Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f0cb36ae-21ee-4e99-93c6-e63ae570e483.roa
File:                     f0cb36ae-21ee-4e99-93c6-e63ae570e483.roa (raw, json)
Hash identifier:          rw9PQ3u86Xi7zxY9ebcAAx2wnOftnVY6ggECd1nyaCA=
Subject key identifier:   AA:00:D9:FB:93:55:10:96:68:D5:AB:DF:8C:FB:E1:3A:BF:50:73:B8
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6D40B12B977ADAD0F77DC3CA555DA9229A0ED734
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f0cb36ae-21ee-4e99-93c6-e63ae570e483.roa
Signing time:             Wed 05 Mar 2025 17:51:17 +0000
ROA not before:           Wed 05 Mar 2025 17:51:17 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        193.26.64.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:40:b1:2b:97:7a:da:d0:f7:7d:c3:ca:55:5d:a9:22:9a:0e:d7:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 17:51:17 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:02:81:07:b8:cc:a9:21:0a:de:4c:1a:92:68:
                    b0:7c:56:ff:66:dc:85:3d:b1:08:56:31:95:bb:f5:
                    b0:cc:d6:8b:36:70:47:3f:8a:c0:7d:e3:81:74:8f:
                    1d:c9:8e:db:e2:30:b1:15:77:f3:c2:17:aa:b5:d8:
                    12:2d:54:1b:cd:eb:00:04:cf:be:e4:89:fc:42:90:
                    84:7a:95:90:51:9d:49:ad:eb:64:5c:0b:66:71:09:
                    4c:3b:49:34:8a:30:17:af:10:2c:29:99:fb:af:89:
                    37:ed:db:76:2c:f0:db:f2:4b:75:be:08:71:fb:21:
                    c0:46:50:60:68:c8:4d:ee:02:f4:d0:f1:a5:71:c1:
                    37:77:20:a5:fc:22:c4:a5:09:87:5d:c4:da:29:cf:
                    26:f1:6b:18:ab:a0:46:ce:1e:9e:4b:4e:f1:13:99:
                    d9:6f:b6:7b:dc:69:e8:a9:dc:f1:e1:65:00:a2:f0:
                    41:4b:2a:25:1d:4b:5b:f4:3b:78:e5:a4:14:9e:3b:
                    60:32:e3:9d:b3:74:fd:4f:b2:78:5b:a9:f6:2f:75:
                    51:98:1f:e4:c2:37:5b:fc:28:72:a3:d0:d9:87:f9:
                    00:bf:ef:dc:1c:8c:ca:c3:e2:1c:57:62:67:00:2b:
                    ec:2f:ab:a5:83:ec:36:12:84:20:fe:f1:34:0f:8b:
                    89:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:00:D9:FB:93:55:10:96:68:D5:AB:DF:8C:FB:E1:3A:BF:50:73:B8
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f0cb36ae-21ee-4e99-93c6-e63ae570e483.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         24:df:c5:19:e1:81:43:b9:80:27:cf:1a:a9:e4:a0:98:47:00:
         03:b4:f7:f8:09:4e:cd:f4:d7:d8:fe:5a:6b:f2:d2:c6:2b:51:
         62:c0:ed:61:8e:75:e5:cc:f7:4f:0a:08:8c:a1:b2:38:1e:cc:
         a9:c2:94:4a:a3:7d:c5:58:11:cb:fd:52:05:24:7a:9e:e6:7e:
         fc:93:56:90:73:9a:65:b7:9c:4f:1b:f6:cb:0f:04:e9:b0:2a:
         1b:35:c7:77:4d:7f:ad:f7:21:b2:99:2e:4f:e5:8e:45:54:c7:
         4e:95:fe:27:ac:ea:81:76:b8:af:2f:82:89:c8:6e:94:6f:44:
         e1:d8:ea:ab:4f:7d:49:e8:66:72:5a:77:b0:e2:9f:f6:a2:c7:
         b4:53:77:7e:4d:54:43:1e:8e:ce:04:dd:f4:3b:fb:01:73:17:
         5e:d2:a4:84:10:85:ea:43:c3:92:13:93:36:b9:21:fd:82:fb:
         71:c3:d8:63:69:a0:1f:f0:88:86:f4:53:6d:be:dc:41:e4:77:
         8d:11:9f:5a:90:f8:c0:7a:f5:ab:ac:b5:52:d9:56:ae:5b:ec:
         71:13:57:8a:c9:dd:d1:3e:d0:1f:41:cb:c7:52:d2:88:1d:8f:
         e0:5d:56:a8:76:99:ef:9b:69:9d:a1:91:85:93:11:17:47:c3:
         fb:c5:d4:b5
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUbUCxK5d62tD3fcPKVV2pIpoO1zQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMDUxNzUxMTdaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDBjMTljNjNjZTY2YTUyOTdiMjI4M2FlNmM5MGU3ZDZjZjNiMTE5YTAwOTRk
NDVkNGVhNDM4MjgzZDNiNjk5YjQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPwCgQe4zKkhCt5MGpJosHxW/2bchT2xCFYxlbv1sMzWizZwRz+KwH3jgXSP
HcmO2+IwsRV388IXqrXYEi1UG83rAATPvuSJ/EKQhHqVkFGdSa3rZFwLZnEJTDtJ
NIowF68QLCmZ+6+JN+3bdizw2/JLdb4IcfshwEZQYGjITe4C9NDxpXHBN3cgpfwi
xKUJh13E2inPJvFrGKugRs4enktO8ROZ2W+2e9xp6Knc8eFlAKLwQUsqJR1LW/Q7
eOWkFJ47YDLjnbN0/U+yeFup9i91UZgf5MI3W/wocqPQ2Yf5AL/v3ByMysPiHFdi
ZwAr7C+rpYPsNhKEIP7xNA+LiaUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSqANn7
k1UQlmjVq9+M++E6v1BzuDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZjBjYjM2YWUtMjFlZS00ZTk5LTkzYzYtZTYzYWU1NzBlNDgzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBcEaQDAN
BgkqhkiG9w0BAQsFAAOCAQEAJN/FGeGBQ7mAJ88aqeSgmEcAA7T3+AlOzfTX2P5a
a/LSxitRYsDtYY515cz3TwoIjKGyOB7MqcKUSqN9xVgRy/1SBSR6nuZ+/JNWkHOa
ZbecTxv2yw8E6bAqGzXHd01/rfchspkuT+WORVTHTpX+J6zqgXa4ry+CichulG9E
4djqq099Sehmclp3sOKf9qLHtFN3fk1UQx6OzgTd9Dv7AXMXXtKkhBCF6kPDkhOT
Nrkh/YL7ccPYY2mgH/CIhvRTbb7cQeR3jRGfWpD4wHr1q6y1UtlWrlvscRNXisnd
0T7QH0HLx1LSiB2P4F1WqHaZ75tpnaGRhZMRF0fD+8XUtQ==
-----END CERTIFICATE-----