Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7b957dae-110a-40bf-9710-191cf24c9e94.roa
File:                     7b957dae-110a-40bf-9710-191cf24c9e94.roa (raw, json)
Hash identifier:          8fqYnd0QtsOoi6qs3AR47hMo7Rwg1V/Jme7S6Fg3A3U=
Subject key identifier:   39:17:4A:3C:7C:67:F4:71:62:D4:E5:AB:F1:22:FB:65:B2:F1:87:76
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       4625F0CC94FAD6F336FF02A270A68A6C00E09E5B
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7b957dae-110a-40bf-9710-191cf24c9e94.roa
Signing time:             Tue 01 Apr 2025 15:10:15 +0000
ROA not before:           Tue 01 Apr 2025 15:10:15 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.0.96.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:25:f0:cc:94:fa:d6:f3:36:ff:02:a2:70:a6:8a:6c:00:e0:9e:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Apr  1 15:10:15 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:87:f6:0e:d6:94:4b:f4:11:f7:94:e2:c9:26:
                    ad:b6:72:09:28:ce:3e:52:9c:76:b1:32:78:3e:46:
                    22:c3:9a:03:3a:9c:1b:46:d8:7e:99:30:8a:27:28:
                    96:95:f4:55:39:e1:58:3d:17:50:ec:15:eb:c2:03:
                    34:0a:48:14:76:61:bf:5b:33:ec:55:47:b0:e3:34:
                    e5:43:27:19:13:70:62:ac:29:60:b9:0c:c9:aa:dc:
                    ee:28:ef:e0:b8:fe:b9:5e:9d:8e:11:89:9e:b4:e0:
                    ca:13:36:0a:a1:32:35:e4:9c:5d:41:71:9b:ab:35:
                    81:c5:12:8f:74:64:c2:3a:0e:13:60:bc:7e:b1:d1:
                    29:4d:f3:f3:8a:48:58:d7:26:26:04:49:5d:6f:87:
                    ed:d8:b3:0c:52:f6:79:7f:9a:30:66:13:b5:03:f6:
                    83:80:c7:e7:11:33:10:6b:00:a9:bb:60:f3:b0:c6:
                    21:92:bc:73:1e:68:2e:c6:e0:47:46:26:64:33:09:
                    05:b4:83:4c:0f:54:09:52:ff:ef:17:d6:dc:fe:d2:
                    b7:01:b6:e4:cd:0f:4b:6c:20:ab:ed:27:c4:e5:8f:
                    cf:79:9d:a8:4b:c0:55:c6:01:d2:fb:38:e0:cb:e2:
                    25:63:50:62:e9:89:a7:0e:16:f7:28:0b:34:24:79:
                    ee:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:17:4A:3C:7C:67:F4:71:62:D4:E5:AB:F1:22:FB:65:B2:F1:87:76
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7b957dae-110a-40bf-9710-191cf24c9e94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.0.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         15:bc:a1:88:a7:cb:eb:aa:e0:b1:70:b2:fa:76:67:f3:d7:a7:
         d2:d0:19:17:fe:7c:fb:76:18:b5:22:3f:92:b2:58:90:61:f5:
         49:fe:ec:2d:74:d7:cb:bf:17:60:80:83:46:f3:36:c9:20:26:
         e8:b8:0f:7c:09:24:c6:ed:30:76:c6:2a:29:3c:aa:0d:08:6e:
         b1:f8:8d:77:f3:1f:7c:b2:9c:26:bd:a5:35:2b:5e:19:47:8b:
         d6:ca:b3:b4:4f:2f:4c:5d:1c:80:8a:76:00:31:52:c4:d1:55:
         be:b5:d8:da:b8:9b:1f:88:bd:dc:d9:f1:e8:3c:9c:1d:9b:a9:
         9a:71:a5:d2:e5:1b:9a:1c:63:b6:37:4b:89:a3:bf:bb:b2:58:
         63:2e:30:8f:4f:08:65:60:36:99:96:e5:7d:7e:dc:0c:61:b0:
         4a:d7:dd:2c:3f:6d:4b:fa:c1:6d:ff:d8:df:c2:78:d9:1e:71:
         62:ee:8c:ac:d6:17:25:e9:cf:be:6b:42:8d:aa:6a:99:9f:2a:
         80:0f:4c:93:63:9f:49:2f:75:bf:2f:5f:1b:56:28:90:d1:a9:
         36:f8:5b:25:9b:be:91:c3:d8:06:fd:60:6d:38:7c:1c:44:6b:
         80:81:4f:aa:db:49:c2:4f:38:0a:ad:51:35:a4:95:cd:4d:a2:
         c7:ef:56:a5
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIURiXwzJT61vM2/wKicKaKbADgnlswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MDExNTEwMTVaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDRjOWUxNDA0MDNjM2FiZmEwZjdiMGUzNWZhYjU5YWFmMDdkMDVkMzYzZmNj
MTJiYmFhNmQwN2E5ODkzZDlhNGYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALuH9g7WlEv0EfeU4skmrbZyCSjOPlKcdrEyeD5GIsOaAzqcG0bYfpkwiico
lpX0VTnhWD0XUOwV68IDNApIFHZhv1sz7FVHsOM05UMnGRNwYqwpYLkMyarc7ijv
4Lj+uV6djhGJnrTgyhM2CqEyNeScXUFxm6s1gcUSj3RkwjoOE2C8frHRKU3z84pI
WNcmJgRJXW+H7dizDFL2eX+aMGYTtQP2g4DH5xEzEGsAqbtg87DGIZK8cx5oLsbg
R0YmZDMJBbSDTA9UCVL/7xfW3P7StwG25M0PS2wgq+0nxOWPz3mdqEvAVcYB0vs4
4MviJWNQYumJpw4W9ygLNCR57tECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQ5F0o8
fGf0cWLU5avxIvtlsvGHdjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
N2I5NTdkYWUtMTEwYS00MGJmLTk3MTAtMTkxY2YyNGM5ZTk0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAYDAN
BgkqhkiG9w0BAQsFAAOCAQEAFbyhiKfL66rgsXCy+nZn89en0tAZF/58+3YYtSI/
krJYkGH1Sf7sLXTXy78XYICDRvM2ySAm6LgPfAkkxu0wdsYqKTyqDQhusfiNd/Mf
fLKcJr2lNSteGUeL1sqztE8vTF0cgIp2ADFSxNFVvrXY2ribH4i93Nnx6DycHZup
mnGl0uUbmhxjtjdLiaO/u7JYYy4wj08IZWA2mZblfX7cDGGwStfdLD9tS/rBbf/Y
38J42R5xYu6MrNYXJenPvmtCjapqmZ8qgA9Mk2OfSS91vy9fG1YokNGpNvhbJZu+
kcPYBv1gbTh8HERrgIFPqttJwk84Cq1RNaSVzU2ix+9WpQ==
-----END CERTIFICATE-----