Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/aa03baa3-d331-4094-821b-360f6650edd6.roa
File:                     aa03baa3-d331-4094-821b-360f6650edd6.roa (raw, json)
Hash identifier:          oRq/V0uGaT4D4PUUc2WKdwTx2eKZhfpJJXuCaM6YnGk=
Subject key identifier:   4B:BF:E3:44:9A:A5:09:5F:58:C0:C4:30:EC:53:BC:84:DB:73:F3:D0
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       2E5D26C04CACA01B6724A7B0B26D7F2698149347
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/aa03baa3-d331-4094-821b-360f6650edd6.roa
Signing time:             Tue 01 Apr 2025 15:10:48 +0000
ROA not before:           Tue 01 Apr 2025 15:10:48 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        83.119.96.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:5d:26:c0:4c:ac:a0:1b:67:24:a7:b0:b2:6d:7f:26:98:14:93:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Apr  1 15:10:48 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f7:84:45:e2:e5:ae:95:07:3e:98:cb:ea:2e:
                    20:6c:d8:49:b0:7e:35:c4:a0:1e:6e:95:11:ee:c2:
                    f6:a2:97:8f:4f:66:4a:7a:13:81:90:6d:f8:94:c9:
                    31:63:5b:8e:d9:26:22:59:f1:7c:07:3b:13:d5:05:
                    70:e3:1b:a7:7f:86:26:f4:1b:7d:c8:ae:32:f0:f0:
                    b2:f5:93:5a:a5:59:49:18:38:f9:cd:ce:70:2e:6c:
                    01:31:93:e1:df:47:6f:27:7d:2a:c8:1b:d3:29:e1:
                    77:d9:5c:29:92:1f:55:b1:c3:53:20:5c:a7:a6:c2:
                    e4:0d:61:f1:82:23:05:37:3c:8f:cd:50:2a:42:70:
                    d6:9d:db:27:fa:ef:38:bd:cd:d0:20:55:be:2e:31:
                    9c:58:11:71:87:ca:40:58:d8:01:1f:d5:43:3c:ba:
                    7b:d5:ee:66:2d:55:10:8a:7c:0d:da:ce:36:fc:a6:
                    61:a5:5b:d2:19:d5:19:57:e0:36:66:a2:5f:1f:f6:
                    ee:d3:f0:c7:99:58:1c:ac:5c:4d:a7:d7:7d:e9:a1:
                    19:6b:2e:6b:5e:9e:99:e4:4f:08:4f:5f:9e:5e:6f:
                    ee:2b:c8:ff:65:f5:04:fa:0a:96:16:33:b3:be:f2:
                    23:df:8e:f7:af:96:97:19:bd:8e:4b:68:8c:73:ae:
                    90:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:BF:E3:44:9A:A5:09:5F:58:C0:C4:30:EC:53:BC:84:DB:73:F3:D0
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/aa03baa3-d331-4094-821b-360f6650edd6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.119.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         8e:86:75:8e:6d:77:b3:17:74:66:29:64:58:3d:1f:64:d0:46:
         a6:8c:6f:25:5a:52:e8:ca:c7:7b:9d:dc:f4:df:91:7f:eb:43:
         f9:ef:7d:ce:b9:cf:8b:9c:62:d3:a4:42:1b:d3:37:d6:f7:95:
         81:3b:59:eb:85:7b:5c:2e:ac:41:ac:b6:4f:a9:38:12:9c:91:
         24:56:ec:58:9e:3e:08:58:b1:e2:3f:a7:01:57:cd:ce:58:5d:
         c5:f9:58:24:e8:1b:df:f8:bb:38:85:bb:80:18:f7:60:ae:4c:
         fa:5c:50:e3:3d:d0:e5:8e:e9:b0:1d:26:23:0c:01:6a:47:28:
         28:c2:c9:33:3f:f7:8a:30:19:7e:fb:1f:e8:c3:f3:34:ba:ad:
         46:82:fd:00:cb:16:81:93:7a:a0:3d:1c:8e:e1:58:05:76:fe:
         7f:c1:fd:66:3c:e0:c1:e8:8c:c5:e8:3e:ea:86:64:de:ea:34:
         e5:b9:0c:25:76:e5:ad:72:8b:f9:97:d6:75:01:73:31:c3:84:
         b5:93:20:b7:63:91:c2:e2:3b:8e:a8:65:47:51:43:43:a8:4b:
         9c:91:cd:cf:c9:7d:35:11:ca:35:d2:ce:ec:5d:99:b9:0a:ad:
         03:51:7f:aa:c9:7e:18:a3:c6:99:c1:a3:7c:ca:dd:e3:d1:b0:
         7d:57:df:8b
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIULl0mwEysoBtnJKewsm1/JpgUk0cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA0MDExNTEwNDhaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDRlMDI3NDI0MTczN2VjYzBkNGI1NDEwODFhMmJhNjNhZDQxNDQ3ZGFhZGU1
ZGYwYmQxMTk0NjIwZDAzNDA4ZDIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALr3hEXi5a6VBz6Yy+ouIGzYSbB+NcSgHm6VEe7C9qKXj09mSnoTgZBt+JTJ
MWNbjtkmIlnxfAc7E9UFcOMbp3+GJvQbfciuMvDwsvWTWqVZSRg4+c3OcC5sATGT
4d9Hbyd9Ksgb0ynhd9lcKZIfVbHDUyBcp6bC5A1h8YIjBTc8j81QKkJw1p3bJ/rv
OL3N0CBVvi4xnFgRcYfKQFjYAR/VQzy6e9XuZi1VEIp8DdrONvymYaVb0hnVGVfg
NmaiXx/27tPwx5lYHKxcTafXfemhGWsua16emeRPCE9fnl5v7ivI/2X1BPoKlhYz
s77yI9+O96+Wlxm9jktojHOukGUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRLv+NE
mqUJX1jAxDDsU7yE23Pz0DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YWEwM2JhYTMtZDMzMS00MDk0LTgyMWItMzYwZjY2NTBlZGQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBVN3YDAN
BgkqhkiG9w0BAQsFAAOCAQEAjoZ1jm13sxd0ZilkWD0fZNBGpoxvJVpS6MrHe53c
9N+Rf+tD+e99zrnPi5xi06RCG9M31veVgTtZ64V7XC6sQay2T6k4EpyRJFbsWJ4+
CFix4j+nAVfNzlhdxflYJOgb3/i7OIW7gBj3YK5M+lxQ4z3Q5Y7psB0mIwwBakco
KMLJMz/3ijAZfvsf6MPzNLqtRoL9AMsWgZN6oD0cjuFYBXb+f8H9ZjzgweiMxeg+
6oZk3uo05bkMJXblrXKL+ZfWdQFzMcOEtZMgt2ORwuI7jqhlR1FDQ6hLnJHNz8l9
NRHKNdLO7F2ZuQqtA1F/qsl+GKPGmcGjfMrd49GwfVffiw==
-----END CERTIFICATE-----