24:5a:49:ff:da:08:b3:6a:90:
                    38:7e:8b:d9:75:c9:53:ed:16:be:b7:03:51:59:ea:
                    91:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:4E:AC:52:93:DD:34:09:10:FB:2B:0B:99:BF:30:AC:CF:C8:A2:07
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.139.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         03:c4:f3:50:4b:ec:a3:b9:f4:cb:f7:d5:a2:0f:e3:f3:89:27:
         7e:8d:7b:fa:9f:72:c7:05:d4:bb:74:7e:1c:27:19:d5:f8:ad:
         40:97:4f:66:71:b7:5f:f5:d1:04:01:98:f5:83:5c:ae:9e:e1:
         c7:ee:e2:3a:99:79:e3:e0:c5:58:1e:66:08:d1:18:ed:a9:98:
         76:11:f1:c6:9e:ec:1c:39:01:12:17:39:4f:bb:b1:fb:d2:c6:
         be:aa:87:53:bd:fc:90:c7:6a:ba:63:83:b3:14:61:f3:d2:a1:
         82:61:86:1c:59:a4:71:3a:11:09:d1:6f:2e:6f:9a:42:51:c3:
         89:d9:86:a0:8f:29:ae:ad:de:15:bc:ce:28:d6:4d:72:42:6d:
         18:45:fc:a0:4b:56:7f:4f:51:da:02:a6:d0:05:05:6e:a5:c2:
         19:4a:05:e5:76:e6:47:83:9e:f8:20:4b:70:60:e5:35:5c:04:
         37:79:93:99:5b:37:99:7f:90:84:71:e4:a3:ea:9d:f5:44:e3:
         cf:9a:6f:f1:63:52:b3:6f:91:ff:81:d9:fb:f4:84:b1:4f:ba:
         64:2d:66:28:66:0a:5a:4c:4f:15:db:f9:59:b4:71:c2:10:54:
         58:ad:b3:b6:77:47:87:5b:03:55:5f:e5:ae:46:ba:fa:2f:0e:
         8c:40:ae:74
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUR3xULz3jeTPHrZIAUKyin2TimLEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMDUxNzUwMTVaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGFiNGU1MTIyMzlkNTdkZDI0MjhhOGUyMjExYzg5NDg5NDQxZDBmOTY0ZmVl
YjkwZjAxZGYzMGI2MTMzYzM0MGIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJX7fJQBT6gVxZ4Vr7IBXEuc2SH4XP0KA+lyeh4p6AoTKnArpe4UhDGCpVq6
DPGEEQj1Jl0hKJlh+dY9lVBY6M50l1qwd3frZt9fsQ66Q0loo+z37IaosQmeewYY
l1ckTZDpNAGKTmILTWTBb3oukWlDmZNQN28xdkvrj14lkn9k9T0VX8YN/xaF4bVF
YERh0x35h+Le4mLs/LBoYTRRCZ8JrhWCMCCJ75m7kS5cypjq1rhFS/iltb+1X4Lr
IBB+g59hB45m76+2lVDLUV1vnV1IaxGTwriFWXmIdEkj3Nxdvh0C1mVqJFpJ/9oI
s2qQOH6L2XXJU+0WvrcDUVnqkeECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ+TqxS
k900CRD7KwuZvzCsz8iiBzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWEzZWFlNWMtMDI3ZS00YzM4LWFiOGUtMzMwYjNlNWJhZDk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOLMA0G
CSqGSIb3DQEBCwUAA4IBAQADxPNQS+yjufTL99WiD+PziSd+jXv6n3LHBdS7dH4c
JxnV+K1Al09mcbdf9dEEAZj1g1yunuHH7uI6mXnj4MVYHmYI0RjtqZh2EfHGnuwc
OQESFzlPu7H70sa+qodTvfyQx2q6Y4OzFGHz0qGCYYYcWaRxOhEJ0W8ub5pCUcOJ
2Yagjymurd4VvM4o1k1yQm0YRfygS1Z/T1HaAqbQBQVupcIZSgXlduZHg574IEtw
YOU1XAQ3eZOZWzeZf5CEceSj6p31ROPPmm/xY1Kzb5H/gdn79ISxT7pkLWYoZgpa
TE8V2/lZtHHCEFRYrbO2d0eHWwNVX+WuRrr6Lw6MQK50
-----END CERTIFICATE-----