Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1daf6597-c039-470d-a015-f42507e1afef.roa
File:                     1daf6597-c039-470d-a015-f42507e1afef.roa (raw, json)
Hash identifier:          3aQxM3vsac+FgT+bZuoP1z4YP5agk9y0/rEPY9z+n1Y=
Subject key identifier:   8D:87:3B:85:74:48:AC:F6:87:BB:DB:93:45:44:A9:A4:3A:16:8E:7B
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       68237421CD454B4438F50D7AE9E72F3F4BD71E7F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1daf6597-c039-470d-a015-f42507e1afef.roa
Signing time:             Mon 31 Mar 2025 21:30:41 +0000
ROA not before:           Mon 31 Mar 2025 21:30:41 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.172.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:23:74:21:cd:45:4b:44:38:f5:0d:7a:e9:e7:2f:3f:4b:d7:1e:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 31 21:30:41 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ae:59:b1:f8:04:ba:a4:20:3b:e6:fa:a3:43:
                    e3:c0:fe:a7:8b:43:d0:4d:df:33:01:0a:cc:f6:48:
                    cd:13:1a:ec:85:13:b7:8a:5d:8d:52:e2:f1:e9:96:
                    a9:d8:dd:d8:27:0b:db:d7:52:e1:cf:c9:f0:72:ac:
                    0f:26:a5:56:4f:8b:9e:55:e3:a7:62:bf:9d:a5:c5:
                    e5:24:60:8f:58:f1:33:68:07:06:47:e6:ef:c1:79:
                    f6:f1:66:28:3e:1e:e6:ce:94:d0:3b:a8:05:fc:c2:
                    95:1b:e4:f8:26:5f:e0:13:bc:48:55:14:24:db:2a:
                    51:1c:f9:29:91:7b:cb:16:a7:09:bc:fa:1d:f1:07:
                    86:5a:a6:cc:8e:76:d6:3e:cf:a8:b1:67:c5:13:d8:
                    0a:aa:53:ff:b8:b7:5f:83:a9:73:62:6d:f4:e1:2f:
                    b6:e3:dc:41:47:4d:c1:c9:c3:59:c8:b0:28:41:d0:
                    cb:54:e3:5f:77:0c:9c:e3:e2:85:7c:8e:8c:b2:9f:
                    01:ea:19:d3:67:59:c3:29:8c:3a:d8:68:dd:81:4c:
                    98:74:94:d9:50:75:61:52:d3:84:12:36:a9:65:ba:
                    b4:4a:f7:42:fc:d1:4d:f4:91:b3:76:fa:a7:9b:03:
                    3e:08:db:b3:cc:b5:eb:42:e7:3a:31:47:2a:0b:07:
                    e4:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:87:3B:85:74:48:AC:F6:87:BB:DB:93:45:44:A9:A4:3A:16:8E:7B
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1daf6597-c039-470d-a015-f42507e1afef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.172.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         72:e2:31:31:5a:90:94:5a:25:11:bf:c2:6d:dc:3e:7e:7e:3d:
         f9:00:95:55:27:6f:4b:58:de:df:fd:b8:88:f0:a0:72:62:e7:
         3e:7f:e9:74:ca:e1:09:00:dd:65:03:d8:78:05:25:5f:04:db:
         38:39:48:8d:b6:57:19:73:e8:c9:b3:04:20:8f:f1:f4:d1:75:
         a5:de:74:35:49:f5:c5:65:a5:4f:e7:70:b8:83:bc:0e:9f:70:
         8f:2d:e7:b2:d6:95:3c:e9:71:73:13:94:92:b2:1d:1c:cd:13:
         7f:0a:9c:31:59:c4:f6:1e:c8:e5:dd:c2:21:cc:51:0a:62:c1:
         e5:6a:0b:26:fe:8e:37:e1:c5:9e:74:50:bf:55:df:a8:50:b7:
         a0:b1:4e:20:5e:c4:fb:d0:dc:9a:a5:32:26:88:a8:f5:80:2f:
         9e:25:ac:fd:67:ff:0e:c1:da:08:94:fc:71:b5:d8:c3:5a:e9:
         21:15:fb:8d:0a:46:a8:dd:13:37:99:f0:f9:88:84:99:c3:fa:
         08:8c:37:d6:e8:2a:6d:f5:a6:33:f3:91:7b:17:a6:d1:f6:71:
         7a:7f:ca:ab:32:13:4c:a1:0c:a6:b0:33:ec:5c:a2:5c:3c:a0:
         68:ed:43:4d:ac:5a:93:14:90:1a:87:19:79:81:0e:be:aa:48:
         aa:8f:f9:ba
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUaCN0Ic1FS0Q49Q166ecvP0vXHn8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMzEyMTMwNDFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGU4YWZiNDg4YTZjYTdmNWEzMGM0ZWY2ODU0ZDUyNWQ4MTg0ZjZjMjU1ODAz
NmE1YjAyMjVhZWEwYzVkZThlN2QxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKquWbH4BLqkIDvm+qND48D+p4tD0E3fMwEKzPZIzRMa7IUTt4pdjVLi8emW
qdjd2CcL29dS4c/J8HKsDyalVk+LnlXjp2K/naXF5SRgj1jxM2gHBkfm78F59vFm
KD4e5s6U0DuoBfzClRvk+CZf4BO8SFUUJNsqURz5KZF7yxanCbz6HfEHhlqmzI52
1j7PqLFnxRPYCqpT/7i3X4Opc2Jt9OEvtuPcQUdNwcnDWciwKEHQy1TjX3cMnOPi
hXyOjLKfAeoZ02dZwymMOtho3YFMmHSU2VB1YVLThBI2qWW6tEr3QvzRTfSRs3b6
p5sDPgjbs8y160LnOjFHKgsH5AsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSNhzuF
dEis9oe725NFRKmkOhaOezAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MWRhZjY1OTctYzAzOS00NzBkLWEwMTUtZjQyNTA3ZTFhZmVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOsMA0G
CSqGSIb3DQEBCwUAA4IBAQBy4jExWpCUWiURv8Jt3D5+fj35AJVVJ29LWN7f/biI
8KByYuc+f+l0yuEJAN1lA9h4BSVfBNs4OUiNtlcZc+jJswQgj/H00XWl3nQ1SfXF
ZaVP53C4g7wOn3CPLeey1pU86XFzE5SSsh0czRN/CpwxWcT2Hsjl3cIhzFEKYsHl
agsm/o434cWedFC/Vd+oULegsU4gXsT70NyapTImiKj1gC+eJaz9Z/8OwdoIlPxx
tdjDWukhFfuNCkao3RM3mfD5iISZw/oIjDfW6Cpt9aYz85F7F6bR9nF6f8qrMhNM
oQymsDPsXKJcPKBo7UNNrFqTFJAahxl5gQ6+qkiqj/m6
-----END CERTIFICATE-----