Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b1f2e92a-59bb-45af-9b7f-630a07248560.roa
File:                     b1f2e92a-59bb-45af-9b7f-630a07248560.roa (raw, json)
Hash identifier:          E0aJqK3JpIPk7j04ZWpzcBzNjHhxUzyl04xnDmzCHGg=
Subject key identifier:   6E:72:95:49:56:E6:A6:0B:07:E8:01:87:CD:A5:06:19:93:FD:9F:63
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       103C64A60747BBED2124C1AB161B5672002B2DD2
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b1f2e92a-59bb-45af-9b7f-630a07248560.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.240.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:3c:64:a6:07:47:bb:ed:21:24:c1:ab:16:1b:56:72:00:2b:2d:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c2:fe:98:a8:10:a5:62:f2:41:36:8b:74:5b:
                    b0:b2:cd:f3:18:5a:7b:dd:1b:4e:6b:7d:15:22:d7:
                    77:47:a0:38:a9:ca:4c:fe:d6:46:8e:48:03:dc:25:
                    75:ee:44:92:fd:5a:ae:1c:8e:38:9a:7f:3e:e6:cf:
                    d4:dd:62:40:20:48:c5:10:57:68:00:88:fd:f1:a7:
                    2d:b5:8e:c7:6f:3b:b3:ac:b0:78:34:6d:07:37:bf:
                    f1:73:c0:b1:51:d2:07:4e:74:23:ad:fe:b6:62:2b:
                    1e:74:fd:df:76:5a:c4:c7:6b:26:be:fc:cd:90:dd:
                    b9:bd:80:2f:db:40:ce:34:5a:8e:d4:39:fe:99:36:
                    42:07:87:5e:ff:d3:2b:01:f5:18:81:c3:60:f7:ab:
                    f6:e9:65:d9:82:bb:d3:5a:39:71:e4:f2:f0:85:07:
                    a8:f5:9d:06:a8:72:16:a8:7e:77:10:e9:30:fd:ac:
                    7c:8b:92:28:ba:96:ea:33:28:50:37:9e:94:a9:05:
                    56:6e:b2:d5:e2:82:78:87:ae:9a:83:ee:6b:ec:7a:
                    46:4b:e6:eb:df:5f:2e:0a:0a:61:ac:03:9b:83:32:
                    2f:51:ea:9a:95:36:a1:51:65:1a:3b:92:a7:99:2d:
                    af:fa:e8:96:3c:e8:2c:f4:45:dc:7f:14:e2:f0:e2:
                    a0:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:72:95:49:56:E6:A6:0B:07:E8:01:87:CD:A5:06:19:93:FD:9F:63
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b1f2e92a-59bb-45af-9b7f-630a07248560.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.240.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9c:89:92:cd:d6:6d:cb:ab:26:1a:cd:b8:3b:3e:62:0d:e8:24:
         28:9e:8d:ef:4e:1c:94:4d:62:bf:6c:aa:f7:0e:ad:a5:b7:ed:
         28:78:12:78:40:eb:30:91:e2:5f:6e:c0:16:2d:56:14:ed:47:
         ea:e3:ce:85:e2:fb:56:d1:a5:36:aa:6a:ca:64:aa:72:3d:ff:
         0f:5f:68:3c:9f:15:45:13:f3:0b:a9:43:ba:a0:ab:28:2e:57:
         e4:ee:c6:08:00:08:e7:2d:86:99:e3:6c:bc:3c:63:f6:c5:18:
         eb:44:a0:3c:ce:00:a7:22:40:4e:34:ac:d0:b0:ea:59:f8:8e:
         75:da:91:d7:79:0c:6a:36:83:c2:cb:b8:92:72:5d:37:e3:7e:
         81:2f:69:2c:0f:42:ca:44:5e:d9:da:18:2f:af:dd:bc:e2:c9:
         af:7a:a1:76:fb:47:72:80:a3:55:35:f1:f9:0d:23:a3:e6:d6:
         70:b8:e2:f4:1b:1d:84:fe:4b:ba:59:f0:27:3f:b0:90:a5:f1:
         a9:8d:21:62:42:46:b0:8e:d9:66:b3:6c:ea:d5:95:7b:02:f5:
         83:5a:e0:6f:45:d8:ed:a7:71:50:aa:33:94:3c:50:e6:4b:75:
         ed:7e:13:67:8e:24:74:d9:13:30:4f:c9:30:7a:2a:0d:af:15:
         d8:73:9a:a3
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUEDxkpgdHu+0hJMGrFhtWcgArLdIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAxMjQwMDAwMDBaFw0yNTAyMjgyMzU5NTlaMHoxSTBHBgNV
BAUTQDQwNzk2NmU4MzdhNjNiMzYyNTI0OTk2MGUwYzM4NWI0ZmQ5OTcwNDcwY2M2
MWEyMjExYWEyNDA5MmEwNDNjZDExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALTC/pioEKVi8kE2i3RbsLLN8xhae90bTmt9FSLXd0egOKnKTP7WRo5IA9wl
de5Ekv1arhyOOJp/PubP1N1iQCBIxRBXaACI/fGnLbWOx287s6yweDRtBze/8XPA
sVHSB050I63+tmIrHnT933ZaxMdrJr78zZDdub2AL9tAzjRajtQ5/pk2QgeHXv/T
KwH1GIHDYPer9ull2YK701o5ceTy8IUHqPWdBqhyFqh+dxDpMP2sfIuSKLqW6jMo
UDeelKkFVm6y1eKCeIeumoPua+x6Rkvm699fLgoKYawDm4MyL1HqmpU2oVFlGjuS
p5ktr/roljzoLPRF3H8U4vDioL8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRucpVJ
VuamCwfoAYfNpQYZk/2fYzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YjFmMmU5MmEtNTliYi00NWFmLTliN2YtNjMwYTA3MjQ4NTYwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADPwMA0G
CSqGSIb3DQEBCwUAA4IBAQCciZLN1m3LqyYazbg7PmIN6CQono3vThyUTWK/bKr3
Dq2lt+0oeBJ4QOswkeJfbsAWLVYU7Ufq486F4vtW0aU2qmrKZKpyPf8PX2g8nxVF
E/MLqUO6oKsoLlfk7sYIAAjnLYaZ42y8PGP2xRjrRKA8zgCnIkBONKzQsOpZ+I51
2pHXeQxqNoPCy7iScl03436BL2ksD0LKRF7Z2hgvr9284smveqF2+0dygKNVNfH5
DSOj5tZwuOL0Gx2E/ku6WfAnP7CQpfGpjSFiQkawjtlms2zq1ZV7AvWDWuBvRdjt
p3FQqjOUPFDmS3XtfhNnjiR02RMwT8kweioNrxXYc5qj
-----END CERTIFICATE-----