Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa
File:                     c2c395e2-491c-4141-ba1e-1b3717841063.roa (raw, json)
Hash identifier:          R5TLALdKBShMSAhrsP4v2IdKY/hAsLyWw12jAKwjslE=
Subject key identifier:   B7:B4:8E:63:79:D2:16:AC:50:8E:D9:CB:1E:23:90:6A:40:86:8B:AB
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       039DD517862B8D067EB3EA1FE5BC1221983C1783
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.152.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:9d:d5:17:86:2b:8d:06:7e:b3:ea:1f:e5:bc:12:21:98:3c:17:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:db:42:52:55:e6:4d:d4:92:52:ed:3f:93:84:
                    31:94:bd:f6:94:23:66:f9:38:3a:be:74:2c:da:a6:
                    88:5c:7a:d5:ec:49:ac:9c:33:af:3d:10:8f:33:d3:
                    d4:19:2c:23:5e:80:1e:02:92:5a:50:91:62:ee:26:
                    98:e7:1a:4e:8f:38:67:9e:20:c4:a7:75:87:87:93:
                    f1:31:77:53:40:f6:59:00:03:43:0f:2f:f3:d7:f4:
                    ac:89:c7:a0:b1:94:f2:95:12:2b:7d:14:61:13:18:
                    e9:cc:a1:4b:89:48:bf:55:c1:35:f0:6e:6c:dd:0a:
                    69:f4:fc:ac:97:c6:c6:56:35:2b:0b:da:21:7e:34:
                    8a:47:53:67:f9:54:67:4d:67:41:f5:b2:16:b6:34:
                    c6:51:85:a8:4e:84:05:a1:9b:00:18:19:8c:3b:e6:
                    bd:0c:f8:03:3a:ca:68:07:95:a5:5c:ca:5f:d9:bf:
                    02:82:9a:92:e3:9d:f9:a6:f4:ab:8b:d4:70:08:8c:
                    03:3d:63:5c:bf:aa:0b:31:46:0d:09:96:79:f8:a1:
                    4b:07:73:e3:eb:5d:45:67:2e:38:f1:85:c4:91:6b:
                    f6:89:21:99:66:31:2e:15:24:26:8a:b1:93:af:8e:
                    39:64:94:f5:e0:d4:56:e6:be:fd:2e:83:21:59:1a:
                    cc:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:B4:8E:63:79:D2:16:AC:50:8E:D9:CB:1E:23:90:6A:40:86:8B:AB
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.152.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         8f:26:31:d8:b7:49:00:d5:17:ec:34:a0:ae:91:80:e1:ea:89:
         28:fe:6f:a7:10:c5:75:4c:1e:86:75:64:35:e9:51:48:44:18:
         83:fd:17:c7:a9:7f:6b:78:2c:0c:d4:5b:01:6e:a9:24:df:da:
         5f:28:29:88:b3:98:f2:9e:96:7e:86:c6:8c:89:69:e0:af:43:
         16:fd:8c:d2:2a:4a:7e:c6:eb:b5:0c:b2:eb:ef:f0:bb:46:5e:
         d0:a7:d0:3f:33:31:a5:78:a6:f7:04:04:fd:4b:28:10:4e:c5:
         b5:19:5d:32:1a:5f:27:18:b8:4b:63:7b:e0:94:4c:b7:da:62:
         15:51:3e:1e:74:93:cf:40:9a:04:8e:43:9b:67:ad:e3:37:38:
         88:d9:25:6a:1c:30:67:21:e5:b6:78:55:9d:d0:1c:c8:44:73:
         3f:5f:7d:29:2a:17:10:d0:18:4f:99:fb:10:99:c9:34:ca:49:
         32:5d:5c:cc:ac:9c:41:fb:d4:09:a8:68:da:19:4a:d8:31:88:
         86:55:c3:00:b2:9e:c8:f4:56:df:cf:a4:3e:d6:1d:ca:b4:43:
         f8:90:a4:2c:b3:44:b4:9b:42:9a:9a:32:ff:95:58:2a:bc:d1:
         bb:0a:cc:27:82:9d:4c:d0:f5:b3:1d:5f:04:4a:cb:02:bb:02:
         75:be:2b:79
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUA53VF4YrjQZ+s+of5bwSIZg8F4MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDgzYTExOWFhMzIzYWM3ZTlkYTkyNTBiZGEzZGZjODg1ZjU2YmE3OWZjOGI0
MGEzYzAyYWU4Y2MyYjJjNjAwY2YxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALrbQlJV5k3UklLtP5OEMZS99pQjZvk4Or50LNqmiFx61exJrJwzrz0QjzPT
1BksI16AHgKSWlCRYu4mmOcaTo84Z54gxKd1h4eT8TF3U0D2WQADQw8v89f0rInH
oLGU8pUSK30UYRMY6cyhS4lIv1XBNfBubN0KafT8rJfGxlY1KwvaIX40ikdTZ/lU
Z01nQfWyFrY0xlGFqE6EBaGbABgZjDvmvQz4AzrKaAeVpVzKX9m/AoKakuOd+ab0
q4vUcAiMAz1jXL+qCzFGDQmWefihSwdz4+tdRWcuOPGFxJFr9okhmWYxLhUkJoqx
k6+OOWSU9eDUVua+/S6DIVkazD0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS3tI5j
edIWrFCO2cseI5BqQIaLqzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YzJjMzk1ZTItNDkxYy00MTQxLWJhMWUtMWIzNzE3ODQxMDYzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOYMA0G
CSqGSIb3DQEBCwUAA4IBAQCPJjHYt0kA1RfsNKCukYDh6oko/m+nEMV1TB6GdWQ1
6VFIRBiD/RfHqX9reCwM1FsBbqkk39pfKCmIs5jynpZ+hsaMiWngr0MW/YzSKkp+
xuu1DLLr7/C7Rl7Qp9A/MzGleKb3BAT9SygQTsW1GV0yGl8nGLhLY3vglEy32mIV
UT4edJPPQJoEjkObZ63jNziI2SVqHDBnIeW2eFWd0BzIRHM/X30pKhcQ0BhPmfsQ
mck0ykkyXVzMrJxB+9QJqGjaGUrYMYiGVcMAsp7I9Fbfz6Q+1h3KtEP4kKQss0S0
m0KamjL/lVgqvNG7Cswngp1M0PWzHV8ESssCuwJ1vit5
-----END CERTIFICATE-----