Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9ebfa348-5910-4667-b4db-cfb5bb3acbc8.roa
File:                     9ebfa348-5910-4667-b4db-cfb5bb3acbc8.roa (raw, json)
Hash identifier:          E19toWEpdZns34KVyYvPzkVs3ICkpLjdCGiWcfKSMhU=
Subject key identifier:   46:1F:01:4D:98:49:77:0B:BE:7A:F6:69:FE:0F:F8:C7:3C:BD:4C:02
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       42A3FFB70C5989F0A57D50102D13F2552E30E14A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9ebfa348-5910-4667-b4db-cfb5bb3acbc8.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.188.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:a3:ff:b7:0c:59:89:f0:a5:7d:50:10:2d:13:f2:55:2e:30:e1:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:75:0a:43:7f:45:c5:1e:29:0a:67:18:51:6e:
                    8b:58:b8:d4:07:8d:bd:24:3f:f0:08:72:1f:34:3b:
                    0e:0a:f0:7d:b2:e5:0d:91:07:f9:19:12:85:fa:4b:
                    e7:00:bd:1d:b5:3e:3c:0b:e6:e3:a7:a1:76:7b:44:
                    cd:f2:78:ed:6c:c3:51:79:82:ed:5d:82:76:2c:89:
                    8c:4d:ab:ed:a4:13:a1:53:37:70:75:e7:7c:f7:2d:
                    d6:a7:d8:de:b5:5d:cd:58:b3:c4:ba:db:62:d8:39:
                    16:a9:f0:59:89:b5:73:4b:90:80:c0:5a:1b:96:65:
                    e2:81:02:0e:b6:27:d7:b8:a2:64:b8:63:0c:9a:d0:
                    87:51:a1:97:d8:75:e0:6d:0f:db:c6:fa:c5:18:62:
                    9c:44:2b:ba:78:6a:ac:98:83:b8:51:41:0f:6f:db:
                    94:4a:9a:ab:1f:97:d2:08:fd:cf:82:c3:ce:6d:f9:
                    30:23:e0:32:cf:7f:cb:bc:48:ed:29:85:73:3a:ba:
                    58:25:34:b1:f4:2f:87:42:b1:b3:62:92:90:9a:1f:
                    b0:8e:93:c3:85:5a:8b:19:b6:87:d8:67:2a:ca:98:
                    a6:c1:15:4e:b8:2f:6d:03:88:f2:4c:2e:cb:75:52:
                    f5:b5:36:a1:4a:55:04:46:a9:69:9c:94:56:e9:41:
                    c4:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:1F:01:4D:98:49:77:0B:BE:7A:F6:69:FE:0F:F8:C7:3C:BD:4C:02
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9ebfa348-5910-4667-b4db-cfb5bb3acbc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.188.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         16:a7:0f:b6:f7:3d:fb:f4:5c:02:44:fc:e5:b0:97:20:f2:dd:
         24:ed:05:d9:e6:d6:dd:35:06:e0:5c:2e:dd:e5:82:26:a9:c9:
         e2:08:be:d9:3d:a9:e8:c6:b4:2f:55:09:db:53:d4:39:d0:c9:
         36:c3:43:6d:2b:55:a8:e8:87:73:b8:e8:fa:53:a4:7b:2b:54:
         e9:54:64:31:93:98:a9:e4:8f:3b:7d:04:5c:6c:f4:8f:58:e3:
         58:3c:0b:90:ee:19:46:ac:1d:5d:d9:40:5f:6e:48:e1:71:28:
         26:a9:6e:ff:e9:bf:02:0c:e4:e9:b1:ba:96:9a:17:ca:6e:99:
         f4:f8:f9:19:19:ff:ca:32:10:1e:a2:b5:73:78:13:71:af:43:
         e1:98:52:68:ce:40:30:aa:c8:72:f0:45:0b:ad:02:fd:90:d4:
         90:a1:60:80:15:40:c8:e2:b4:3e:09:78:f7:00:e2:ad:63:4e:
         5f:bc:d2:06:1d:ee:56:a9:34:84:76:33:2c:65:59:c9:a8:c8:
         c2:3e:e4:3f:04:26:4e:24:0a:5a:03:1d:21:9a:5f:c3:ed:8f:
         28:ca:5d:5a:37:f0:6e:53:b3:cc:fc:79:ce:b2:8d:7a:be:46:
         0a:d0:dc:7a:c1:41:93:c6:d1:74:5c:fc:15:4e:25:dc:35:dc:
         2d:ee:b3:76
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUQqP/twxZifClfVAQLRPyVS4w4UowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDczNDZmZDYxMTVjNzk5ODY5NTg0ZTMwZTMyMjg4MDVhZmJmMGVlMjRlZGMx
ZmVmYzNjODhlNWJjOWM5NDY3NTgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKV1CkN/RcUeKQpnGFFui1i41AeNvSQ/8AhyHzQ7DgrwfbLlDZEH+RkShfpL
5wC9HbU+PAvm46ehdntEzfJ47WzDUXmC7V2CdiyJjE2r7aQToVM3cHXnfPct1qfY
3rVdzVizxLrbYtg5FqnwWYm1c0uQgMBaG5Zl4oECDrYn17iiZLhjDJrQh1Ghl9h1
4G0P28b6xRhinEQrunhqrJiDuFFBD2/blEqaqx+X0gj9z4LDzm35MCPgMs9/y7xI
7SmFczq6WCU0sfQvh0Kxs2KSkJofsI6Tw4Vaixm2h9hnKsqYpsEVTrgvbQOI8kwu
y3VS9bU2oUpVBEapaZyUVulBxKECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRGHwFN
mEl3C7569mn+D/jHPL1MAjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWViZmEzNDgtNTkxMC00NjY3LWI0ZGItY2ZiNWJiM2FjYmM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATO8MA0G
CSqGSIb3DQEBCwUAA4IBAQAWpw+29z379FwCRPzlsJcg8t0k7QXZ5tbdNQbgXC7d
5YImqcniCL7ZPanoxrQvVQnbU9Q50Mk2w0NtK1Wo6IdzuOj6U6R7K1TpVGQxk5ip
5I87fQRcbPSPWONYPAuQ7hlGrB1d2UBfbkjhcSgmqW7/6b8CDOTpsbqWmhfKbpn0
+PkZGf/KMhAeorVzeBNxr0PhmFJozkAwqshy8EULrQL9kNSQoWCAFUDI4rQ+CXj3
AOKtY05fvNIGHe5WqTSEdjMsZVnJqMjCPuQ/BCZOJApaAx0hml/D7Y8oyl1aN/Bu
U7PM/HnOso16vkYK0Nx6wUGTxtF0XPwVTiXcNdwt7rN2
-----END CERTIFICATE-----