Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa
File:                     9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa (raw, json)
Hash identifier:          cNOo0vKJL+IHiNcP/zp+dj0pmT0ITG/lZM0twmGSus0=
Subject key identifier:   2B:C8:F6:3E:F1:84:9C:1E:CB:6E:8E:8D:EA:E7:23:8F:E4:50:29:27
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       183711DFA5B2C719A45913631E4B694B7C4763B5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.139.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:37:11:df:a5:b2:c7:19:a4:59:13:63:1e:4b:69:4b:7c:47:63:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fd:bb:27:93:6a:18:dd:ee:2a:e1:ae:c1:e3:
                    e5:da:75:b1:1b:7f:a7:77:9f:21:eb:30:ef:36:d8:
                    3c:af:de:15:5e:73:d6:3b:c6:8f:be:93:36:75:2e:
                    e0:ec:df:95:25:03:f4:5a:52:7e:d8:d2:02:ae:ff:
                    09:d0:55:43:fb:03:1d:d9:6f:6b:22:af:05:74:78:
                    b3:34:6c:19:0a:b8:85:a1:7f:a8:3e:fe:4d:55:76:
                    7f:a6:82:a1:75:15:3b:a3:17:7f:3d:80:0d:1c:a8:
                    87:a1:04:53:1d:b8:f2:61:45:65:bb:36:d4:0c:40:
                    38:2e:bd:e7:cc:d2:eb:3f:97:70:b5:c6:71:83:83:
                    02:7d:0f:b9:3a:ca:18:94:52:61:ae:79:23:19:ab:
                    6a:3a:99:a6:0a:6a:e9:57:0c:c8:a6:25:1c:06:c9:
                    91:7e:3e:81:8c:a3:e1:91:82:cd:28:c9:1b:2d:00:
                    b8:44:58:78:9c:64:cc:71:d2:66:24:b0:73:cf:72:
                    d4:ca:ce:ba:1b:01:2b:49:1f:ce:73:89:e9:6c:19:
                    87:c4:b3:e3:a7:db:4d:21:1a:62:97:27:2e:f1:5e:
                    c4:09:90:e8:a4:06:60:8e:03:64:77:03:a8:d7:fe:
                    f9:9e:e8:a4:34:f7:ae:f2:9b:17:c0:4c:16:5a:e2:
                    49:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:C8:F6:3E:F1:84:9C:1E:CB:6E:8E:8D:EA:E7:23:8F:E4:50:29:27
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.139.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         51:f6:0d:79:72:ac:91:b3:06:50:9c:b1:91:95:67:23:7a:4c:
         3d:9e:b0:bd:64:35:fd:a8:21:09:e6:ff:e3:ac:3b:45:21:66:
         0f:07:02:39:88:21:1e:28:fd:70:cb:ea:24:6d:04:29:38:55:
         fa:25:21:f5:b3:59:10:a5:9b:4d:8b:6d:40:02:ec:2f:91:c9:
         39:28:7f:0d:ca:b1:d1:88:cc:53:67:da:2e:e5:a5:dd:30:ba:
         d9:e0:52:bd:4d:f6:31:ac:1f:29:6a:71:1e:7d:75:c3:dd:0e:
         21:a6:7f:06:9d:e5:d2:15:ea:ca:37:14:f4:48:cf:fe:50:28:
         03:be:a5:52:f9:8f:01:ba:0b:01:57:8a:9b:03:9b:36:3e:e1:
         7c:61:bb:ec:f3:d1:94:b2:e9:ba:33:f3:ff:a0:38:ae:aa:f0:
         f0:ab:91:12:ef:0b:81:6c:4f:6b:23:31:e8:0e:b2:69:7e:66:
         f7:8d:8e:8b:17:00:3e:e1:6e:d8:b9:f4:7f:42:c4:80:6a:c2:
         29:80:6d:89:1b:d0:01:db:2a:6b:2c:9e:58:14:1c:09:58:27:
         39:d2:20:d9:b7:0e:4e:14:28:ff:ec:09:9d:a1:be:8c:16:de:
         3a:5d:4d:d3:c9:95:d2:fe:98:ec:6e:71:2d:86:89:13:84:54:
         f1:ce:ad:13
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUGDcR36WyxxmkWRNjHktpS3xHY7UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGY2NjM5Y2FjYWZiNzVhZjkxNjA5MjY2Njk4ODc3MDcyNzAwMTkxMmU4Yjgw
YTgzYzM3YTQ2Y2NjZDViMmVjMjkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKD9uyeTahjd7irhrsHj5dp1sRt/p3efIesw7zbYPK/eFV5z1jvGj76TNnUu
4OzflSUD9FpSftjSAq7/CdBVQ/sDHdlvayKvBXR4szRsGQq4haF/qD7+TVV2f6aC
oXUVO6MXfz2ADRyoh6EEUx248mFFZbs21AxAOC6958zS6z+XcLXGcYODAn0PuTrK
GJRSYa55IxmrajqZpgpq6VcMyKYlHAbJkX4+gYyj4ZGCzSjJGy0AuERYeJxkzHHS
ZiSwc89y1MrOuhsBK0kfznOJ6WwZh8Sz46fbTSEaYpcnLvFexAmQ6KQGYI4DZHcD
qNf++Z7opDT3rvKbF8BMFlriSb8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQryPY+
8YScHstujo3q5yOP5FApJzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWEzZWFlNWMtMDI3ZS00YzM4LWFiOGUtMzMwYjNlNWJhZDk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOLMA0G
CSqGSIb3DQEBCwUAA4IBAQBR9g15cqyRswZQnLGRlWcjekw9nrC9ZDX9qCEJ5v/j
rDtFIWYPBwI5iCEeKP1wy+okbQQpOFX6JSH1s1kQpZtNi21AAuwvkck5KH8NyrHR
iMxTZ9ou5aXdMLrZ4FK9TfYxrB8panEefXXD3Q4hpn8GneXSFerKNxT0SM/+UCgD
vqVS+Y8BugsBV4qbA5s2PuF8Ybvs89GUsum6M/P/oDiuqvDwq5ES7wuBbE9rIzHo
DrJpfmb3jY6LFwA+4W7YufR/QsSAasIpgG2JG9AB2yprLJ5YFBwJWCc50iDZtw5O
FCj/7Amdob6MFt46XU3TyZXS/pjsbnEthokThFTxzq0T
-----END CERTIFICATE-----