Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
File:                     3558ad32-215e-47a4-9f5b-477ec71e940f.roa (raw, json)
Hash identifier:          uGbbR2OBZtJOq7hno34cc3sxPqfwgXpstgeozJnw6d0=
Subject key identifier:   96:AA:89:01:B7:9F:FF:09:E7:89:96:23:AB:4C:D4:F9:52:94:32:46
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       0FB21216668BA207461E9D44A4F0A0621677DD29
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a01:578:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:b2:12:16:66:8b:a2:07:46:1e:9d:44:a4:f0:a0:62:16:77:dd:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:1b:7e:a9:bb:6d:e2:dd:5b:41:10:a9:82:50:
                    2d:b2:2e:5e:5d:f3:a4:c2:26:f9:0a:4f:94:67:79:
                    f6:9c:83:36:07:c4:5e:d1:0d:a4:9a:17:6e:c5:1f:
                    a5:ee:95:b0:47:71:04:2a:06:d3:93:64:4b:21:8d:
                    c9:2b:5e:35:b2:12:85:8f:fe:d3:26:82:a3:b3:bf:
                    14:fa:41:32:50:40:b6:ba:10:dd:3c:16:4f:62:b0:
                    55:e6:4c:80:90:76:cd:38:29:25:0b:c0:63:3b:0c:
                    6e:cd:cf:7c:c1:53:56:d6:77:c9:63:f6:54:f3:38:
                    c5:fd:bf:d9:83:da:40:29:eb:e8:a8:a6:c6:40:7a:
                    64:34:43:1b:b2:a0:59:26:60:85:c2:6a:50:b0:71:
                    a1:8a:2f:c4:ac:ed:4a:6b:50:5d:e2:38:fe:f9:2b:
                    ea:db:8a:31:51:3d:c3:fd:cc:7b:ce:60:1a:0f:c1:
                    ca:04:c9:89:79:26:ea:ca:e7:a3:47:a8:7b:e1:eb:
                    ff:00:99:52:80:3f:64:34:c1:e6:3e:00:56:f1:eb:
                    9a:3b:0e:05:f0:1f:dd:42:e2:5d:df:6e:23:05:66:
                    39:64:9f:f0:d2:da:76:2e:99:99:25:83:8f:00:a9:
                    e3:42:06:7a:c3:5b:2a:76:3c:50:f3:5c:64:88:ce:
                    93:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:AA:89:01:B7:9F:FF:09:E7:89:96:23:AB:4C:D4:F9:52:94:32:46
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:69:20:3c:5b:fc:ce:30:41:57:4d:fe:e2:2d:aa:a1:7a:ce:
         7e:7a:89:af:8b:05:d5:cf:76:c7:0e:79:fa:3a:2e:21:25:21:
         ab:e3:92:70:06:f8:c4:0d:bb:f0:35:e1:90:5b:e9:eb:16:ac:
         64:4b:ec:91:11:dd:90:27:2c:c3:f1:68:91:20:d0:1d:52:19:
         c3:85:91:41:de:e3:c5:4f:44:a1:ba:ba:31:f0:fa:71:bf:b2:
         2f:98:a9:b2:df:fb:12:52:b2:4e:d3:a5:ef:98:71:24:92:d0:
         26:6e:aa:5c:8e:f5:33:42:01:f3:ad:d2:fa:99:a5:94:81:fa:
         20:f4:f4:9c:b9:15:d7:3e:2c:e0:95:b6:f4:90:a2:26:06:66:
         b9:24:38:83:9c:5b:69:47:34:1e:24:0b:47:96:0b:da:d6:9c:
         9a:d9:c2:dd:ba:a7:03:01:f0:e5:5b:cf:5d:57:3e:66:b0:6a:
         79:a8:03:2e:de:d1:b7:af:58:50:32:10:bf:04:a0:af:d9:37:
         22:e1:33:c2:80:51:a8:90:36:fc:08:a2:cb:dd:78:85:55:0a:
         ab:fb:3f:3f:0d:18:e5:9e:4e:6e:10:85:21:8c:82:5d:d2:ce:
         a1:42:06:6c:66:c9:be:16:38:e9:5a:f0:81:cd:11:c2:a0:0f:
         71:20:8c:13
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUD7ISFmaLogdGHp1EpPCgYhZ33SkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDY1N2IxNTI1MDU2NTlmY2M2ZDFkNTVkYTE0NDBmODcyYzM1Yjg5YzM0YmNi
NjYxMmJkMGM4MTg3MGNjZTk1NmUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK8bfqm7beLdW0EQqYJQLbIuXl3zpMIm+QpPlGd59pyDNgfEXtENpJoXbsUf
pe6VsEdxBCoG05NkSyGNySteNbIShY/+0yaCo7O/FPpBMlBAtroQ3TwWT2KwVeZM
gJB2zTgpJQvAYzsMbs3PfMFTVtZ3yWP2VPM4xf2/2YPaQCnr6KimxkB6ZDRDG7Kg
WSZghcJqULBxoYovxKztSmtQXeI4/vkr6tuKMVE9w/3Me85gGg/BygTJiXkm6srn
o0eoe+Hr/wCZUoA/ZDTB5j4AVvHrmjsOBfAf3ULiXd9uIwVmOWSf8NLadi6ZmSWD
jwCp40IGesNbKnY8UPNcZIjOk30CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSWqokB
t5//CeeJliOrTNT5UpQyRjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzU1OGFkMzItMjE1ZS00N2E0LTlmNWItNDc3ZWM3MWU5NDBmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBBXgA
AzANBgkqhkiG9w0BAQsFAAOCAQEAfGkgPFv8zjBBV03+4i2qoXrOfnqJr4sF1c92
xw55+jouISUhq+OScAb4xA278DXhkFvp6xasZEvskRHdkCcsw/FokSDQHVIZw4WR
Qd7jxU9Eobq6MfD6cb+yL5ipst/7ElKyTtOl75hxJJLQJm6qXI71M0IB863S+pml
lIH6IPT0nLkV1z4s4JW29JCiJgZmuSQ4g5xbaUc0HiQLR5YL2tacmtnC3bqnAwHw
5VvPXVc+ZrBqeagDLt7Rt69YUDIQvwSgr9k3IuEzwoBRqJA2/Aiiy914hVUKq/s/
Pw0Y5Z5ObhCFIYyCXdLOoUIGbGbJvhY46Vrwgc0RwqAPcSCMEw==
-----END CERTIFICATE-----