Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/46eb8bb9-8a91-491d-8f3f-9cc4afcf5ecd.roa
File:                     46eb8bb9-8a91-491d-8f3f-9cc4afcf5ecd.roa (raw, json)
Hash identifier:          k+MBf67w7HEpheYn7eZGb3lqM+jyfTzmRAH7y0zC2Ss=
Subject key identifier:   25:BB:26:41:FF:63:29:51:27:BC:A9:68:5B:9D:7E:D8:DD:1C:6E:62
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       2018EE03E8D9CE7DF37B6A351876088105C7EE65
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/46eb8bb9-8a91-491d-8f3f-9cc4afcf5ecd.roa
Signing time:             Mon 17 Mar 2025 15:40:53 +0000
ROA not before:           Mon 17 Mar 2025 15:40:53 +0000
ROA not after:            Mon 21 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.108.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:18:ee:03:e8:d9:ce:7d:f3:7b:6a:35:18:76:08:81:05:c7:ee:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 17 15:40:53 2025 GMT
            Not After : Apr 21 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:68:40:f0:63:da:f8:98:64:cf:1c:7a:b3:50:
                    91:3c:b6:11:f4:f5:63:0a:d1:76:87:c2:df:49:9f:
                    44:fb:81:5c:19:89:61:25:68:2c:b7:ba:eb:11:32:
                    e9:b1:69:8f:00:66:38:d7:ac:d5:a7:d1:5d:9a:5a:
                    d8:4a:2a:44:17:fd:63:02:4c:5a:fb:01:98:66:e6:
                    92:04:f8:72:4e:4a:32:93:ea:15:60:d0:09:10:bc:
                    db:31:b2:47:f5:df:35:6d:25:ff:6f:f2:6f:b8:13:
                    4b:8f:1b:e2:d4:22:5d:a5:14:67:84:d0:84:97:38:
                    33:d0:31:46:68:23:9d:c0:5b:f1:47:56:59:8a:c5:
                    20:04:2f:0a:73:43:2e:c0:46:34:22:37:af:8c:89:
                    7b:ce:d5:a1:a7:40:92:83:5f:ef:de:32:db:89:d5:
                    e1:3f:c2:03:4b:70:b3:da:23:a9:ad:d3:49:56:7e:
                    3a:73:3e:60:1b:84:0c:bc:0c:51:89:de:c8:ea:df:
                    d4:6a:92:10:d6:f1:58:f3:35:f5:22:dc:91:43:6f:
                    e2:c4:79:27:3c:99:28:21:78:a7:78:c7:bb:77:e4:
                    f2:fd:76:c4:4e:9b:b4:25:73:b9:12:11:17:dd:59:
                    98:1e:cf:05:4b:ff:37:0e:d1:b0:f3:b5:d3:46:b0:
                    2a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:BB:26:41:FF:63:29:51:27:BC:A9:68:5B:9D:7E:D8:DD:1C:6E:62
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/46eb8bb9-8a91-491d-8f3f-9cc4afcf5ecd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.108.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4b:d0:b2:a6:14:4a:84:34:18:b9:2a:00:0b:ef:b3:f4:ff:00:
         d4:50:a5:59:6c:0a:9a:54:a6:9f:57:01:9f:32:61:7b:14:2b:
         56:bc:db:ac:d2:3c:86:09:a0:ad:1c:65:8a:47:50:70:d0:6b:
         fa:c7:7b:b2:64:39:40:0c:26:0b:9f:8a:00:15:4e:71:89:f0:
         26:04:46:3c:e5:eb:cb:72:65:5e:76:7b:56:a1:ae:d9:df:3d:
         80:76:dd:0b:99:98:b6:f4:68:4a:bc:be:b6:4e:ab:ca:fb:d1:
         8f:41:54:8e:d6:bc:38:9c:a4:52:f9:93:86:7c:f2:e0:49:f5:
         e6:45:94:6e:fd:04:4d:8a:59:2c:39:5e:01:5c:bd:6d:fd:37:
         22:c2:8d:d6:ea:71:04:46:80:62:3c:2a:56:e7:0f:fb:50:d2:
         0e:cf:fb:ef:46:65:29:06:44:d0:ed:5e:b6:91:93:b4:31:c5:
         30:86:a7:99:60:26:d4:97:b3:4e:ce:1c:f6:ff:4e:d2:57:db:
         e9:3a:fa:0a:9e:3d:f8:05:d5:e5:71:62:a2:53:55:24:ca:c1:
         7a:14:de:a9:12:68:c8:1a:b1:3e:38:35:16:34:3b:d0:a3:f3:
         e3:08:86:72:5b:e4:a6:44:09:5c:b3:fd:36:ed:79:6a:fe:87:
         5a:d6:48:3f
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUIBjuA+jZzn3ze2o1GHYIgQXH7mUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMTcxNTQwNTNaFw0yNTA0MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDJmMzhlMjhiODM5NWFlYTE0NzlkOTJjNDc3YzU5YTM4NTZmOWYyOTI2MmRm
NWEwMjBiYWZhNGNjODI1NTg2NTcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOZoQPBj2viYZM8cerNQkTy2EfT1YwrRdofC30mfRPuBXBmJYSVoLLe66xEy
6bFpjwBmONes1afRXZpa2EoqRBf9YwJMWvsBmGbmkgT4ck5KMpPqFWDQCRC82zGy
R/XfNW0l/2/yb7gTS48b4tQiXaUUZ4TQhJc4M9AxRmgjncBb8UdWWYrFIAQvCnND
LsBGNCI3r4yJe87VoadAkoNf794y24nV4T/CA0tws9ojqa3TSVZ+OnM+YBuEDLwM
UYneyOrf1GqSENbxWPM19SLckUNv4sR5JzyZKCF4p3jHu3fk8v12xE6btCVzuRIR
F91ZmB7PBUv/Nw7RsPO100awKksCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQluyZB
/2MpUSe8qWhbnX7Y3RxuYjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDZlYjhiYjktOGE5MS00OTFkLThmM2YtOWNjNGFmY2Y1ZWNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNsMA0G
CSqGSIb3DQEBCwUAA4IBAQBL0LKmFEqENBi5KgAL77P0/wDUUKVZbAqaVKafVwGf
MmF7FCtWvNus0jyGCaCtHGWKR1Bw0Gv6x3uyZDlADCYLn4oAFU5xifAmBEY85evL
cmVedntWoa7Z3z2Adt0LmZi29GhKvL62TqvK+9GPQVSO1rw4nKRS+ZOGfPLgSfXm
RZRu/QRNilksOV4BXL1t/Tciwo3W6nEERoBiPCpW5w/7UNIOz/vvRmUpBkTQ7V62
kZO0McUwhqeZYCbUl7NOzhz2/07SV9vpOvoKnj34BdXlcWKiU1UkysF6FN6pEmjI
GrE+ODUWNDvQo/PjCIZyW+SmRAlcs/027Xlq/oda1kg/
-----END CERTIFICATE-----