Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/695716ab-c4db-435d-95fe-4143be62030e.roa
File:                     695716ab-c4db-435d-95fe-4143be62030e.roa (raw, json)
Hash identifier:          fAHcnpoLNqi8b2W5aScSIk4QJ1ioLRYRTbPG+POTvic=
Subject key identifier:   81:3A:28:D5:E5:FB:33:1C:BF:17:75:3E:F4:88:F8:A5:DC:68:8E:46
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       057DA5C7A894F4C91BA9327C6715654DCDBC9E4D
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/695716ab-c4db-435d-95fe-4143be62030e.roa
Signing time:             Fri 07 Mar 2025 15:10:42 +0000
ROA not before:           Fri 07 Mar 2025 15:10:42 +0000
ROA not after:            Fri 11 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        139.79.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:7d:a5:c7:a8:94:f4:c9:1b:a9:32:7c:67:15:65:4d:cd:bc:9e:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  7 15:10:42 2025 GMT
            Not After : Apr 11 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:0d:5b:cd:c4:ac:8c:81:d8:8e:84:97:37:6a:
                    28:7f:46:a6:cd:91:71:ba:66:d2:0e:d0:a8:19:a9:
                    d6:bb:6d:67:7f:63:e7:9f:f2:02:96:4a:44:89:6b:
                    9d:3d:fb:3c:6e:be:bc:e1:e4:aa:37:f7:8e:b3:97:
                    48:1b:52:8e:32:68:c0:8e:8d:19:dd:0d:da:49:fd:
                    99:41:5c:61:26:a2:0a:25:ca:76:cd:40:64:43:04:
                    bd:74:5a:cf:52:9b:a3:eb:a1:7c:58:16:0a:bd:d5:
                    eb:7c:5e:0c:62:ea:50:71:26:9c:d1:29:8c:1d:79:
                    0c:a7:bc:2d:c8:d7:44:60:9e:67:bd:09:ac:30:e1:
                    1f:5b:a2:1a:72:5d:9c:5b:41:27:fe:43:9d:f7:f0:
                    2c:b7:39:d3:bc:e4:b5:c3:31:33:62:11:17:8e:7c:
                    92:06:9e:95:a2:24:4a:be:b4:fb:22:e2:9e:06:9a:
                    57:0d:0d:71:c6:b1:50:48:88:dd:2c:08:a3:1f:6e:
                    92:04:7e:74:bd:03:f7:02:60:1f:62:5b:e4:f0:f2:
                    5a:68:58:12:49:81:ba:98:50:7f:4f:a8:5f:56:c6:
                    c1:48:f9:41:8e:67:a3:43:1e:55:c7:cb:d6:82:ee:
                    10:9d:b2:3e:bb:d4:20:ab:6c:08:49:49:49:73:94:
                    f5:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:3A:28:D5:E5:FB:33:1C:BF:17:75:3E:F4:88:F8:A5:DC:68:8E:46
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/695716ab-c4db-435d-95fe-4143be62030e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.79.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         45:96:ba:9e:1c:ab:d9:f9:fc:66:17:85:30:95:28:e7:65:bb:
         d7:ce:2a:6e:aa:11:d6:a1:ad:28:61:4a:fd:00:a6:f7:bd:55:
         51:ed:39:b6:69:fe:c7:15:c6:05:58:11:75:eb:35:d2:73:1d:
         40:83:a8:c3:21:f8:ed:5d:81:4e:e7:a6:b5:a4:45:77:86:77:
         48:4d:07:df:80:c2:98:a1:d0:b8:83:5e:07:67:32:75:77:ca:
         00:45:b7:3a:08:1e:63:9b:7c:1a:b8:b3:c1:7b:74:5c:c8:b8:
         84:c2:17:8f:bc:65:fc:57:d0:3a:af:83:c6:df:e0:35:a3:70:
         dc:29:8a:3e:3c:0b:da:0a:e4:0b:53:1c:d0:a9:86:10:65:49:
         84:25:3b:ac:f5:28:4a:29:5b:89:23:de:92:c2:a2:97:47:17:
         6c:76:08:8d:5c:91:8e:d6:47:48:cf:4a:be:f6:48:97:02:e2:
         0b:9d:6e:66:62:63:70:ad:01:30:fe:02:da:41:aa:04:a0:75:
         bd:5a:af:ea:c4:a8:15:61:ce:a8:07:b3:5b:45:60:46:52:5d:
         1e:d6:a3:f3:ab:0b:c4:40:8c:e4:0a:cf:d5:c2:c2:3e:f8:7c:
         a7:c2:30:f8:80:a9:7c:af:57:c2:04:26:bf:8d:03:2f:6a:e5:
         d1:8d:bb:9e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUBX2lx6iU9MkbqTJ8ZxVlTc28nk0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAzMDcxNTEwNDJaFw0yNTA0MTEyMzU5NTlaMHoxSTBHBgNV
BAUTQDRjNWY3YWRkMDYyMTk5ZDdiYmI2ZWMwNDE0OWQxNjc1Y2E1MTAxZGEyNjdk
M2E4YWYwZjk3Yzg5N2JhZWM4ZjkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMsNW83ErIyB2I6ElzdqKH9Gps2Rcbpm0g7QqBmp1rttZ39j55/yApZKRIlr
nT37PG6+vOHkqjf3jrOXSBtSjjJowI6NGd0N2kn9mUFcYSaiCiXKds1AZEMEvXRa
z1Kbo+uhfFgWCr3V63xeDGLqUHEmnNEpjB15DKe8LcjXRGCeZ70JrDDhH1uiGnJd
nFtBJ/5DnffwLLc507zktcMxM2IRF458kgaelaIkSr60+yLingaaVw0NccaxUEiI
3SwIox9ukgR+dL0D9wJgH2Jb5PDyWmhYEkmBuphQf0+oX1bGwUj5QY5no0MeVcfL
1oLuEJ2yPrvUIKtsCElJSXOU9Z0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSBOijV
5fszHL8XdT70iPil3GiORjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njk1NzE2YWItYzRkYi00MzVkLTk1ZmUtNDE0M2JlNjIwMzBlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAItPMA0G
CSqGSIb3DQEBCwUAA4IBAQBFlrqeHKvZ+fxmF4UwlSjnZbvXzipuqhHWoa0oYUr9
AKb3vVVR7Tm2af7HFcYFWBF16zXScx1Ag6jDIfjtXYFO56a1pEV3hndITQffgMKY
odC4g14HZzJ1d8oARbc6CB5jm3wauLPBe3RcyLiEwhePvGX8V9A6r4PG3+A1o3Dc
KYo+PAvaCuQLUxzQqYYQZUmEJTus9ShKKVuJI96SwqKXRxdsdgiNXJGO1kdIz0q+
9kiXAuILnW5mYmNwrQEw/gLaQaoEoHW9Wq/qxKgVYc6oB7NbRWBGUl0e1qPzqwvE
QIzkCs/VwsI++HynwjD4gKl8r1fCBCa/jQMvauXRjbue
-----END CERTIFICATE-----