Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/de83ab0d-730e-4ba0-9d22-af2c8b7fd8f7.roa
File:                     de83ab0d-730e-4ba0-9d22-af2c8b7fd8f7.roa (raw, json)
Hash identifier:          Fcbmd1d2fMFs0y1rpbm8R5lFTD+Ew593012271qWaJQ=
Subject key identifier:   4C:5F:D4:0A:A0:30:A0:49:6E:6B:D4:C4:C9:5D:68:E8:9A:F7:30:11
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       2397CB7D7DC04B3177778D9D6541A3C789A4502D
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/de83ab0d-730e-4ba0-9d22-af2c8b7fd8f7.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.40.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:97:cb:7d:7d:c0:4b:31:77:77:8d:9d:65:41:a3:c7:89:a4:50:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:49:75:c4:40:e8:64:1d:dd:1d:c6:7e:93:84:
                    cb:1c:1c:32:92:3f:f6:aa:51:ed:77:62:bd:9a:00:
                    27:47:ad:e1:79:02:f8:de:a1:f2:59:ac:0e:b5:1a:
                    fe:1a:40:ad:ee:c2:c8:ec:93:2b:1b:49:5b:7d:fe:
                    a8:fb:de:26:38:d1:18:0d:51:d2:4f:40:ec:c9:c1:
                    3a:57:e9:3b:7e:f9:2f:54:a4:b0:be:87:2c:05:c0:
                    20:87:2c:9e:eb:87:dd:b5:41:ac:c4:b9:27:ea:dc:
                    b0:dc:a0:2b:9b:e8:50:0c:56:6b:aa:8a:d7:2f:e1:
                    4e:f3:9c:f0:03:35:1f:74:7d:3c:1e:5c:99:e6:82:
                    8b:97:95:e5:91:d7:9f:38:83:c4:3d:07:57:7a:18:
                    5f:9c:0e:06:b5:a9:0c:2d:a7:a7:f7:52:79:9e:1a:
                    ba:60:75:0a:d5:39:6c:3b:aa:56:70:77:3a:c6:f7:
                    66:e3:56:e0:b8:7b:9f:db:dc:af:bb:26:24:17:71:
                    29:c2:68:4e:47:fb:7e:7b:3e:bc:a1:0a:bf:5f:59:
                    5c:24:5e:ed:65:34:c1:9b:87:46:7b:a3:0a:5f:63:
                    45:c0:cf:98:1a:03:ab:7a:ca:c1:43:8a:b2:02:e6:
                    d3:0c:af:48:b2:62:18:76:f1:93:8e:f2:b4:19:71:
                    0c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:5F:D4:0A:A0:30:A0:49:6E:6B:D4:C4:C9:5D:68:E8:9A:F7:30:11
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/de83ab0d-730e-4ba0-9d22-af2c8b7fd8f7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.40.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         bb:f6:e6:fb:58:4b:da:d3:63:70:50:9a:ec:20:0e:3a:5e:5c:
         61:8c:4f:f0:d2:56:84:a2:b6:6a:ba:ad:cc:d4:b2:73:8e:d4:
         ba:db:c6:3a:24:c5:fe:d0:d2:d1:2e:dd:27:aa:5a:11:fc:a5:
         54:ee:42:f5:ba:92:ca:03:5b:d2:c3:a0:77:64:18:91:3e:9d:
         b4:ea:c7:f1:43:ea:d1:d1:03:1a:4e:ff:e9:72:ce:12:ac:8a:
         7e:47:08:64:34:3b:af:54:03:c6:11:6b:5e:32:8d:e6:8b:06:
         1b:26:68:aa:78:62:80:4d:08:2e:c3:4e:02:d3:1d:ca:ca:2c:
         56:92:33:11:40:24:0e:59:34:56:56:a9:19:68:b5:26:8d:96:
         0f:cb:02:3f:fc:1b:0e:db:12:76:0c:16:b6:7f:0d:d6:23:73:
         94:76:33:00:f0:c1:3e:52:d3:2c:06:e8:36:fc:69:16:cb:91:
         ba:cc:c8:8f:fa:05:1f:cd:89:df:0e:a0:80:b7:76:e2:28:1e:
         74:79:79:13:66:15:3e:ff:34:6d:13:d2:cf:c3:f3:cd:f7:2a:
         2f:f9:50:89:ce:0b:1e:46:41:dc:5a:c5:3f:9f:0c:f9:30:c7:
         fb:b4:21:11:8d:4f:47:b9:53:9d:37:ce:81:11:5b:e2:b9:a3:
         b0:22:22:67
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUI5fLfX3ASzF3d42dZUGjx4mkUC0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDU2Mzc2ZTJiOWM1NTg5ZTM1Yjc3M2U5NWVmMzVlODFlYjNiN2MzNGMwODk4
MWZlZDRhNjljODNiMTM2ZjM3NzMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKFJdcRA6GQd3R3GfpOEyxwcMpI/9qpR7XdivZoAJ0et4XkC+N6h8lmsDrUa
/hpAre7CyOyTKxtJW33+qPveJjjRGA1R0k9A7MnBOlfpO375L1SksL6HLAXAIIcs
nuuH3bVBrMS5J+rcsNygK5voUAxWa6qK1y/hTvOc8AM1H3R9PB5cmeaCi5eV5ZHX
nziDxD0HV3oYX5wOBrWpDC2np/dSeZ4aumB1CtU5bDuqVnB3Osb3ZuNW4Lh7n9vc
r7smJBdxKcJoTkf7fns+vKEKv19ZXCRe7WU0wZuHRnujCl9jRcDPmBoDq3rKwUOK
sgLm0wyvSLJiGHbxk47ytBlxDI8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRMX9QK
oDCgSW5r1MTJXWjomvcwETAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGU4M2FiMGQtNzMwZS00YmEwLTlkMjItYWYyYzhiN2ZkOGY3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMoMA0G
CSqGSIb3DQEBCwUAA4IBAQC79ub7WEva02NwUJrsIA46XlxhjE/w0laEorZquq3M
1LJzjtS628Y6JMX+0NLRLt0nqloR/KVU7kL1upLKA1vSw6B3ZBiRPp206sfxQ+rR
0QMaTv/pcs4SrIp+RwhkNDuvVAPGEWteMo3miwYbJmiqeGKATQguw04C0x3KyixW
kjMRQCQOWTRWVqkZaLUmjZYPywI//BsO2xJ2DBa2fw3WI3OUdjMA8ME+UtMsBug2
/GkWy5G6zMiP+gUfzYnfDqCAt3biKB50eXkTZhU+/zRtE9LPw/PN9yov+VCJzgse
RkHcWsU/nwz5MMf7tCERjU9HuVOdN86BEVviuaOwIiJn
-----END CERTIFICATE-----