Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ac4a6d71-8f2c-4a51-b73d-23abcb81a3b4.roa
File:                     ac4a6d71-8f2c-4a51-b73d-23abcb81a3b4.roa (raw, json)
Hash identifier:          ONk2XFffPpgXZYQeEO8pvMyZ0plOODlwZKUjVbdJZNE=
Subject key identifier:   B7:F6:38:33:25:D5:3B:8F:29:4E:35:F6:78:93:CD:0E:D5:0D:66:9F
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6961F6E5BE6B8467518BF2691FF87812B7EA7672
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ac4a6d71-8f2c-4a51-b73d-23abcb81a3b4.roa
Signing time:             Mon 17 Mar 2025 15:40:26 +0000
ROA not before:           Mon 17 Mar 2025 15:40:26 +0000
ROA not after:            Mon 21 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        83.116.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:61:f6:e5:be:6b:84:67:51:8b:f2:69:1f:f8:78:12:b7:ea:76:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar 17 15:40:26 2025 GMT
            Not After : Apr 21 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:25:ce:66:5c:70:8d:a0:16:c1:59:49:ea:a3:
                    82:64:5b:c0:d2:cf:a6:02:28:d1:67:90:1d:c7:fe:
                    35:e3:aa:6d:6f:a9:3e:b6:90:c3:df:50:5d:0d:5c:
                    52:51:15:f0:d0:dc:ab:f2:a5:9b:eb:52:36:64:5a:
                    f4:98:c5:31:5b:c4:79:d0:43:0f:71:db:ca:a0:24:
                    f2:0d:e9:1c:3b:9f:de:6c:c1:d6:85:ff:67:3b:3c:
                    3e:77:16:3b:bc:7e:e4:d1:55:7e:77:5d:dd:2a:36:
                    29:d5:74:6e:bd:d7:65:60:97:b7:88:f1:eb:07:92:
                    96:0c:ab:66:fc:d2:37:15:6a:94:8e:f1:44:ac:8e:
                    da:70:4b:fd:b4:e7:c3:11:33:b8:21:d0:34:e5:06:
                    f3:66:aa:f7:12:31:fb:4f:14:30:4e:b1:ff:f7:2f:
                    a2:52:44:89:67:81:b6:e5:ed:97:8a:19:7e:5f:47:
                    18:18:01:7f:49:dc:9b:18:99:6b:10:2f:7c:c4:a5:
                    fb:f6:3b:86:5d:7a:fb:0e:c4:3e:e0:e0:c8:28:d7:
                    f6:41:12:04:41:23:83:d4:02:ec:ce:1c:0b:d1:6d:
                    f4:db:8a:eb:90:b0:68:44:8a:bd:3a:25:31:de:2a:
                    37:3c:26:a8:f0:c7:f1:09:9b:21:58:9a:ea:b1:7d:
                    e9:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:F6:38:33:25:D5:3B:8F:29:4E:35:F6:78:93:CD:0E:D5:0D:66:9F
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ac4a6d71-8f2c-4a51-b73d-23abcb81a3b4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.116.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         8a:4a:93:97:e4:26:d8:df:13:9c:10:bc:52:3d:a1:89:15:ec:
         02:95:f0:d7:b6:60:1f:4d:c2:03:14:a3:74:ee:6e:6f:0e:bb:
         1b:96:6b:98:82:d9:7b:e9:67:c8:61:b6:90:48:fe:95:0a:bd:
         ea:23:bc:89:7a:cd:d0:e7:57:ba:50:d2:64:ab:d8:f1:29:15:
         4d:68:dc:b7:55:31:91:39:b9:20:09:d1:c6:ad:ca:36:eb:a3:
         1f:19:67:b2:86:87:d6:61:f1:a7:6d:44:ba:08:ad:f6:45:97:
         c1:2b:a6:1b:70:76:ea:7f:71:37:dd:92:41:0b:70:1b:d0:f7:
         5e:da:e3:c6:34:2f:ae:66:36:21:2f:a8:ba:ac:9c:ab:e1:94:
         d0:38:72:f6:48:a1:d0:39:bb:b5:ba:bb:66:33:83:37:44:df:
         91:2a:3e:eb:17:27:7d:b2:79:e2:9d:ec:5f:94:a3:3f:d9:5a:
         44:66:37:ed:e4:b0:ba:f9:e7:e0:a9:de:d0:88:0e:6e:1d:19:
         50:2f:cf:9a:89:5b:22:f1:ef:5f:40:5f:ba:80:e2:18:77:fa:
         15:67:90:88:18:4f:07:67:29:7a:a0:ae:0b:a4:26:59:47:38:
         4c:7a:29:cb:b1:12:1d:0a:41:ef:b1:ac:21:14:88:7e:07:ee:
         32:c1:59:02
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUaWH25b5rhGdRi/JpH/h4ErfqdnIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMTcxNTQwMjZaFw0yNTA0MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDE5ZTZmYTA3ZmUzOThkMjQ0ZjUxODVhMTM4NWE2NjFmMDlhYmFiN2M1OTgw
ZWI3YWJkZjQ2NzEzM2IxODk3NDQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM4lzmZccI2gFsFZSeqjgmRbwNLPpgIo0WeQHcf+NeOqbW+pPraQw99QXQ1c
UlEV8NDcq/Klm+tSNmRa9JjFMVvEedBDD3HbyqAk8g3pHDuf3mzB1oX/Zzs8PncW
O7x+5NFVfndd3So2KdV0br3XZWCXt4jx6weSlgyrZvzSNxVqlI7xRKyO2nBL/bTn
wxEzuCHQNOUG82aq9xIx+08UME6x//cvolJEiWeBtuXtl4oZfl9HGBgBf0ncmxiZ
axAvfMSl+/Y7hl16+w7EPuDgyCjX9kESBEEjg9QC7M4cC9Ft9NuK65CwaESKvTol
Md4qNzwmqPDH8QmbIVia6rF96QcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS39jgz
JdU7jylONfZ4k80O1Q1mnzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YWM0YTZkNzEtOGYyYy00YTUxLWI3M2QtMjNhYmNiODFhM2I0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAVN0MA0G
CSqGSIb3DQEBCwUAA4IBAQCKSpOX5CbY3xOcELxSPaGJFewClfDXtmAfTcIDFKN0
7m5vDrsblmuYgtl76WfIYbaQSP6VCr3qI7yJes3Q51e6UNJkq9jxKRVNaNy3VTGR
ObkgCdHGrco266MfGWeyhofWYfGnbUS6CK32RZfBK6YbcHbqf3E33ZJBC3Ab0Pde
2uPGNC+uZjYhL6i6rJyr4ZTQOHL2SKHQObu1urtmM4M3RN+RKj7rFyd9snninexf
lKM/2VpEZjft5LC6+efgqd7QiA5uHRlQL8+aiVsi8e9fQF+6gOIYd/oVZ5CIGE8H
Zyl6oK4LpCZZRzhMeinLsRIdCkHvsawhFIh+B+4ywVkC
-----END CERTIFICATE-----