Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9c5a1a14-73c1-4c49-8b22-7d10c4379e08.roa
File:                     9c5a1a14-73c1-4c49-8b22-7d10c4379e08.roa (raw, json)
Hash identifier:          ObzULztA+8AA3ZkMcHPMfLeRePwbYh4mBwTwxEf3ymc=
Subject key identifier:   BC:E0:9C:66:3D:18:FE:F3:EC:33:6B:23:68:AC:C9:E0:31:62:4D:2E
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       72E9B34465B5A2206E42E56DD6B2CC5962200680
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9c5a1a14-73c1-4c49-8b22-7d10c4379e08.roa
Signing time:             Mon 17 Mar 2025 15:41:00 +0000
ROA not before:           Mon 17 Mar 2025 15:41:00 +0000
ROA not after:            Mon 21 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.70.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:e9:b3:44:65:b5:a2:20:6e:42:e5:6d:d6:b2:cc:59:62:20:06:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 17 15:41:00 2025 GMT
            Not After : Apr 21 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a1:dd:81:e3:90:08:ea:51:6f:b2:a7:e9:53:
                    31:a8:cb:8d:e5:bd:a2:25:bc:20:2f:1b:0e:db:a9:
                    c6:fe:56:7b:9a:e1:d3:d5:30:41:98:34:2c:16:fa:
                    2f:6b:74:ae:50:c1:d5:8a:e0:c6:90:05:a7:aa:14:
                    80:47:0c:7b:17:5c:e7:e8:8d:ea:24:02:69:b1:a8:
                    68:d5:97:a4:9f:80:5e:c0:ad:07:58:a5:b6:9a:33:
                    71:e3:50:3e:a3:27:61:9c:b9:11:df:80:be:8a:c4:
                    fb:52:fb:aa:52:b6:ff:06:34:4f:4c:f0:90:b5:f1:
                    50:e6:4b:84:a8:67:1b:a1:16:ce:08:01:5f:66:81:
                    02:99:84:a9:b9:74:99:02:5a:8a:b3:f7:cc:6d:fd:
                    4f:37:c7:ef:4f:e7:0d:3c:dc:59:f2:47:93:6d:16:
                    5c:9d:a6:74:20:27:c9:91:70:f0:b0:5b:82:e1:38:
                    6c:82:4f:55:4d:1c:1f:08:7f:bd:3f:b6:8a:05:3b:
                    3b:3e:6b:17:de:1f:4c:d5:06:6c:85:82:db:f0:12:
                    ed:13:25:83:00:1c:be:14:26:25:8f:36:18:4c:34:
                    e0:d1:fb:34:5a:8e:9f:81:42:4f:d5:c2:3d:fc:d2:
                    7b:dd:22:6e:cf:7d:ea:80:2f:89:2b:83:1f:26:1c:
                    76:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:E0:9C:66:3D:18:FE:F3:EC:33:6B:23:68:AC:C9:E0:31:62:4D:2E
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9c5a1a14-73c1-4c49-8b22-7d10c4379e08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.70.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         39:9a:7b:ec:6b:de:76:06:d2:8f:eb:4c:ad:25:c1:ac:b8:35:
         c8:29:b4:37:4a:fc:1e:3b:15:b1:9f:4c:73:d4:76:d4:7a:12:
         10:ba:d8:e4:1f:ff:9b:d1:0b:50:c3:66:ba:96:bb:74:30:c4:
         40:13:1d:ca:6a:7d:91:17:e3:ed:f7:64:57:d8:1c:1d:c3:9f:
         19:fc:3c:ef:83:42:55:b4:ba:ab:c7:36:ca:8e:48:e7:1c:a2:
         9e:dc:86:bc:29:c7:bd:6c:8a:b8:0c:63:dc:06:37:a0:3c:6d:
         86:f2:35:cf:82:64:c7:53:b0:6d:3d:df:7c:ee:87:67:a4:7c:
         61:96:a9:99:ea:2f:a3:5b:f1:e0:8e:f5:a1:c9:47:65:45:9d:
         c4:92:ab:ee:34:dd:3e:96:d1:e5:f7:e8:35:fd:1f:cd:02:66:
         cd:10:74:6b:d5:59:83:f2:01:84:28:92:d0:1b:f7:0f:31:f2:
         e7:00:5a:de:6e:f1:2a:67:46:37:0e:db:37:fe:19:36:40:ea:
         a7:54:e2:c6:66:4a:1d:21:a2:a8:f9:3a:1c:92:c0:85:54:5f:
         f1:68:2c:91:e6:0a:96:a6:0e:85:7f:bd:82:c8:75:9d:e4:10:
         91:fc:6f:1c:2e:9e:a3:30:bf:61:ac:b4:02:d5:03:c0:3b:ac:
         e3:0f:08:9f
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUcumzRGW1oiBuQuVt1rLMWWIgBoAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMTcxNTQxMDBaFw0yNTA0MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGE2MDNmMTVhMmEwZmE3NGEwOGZmZGU2MDg4NjlkM2E3MjYwZjBiM2ZmZmEz
M2UxM2Y1YmIzODU1ZTNlMzY3Y2YxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALKh3YHjkAjqUW+yp+lTMajLjeW9oiW8IC8bDtupxv5We5rh09UwQZg0LBb6
L2t0rlDB1YrgxpAFp6oUgEcMexdc5+iN6iQCabGoaNWXpJ+AXsCtB1iltpozceNQ
PqMnYZy5Ed+AvorE+1L7qlK2/wY0T0zwkLXxUOZLhKhnG6EWzggBX2aBApmEqbl0
mQJairP3zG39TzfH70/nDTzcWfJHk20WXJ2mdCAnyZFw8LBbguE4bIJPVU0cHwh/
vT+2igU7Oz5rF94fTNUGbIWC2/AS7RMlgwAcvhQmJY82GEw04NH7NFqOn4FCT9XC
PfzSe90ibs996oAviSuDHyYcdvcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS84Jxm
PRj+8+wzayNorMngMWJNLjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWM1YTFhMTQtNzNjMS00YzQ5LThiMjItN2QxMGM0Mzc5ZTA4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNGMA0G
CSqGSIb3DQEBCwUAA4IBAQA5mnvsa952BtKP60ytJcGsuDXIKbQ3SvweOxWxn0xz
1HbUehIQutjkH/+b0QtQw2a6lrt0MMRAEx3Kan2RF+Pt92RX2Bwdw58Z/Dzvg0JV
tLqrxzbKjkjnHKKe3Ia8Kce9bIq4DGPcBjegPG2G8jXPgmTHU7BtPd987odnpHxh
lqmZ6i+jW/HgjvWhyUdlRZ3EkqvuNN0+ltHl9+g1/R/NAmbNEHRr1VmD8gGEKJLQ
G/cPMfLnAFrebvEqZ0Y3Dts3/hk2QOqnVOLGZkodIaKo+TocksCFVF/xaCyR5gqW
pg6Ff72CyHWd5BCR/G8cLp6jML9hrLQC1QPAO6zjDwif
-----END CERTIFICATE-----