Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/16337db0-8420-40f0-982b-9d50c20f4e08.roa
File:                     16337db0-8420-40f0-982b-9d50c20f4e08.roa (raw, json)
Hash identifier:          ZAUYvudsVO0qXmsAIQcwE0lhXGiOjuLhwRXGi8PcY4Q=
Subject key identifier:   F3:9B:58:53:10:E3:8F:91:DD:B2:A0:D5:CE:A0:5F:AB:C8:A4:32:53
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       12ED8992214A5A3D846819C9431E5FE461F39F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/16337db0-8420-40f0-982b-9d50c20f4e08.roa
Signing time:             Wed 05 Mar 2025 17:51:21 +0000
ROA not before:           Wed 05 Mar 2025 17:51:21 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        193.57.254.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:ed:89:92:21:4a:5a:3d:84:68:19:c9:43:1e:5f:e4:61:f3:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 17:51:21 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:05:03:4d:48:29:86:cd:25:e4:21:d1:8c:b1:
                    79:f0:53:2d:f2:9b:0d:c6:fa:a4:48:aa:5a:93:46:
                    c5:3b:24:44:7a:b6:9f:6c:f3:fd:88:0d:08:20:df:
                    f1:c2:ee:8c:b2:86:ee:fe:6f:73:7c:67:58:c9:71:
                    9f:10:68:0a:91:df:5b:03:0a:72:94:42:e9:ea:aa:
                    29:97:53:b9:06:9e:dd:7b:7a:24:a5:1d:ca:db:e5:
                    ed:66:5f:79:db:f3:32:72:2b:de:cb:83:a9:ae:6d:
                    e3:de:07:96:07:2b:29:97:9b:58:92:c0:ec:48:e0:
                    1c:9c:b5:a5:90:27:ef:6d:8f:4e:8c:9c:3c:53:a6:
                    be:1a:1b:fe:67:6a:d1:e5:d1:e2:14:11:06:11:f9:
                    21:4c:26:eb:52:1f:ef:d0:45:fe:1c:dd:77:bc:da:
                    d9:7d:84:59:b8:4c:dd:cd:19:57:33:f6:2b:34:d0:
                    a3:b4:2d:0f:17:ec:43:56:5f:c9:f3:f0:fa:d6:be:
                    c2:ea:db:30:a5:9d:85:5e:05:9f:54:6d:58:f7:41:
                    35:1e:a8:22:3d:54:b7:de:a0:83:67:09:5d:9c:1d:
                    a5:2a:94:ca:7c:ca:d8:e4:73:93:8c:1b:94:0a:d1:
                    83:4b:55:cf:ca:f5:64:cb:76:5c:4a:d9:a0:11:c6:
                    f5:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:9B:58:53:10:E3:8F:91:DD:B2:A0:D5:CE:A0:5F:AB:C8:A4:32:53
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/16337db0-8420-40f0-982b-9d50c20f4e08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ce:4d:35:f9:b6:33:70:3b:0f:3b:4d:04:d0:97:67:12:29:61:
         9c:f0:7a:8e:b2:8f:c1:9c:de:04:5d:91:fc:e1:64:b1:28:b7:
         9c:17:8d:b0:7d:3b:89:c7:54:19:a8:6d:22:80:de:32:e9:5e:
         74:2f:b1:0d:2c:8d:ca:49:93:d6:d9:f1:95:46:de:cd:99:a7:
         cc:ad:0d:34:77:57:82:9f:d2:ea:88:21:f9:1b:97:20:c8:83:
         fa:3a:66:7b:11:20:de:f5:42:de:80:03:30:1b:f8:39:0c:38:
         8f:3d:f0:17:e8:96:a5:66:2c:31:de:0b:57:35:f8:29:e7:16:
         a3:6f:7b:7c:c9:82:99:4c:af:86:6e:e6:74:fb:75:62:91:a2:
         31:09:20:f3:32:20:74:70:e8:19:f0:4e:45:04:88:50:6a:8b:
         fb:b9:38:ed:d4:04:78:bc:b5:1d:de:60:04:51:50:03:76:ff:
         12:c3:39:83:62:b9:0d:39:da:88:65:f3:f6:23:ae:7b:b0:d9:
         b9:19:ee:92:ad:14:00:e5:c2:6c:0c:78:84:c1:2d:c4:cd:10:
         49:1f:17:8e:1b:fe:f4:7f:fc:bc:1f:7a:c4:48:84:71:d7:68:
         5a:22:62:8f:be:f8:3a:94:4c:a0:99:34:6a:42:d5:ff:b1:41:
         1d:e2:24:0e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgITEu2JkiFKWj2EaBnJQx5f5GHznzANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg0NTNmNDc0NjM1NGUyYWQxNWNlN2ViZDhkYzIxZjk2YzBl
NWM4N2NmMB4XDTI1MDMwNTE3NTEyMVoXDTI1MDQwOTIzNTk1OVowejFJMEcGA1UE
BRNAZmIwZjNiMTI1NjM5MTdlZmE3MDhlNzg0YWQ2MzYwZmI4NTk5ODFjNWUwMDIy
NGU0ZGQzYmRmOTI5NjAxODc4OTEtMCsGA1UEAxMkYzMzNjQxMWEtNjY1MS00ZjEz
LThlZjktZGU2ODFjN2M5NDQ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3wUDTUgphs0l5CHRjLF58FMt8psNxvqkSKpak0bFOyREerafbPP9iA0IIN/x
wu6Msobu/m9zfGdYyXGfEGgKkd9bAwpylELp6qopl1O5Bp7de3okpR3K2+XtZl95
2/Mycivey4Oprm3j3geWByspl5tYksDsSOAcnLWlkCfvbY9OjJw8U6a+Ghv+Z2rR
5dHiFBEGEfkhTCbrUh/v0EX+HN13vNrZfYRZuEzdzRlXM/YrNNCjtC0PF+xDVl/J
8/D61r7C6tswpZ2FXgWfVG1Y90E1HqgiPVS33qCDZwldnB2lKpTKfMrY5HOTjBuU
CtGDS1XPyvVky3ZcStmgEcb1GQIDAQABo4ICITCCAh0wHQYDVR0OBBYEFPObWFMQ
44+R3bKg1c6gX6vIpDJTMB8GA1UdIwQYMBaAFEU/R0Y1TirRXOfr2Nwh+WwOXIfP
MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvUlQ5SFJqVk9L
dEZjNS12WTNDSDViQTVjaDg4LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsG
AQUFBzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5j
b20vdm9sdW1lLzk2N2EyNTVjLWQ2ODAtNDJkMy05ZWMzLWVjYjNmOWRhMDg4Yy8x
NjMzN2RiMC04NDIwLTQwZjAtOTgyYi05ZDUwYzIwZjRlMDgucm9hMIGIBgNVHR8E
gYAwfjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25h
d3MuY29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4
OGMvX2xBaTVUSERzUWRQWUE5bm1FVDZvbEh1VmM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwTn+MA0G
CSqGSIb3DQEBCwUAA4IBAQDOTTX5tjNwOw87TQTQl2cSKWGc8HqOso/BnN4EXZH8
4WSxKLecF42wfTuJx1QZqG0igN4y6V50L7ENLI3KSZPW2fGVRt7NmafMrQ00d1eC
n9LqiCH5G5cgyIP6OmZ7ESDe9ULegAMwG/g5DDiPPfAX6JalZiwx3gtXNfgp5xaj
b3t8yYKZTK+GbuZ0+3VikaIxCSDzMiB0cOgZ8E5FBIhQaov7uTjt1AR4vLUd3mAE
UVADdv8SwzmDYrkNOdqIZfP2I657sNm5Ge6SrRQA5cJsDHiEwS3EzRBJHxeOG/70
f/y8H3rESIRx12haImKPvvg6lEygmTRqQtX/sUEd4iQO
-----END CERTIFICATE-----