Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d241761a-4c6e-4db3-ba0a-26b2eda6222a.roa
File:                     d241761a-4c6e-4db3-ba0a-26b2eda6222a.roa (raw, json)
Hash identifier:          6Jyxa1RsJ20mirjws4+znyjhe9QTm8Fsqf7XoTIprFE=
Subject key identifier:   34:84:3A:3A:91:32:13:B8:EE:4E:C7:6F:76:E6:F6:FD:97:1D:8B:AD
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       508E777BFD2EF88D3032B3ED64C5E53A0CBADE82
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d241761a-4c6e-4db3-ba0a-26b2eda6222a.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.110.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:8e:77:7b:fd:2e:f8:8d:30:32:b3:ed:64:c5:e5:3a:0c:ba:de:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:a8:cf:a2:8c:d0:7d:cb:21:97:09:e6:90:09:
                    bb:cc:1b:d7:8c:d4:a6:76:af:77:b8:8a:fe:5c:c8:
                    97:86:ed:1a:54:0f:33:6b:b4:13:33:c2:e6:41:ed:
                    82:bd:2b:51:18:ab:bc:73:9f:bc:fc:59:db:09:95:
                    d6:e9:ad:bd:58:0c:18:b4:e4:74:15:38:e2:cb:33:
                    87:73:0a:cc:1f:1b:d7:37:e8:db:f3:d8:4a:eb:21:
                    f4:cd:40:12:1a:df:3b:07:c0:ba:6f:c2:7c:f5:cb:
                    34:ce:e2:28:f2:d8:af:40:22:6c:9c:79:0b:a3:30:
                    c9:44:6a:37:f7:f0:f8:21:db:19:9e:c1:ee:bd:e2:
                    be:68:67:ad:14:cd:60:73:f8:3a:2e:f0:ab:f0:ab:
                    c6:32:18:a7:31:dc:08:67:3e:82:09:56:1e:f7:e9:
                    a1:93:f0:4c:50:38:65:7d:5d:f1:26:73:b1:40:32:
                    50:59:1c:cd:5c:de:33:6d:f0:68:b2:68:36:80:21:
                    11:85:24:fe:e0:dc:e7:bb:f5:67:6b:97:1f:77:8e:
                    de:d2:5b:d1:8b:49:ac:7b:f2:96:2e:47:ef:a4:26:
                    00:a9:86:8c:75:46:ec:9f:4b:8e:6b:50:7c:ea:32:
                    3c:98:2a:dc:b0:17:d4:b2:8d:7a:2a:87:a6:ff:52:
                    52:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:84:3A:3A:91:32:13:B8:EE:4E:C7:6F:76:E6:F6:FD:97:1D:8B:AD
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d241761a-4c6e-4db3-ba0a-26b2eda6222a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.110.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         46:65:2b:a8:fd:ae:be:ef:9c:6b:12:0c:83:e9:f5:96:09:b2:
         e6:1e:be:00:d1:ba:71:05:64:89:f3:97:d1:17:8e:de:ac:44:
         e0:af:6e:7b:33:b0:2e:e5:2e:1f:b4:74:3f:fb:c1:9c:69:d4:
         75:5e:54:b2:fa:ad:2f:8b:83:bc:26:c9:cd:25:2e:d8:c7:a1:
         a1:62:28:87:bc:88:bf:42:89:e0:b1:e1:3e:37:08:33:f6:ca:
         ed:3e:f8:85:2e:c6:13:f6:26:55:27:ac:91:ae:c1:cb:4e:fd:
         48:31:8b:7d:8f:a3:e9:eb:f7:c2:35:8b:2e:6b:c4:9a:c2:94:
         0d:fb:05:c9:2b:4b:4f:7e:fa:56:5d:af:63:97:a6:09:b0:7d:
         bf:83:85:56:aa:d9:bf:b2:18:f9:7b:a4:94:f6:1e:e9:0c:ab:
         e9:70:0a:b1:fa:40:a8:c1:8e:02:12:c8:96:65:36:f2:70:c6:
         1b:6a:96:f8:24:d8:7f:31:d9:97:08:e5:ae:e9:95:0c:f6:9e:
         93:08:c8:96:fe:bc:9a:f4:9f:23:34:12:96:b3:51:4c:23:a0:
         00:cf:21:a7:22:f2:fb:bf:97:55:d5:0f:87:a9:1c:b1:bc:af:
         74:49:22:18:13:c3:a4:fa:2f:21:0f:03:42:07:0e:22:02:ce:
         90:76:19:1a
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUUI53e/0u+I0wMrPtZMXlOgy63oIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDhkYTM4NzdmZTU1OGY4YmIwOWJmOGFkNTMyY2RiODlkZDVhZjNmODVjYWJh
ZTUxNGJlZTA2M2ExYjBiMGQ1MWYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOaoz6KM0H3LIZcJ5pAJu8wb14zUpnavd7iK/lzIl4btGlQPM2u0EzPC5kHt
gr0rURirvHOfvPxZ2wmV1umtvVgMGLTkdBU44sszh3MKzB8b1zfo2/PYSush9M1A
EhrfOwfAum/CfPXLNM7iKPLYr0AibJx5C6MwyURqN/fw+CHbGZ7B7r3ivmhnrRTN
YHP4Oi7wq/CrxjIYpzHcCGc+gglWHvfpoZPwTFA4ZX1d8SZzsUAyUFkczVzeM23w
aLJoNoAhEYUk/uDc57v1Z2uXH3eO3tJb0YtJrHvyli5H76QmAKmGjHVG7J9LjmtQ
fOoyPJgq3LAX1LKNeiqHpv9SUoMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ0hDo6
kTITuO5Ox2925vb9lx2LrTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDI0MTc2MWEtNGM2ZS00ZGIzLWJhMGEtMjZiMmVkYTYyMjJhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNuMA0G
CSqGSIb3DQEBCwUAA4IBAQBGZSuo/a6+75xrEgyD6fWWCbLmHr4A0bpxBWSJ85fR
F47erETgr257M7Au5S4ftHQ/+8GcadR1XlSy+q0vi4O8JsnNJS7Yx6GhYiiHvIi/
QongseE+Nwgz9srtPviFLsYT9iZVJ6yRrsHLTv1IMYt9j6Pp6/fCNYsua8SawpQN
+wXJK0tPfvpWXa9jl6YJsH2/g4VWqtm/shj5e6SU9h7pDKvpcAqx+kCowY4CEsiW
ZTbycMYbapb4JNh/MdmXCOWu6ZUM9p6TCMiW/rya9J8jNBKWs1FMI6AAzyGnIvL7
v5dV1Q+HqRyxvK90SSIYE8Ok+i8hDwNCBw4iAs6Qdhka
-----END CERTIFICATE-----