Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7a9d4970-8e9c-4d11-a1c6-772a571334fd.roa
File:                     7a9d4970-8e9c-4d11-a1c6-772a571334fd.roa (raw, json)
Hash identifier:          y6ZBzYJOV7iTrGuDNJEsAEuvU0nwj8KPVBm2dW3Skis=
Subject key identifier:   DB:13:9B:95:A1:8B:7D:F1:9E:A1:8C:1B:2D:60:54:01:E8:EB:83:F6
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       65F0EF3432E87E55401BF9C2690FCED7A74C01
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7a9d4970-8e9c-4d11-a1c6-772a571334fd.roa
Signing time:             Tue 06 May 2025 00:50:06 +0000
ROA not before:           Tue 06 May 2025 00:50:06 +0000
ROA not after:            Tue 10 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        185.143.16.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:f0:ef:34:32:e8:7e:55:40:1b:f9:c2:69:0f:ce:d7:a7:4c:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May  6 00:50:06 2025 GMT
            Not After : Jun 10 23:59:59 2025 GMT
        Subject: serialNumber=6503fb24ef952f6bfc90068f6d32ad9b391d30de42c51f4b2243842592633ff3, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:0c:38:48:b8:12:c8:50:da:b3:1a:fc:c2:89:
                    28:d7:0b:e2:8f:95:a5:2e:29:16:32:18:d8:a7:9c:
                    87:93:2c:5d:8f:96:55:7d:b9:17:0b:1d:6f:33:ef:
                    77:11:a5:c5:89:5f:24:3f:b9:6e:8b:e5:6b:7b:07:
                    9b:aa:35:10:ad:80:c7:7b:2b:1a:30:5a:df:96:c5:
                    de:c3:69:15:4b:09:86:f8:bd:47:cf:0f:2e:4e:46:
                    18:76:21:7c:05:c6:b1:f8:5d:39:6a:29:95:2d:12:
                    ce:d6:0d:49:a3:d1:f6:74:e5:e3:cd:57:88:31:5e:
                    a8:f3:99:fe:e9:37:e1:7a:16:a5:42:3d:cf:d8:0e:
                    c0:af:17:90:19:95:fc:f9:8c:ee:78:2c:c1:a7:a6:
                    6e:65:84:a8:5b:08:b2:b5:5d:19:22:f8:cf:36:0b:
                    a4:29:b7:3d:68:68:aa:73:2e:d8:8d:e2:e2:39:bb:
                    81:42:13:1b:5d:67:4c:d4:6b:c1:1e:93:c0:d3:84:
                    ba:43:93:a6:48:ac:03:97:f7:0d:5b:2e:ee:84:2e:
                    51:cd:f1:d4:5d:69:72:3a:89:b9:11:dc:0a:4b:4f:
                    d2:ac:11:ca:6b:c1:33:70:ce:f8:c0:3c:f6:3a:97:
                    3f:3a:44:ea:7f:8a:84:21:71:fd:13:1e:68:45:64:
                    e4:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:13:9B:95:A1:8B:7D:F1:9E:A1:8C:1B:2D:60:54:01:E8:EB:83:F6
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7a9d4970-8e9c-4d11-a1c6-772a571334fd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:e9:a4:98:97:c3:45:08:97:05:fc:1b:9f:17:18:c8:0f:01:
         8a:1e:1c:34:e0:8f:9d:a5:ae:40:bd:d3:96:85:51:1e:c1:6f:
         2e:a8:e3:cc:4e:7d:4b:05:fe:7c:df:fe:3b:50:18:b2:49:80:
         cd:0b:f4:24:81:1a:a9:b0:6c:40:bd:fe:09:0e:9c:1d:e8:30:
         ac:6b:f7:b7:06:33:dc:49:7b:82:44:d0:83:d3:05:c4:6a:65:
         38:9b:dd:9f:d7:a0:59:05:aa:ab:97:e0:c8:23:e6:38:20:8c:
         08:cb:a1:56:ab:f3:d7:77:56:fd:df:b5:95:a6:b4:2d:cc:92:
         61:a0:85:6b:10:74:7c:5e:14:83:cd:79:e8:05:21:99:81:14:
         c3:1d:02:f7:75:9e:46:bf:e6:d7:8a:55:f9:ee:a3:fb:7e:92:
         75:a0:2d:e4:02:1a:b7:7d:bc:55:ce:cc:89:2c:b5:75:26:91:
         ea:b5:e7:a9:9b:e9:3d:43:2a:4f:00:85:41:79:3d:45:a9:60:
         1d:0f:f0:d3:72:0f:6d:22:c7:37:98:cd:a1:c8:2d:75:1f:55:
         41:6f:24:6b:b0:cf:89:04:d6:8e:1f:05:26:d6:5b:9b:37:20:
         c7:89:07:76:12:e5:2d:81:f4:bd:b8:63:79:76:ec:1c:ea:30:
         b5:21:5d:e7
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgITZfDvNDLoflVAG/nCaQ/O16dMATANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg0NTNmNDc0NjM1NGUyYWQxNWNlN2ViZDhkYzIxZjk2YzBl
NWM4N2NmMB4XDTI1MDUwNjAwNTAwNloXDTI1MDYxMDIzNTk1OVowejFJMEcGA1UE
BRNANjUwM2ZiMjRlZjk1MmY2YmZjOTAwNjhmNmQzMmFkOWIzOTFkMzBkZTQyYzUx
ZjRiMjI0Mzg0MjU5MjYzM2ZmMzEtMCsGA1UEAxMkYzMzNjQxMWEtNjY1MS00ZjEz
LThlZjktZGU2ODFjN2M5NDQ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0gw4SLgSyFDasxr8woko1wvij5WlLikWMhjYp5yHkyxdj5ZVfbkXCx1vM+93
EaXFiV8kP7lui+VrewebqjUQrYDHeysaMFrflsXew2kVSwmG+L1Hzw8uTkYYdiF8
Bcax+F05aimVLRLO1g1Jo9H2dOXjzVeIMV6o85n+6TfhehalQj3P2A7ArxeQGZX8
+YzueCzBp6ZuZYSoWwiytV0ZIvjPNgukKbc9aGiqcy7YjeLiObuBQhMbXWdM1GvB
HpPA04S6Q5OmSKwDl/cNWy7uhC5RzfHUXWlyOom5EdwKS0/SrBHKa8EzcM74wDz2
Opc/OkTqf4qEIXH9Ex5oRWTkLwIDAQABo4ICITCCAh0wHQYDVR0OBBYEFNsTm5Wh
i33xnqGMGy1gVAHo64P2MB8GA1UdIwQYMBaAFEU/R0Y1TirRXOfr2Nwh+WwOXIfP
MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvUlQ5SFJqVk9L
dEZjNS12WTNDSDViQTVjaDg4LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsG
AQUFBzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5j
b20vdm9sdW1lLzk2N2EyNTVjLWQ2ODAtNDJkMy05ZWMzLWVjYjNmOWRhMDg4Yy83
YTlkNDk3MC04ZTljLTRkMTEtYTFjNi03NzJhNTcxMzM0ZmQucm9hMIGIBgNVHR8E
gYAwfjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25h
d3MuY29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4
OGMvX2xBaTVUSERzUWRQWUE5bm1FVDZvbEh1VmM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY8QMA0G
CSqGSIb3DQEBCwUAA4IBAQCW6aSYl8NFCJcF/BufFxjIDwGKHhw04I+dpa5AvdOW
hVEewW8uqOPMTn1LBf583/47UBiySYDNC/QkgRqpsGxAvf4JDpwd6DCsa/e3BjPc
SXuCRNCD0wXEamU4m92f16BZBaqrl+DII+Y4IIwIy6FWq/PXd1b937WVprQtzJJh
oIVrEHR8XhSDzXnoBSGZgRTDHQL3dZ5Gv+bXilX57qP7fpJ1oC3kAhq3fbxVzsyJ
LLV1JpHqteepm+k9QypPAIVBeT1FqWAdD/DTcg9tIsc3mM2hyC11H1VBbyRrsM+J
BNaOHwUm1lubNyDHiQd2EuUtgfS9uGN5duwc6jC1IV3n
-----END CERTIFICATE-----
Generated at Fri May 9 10:09:25 2025 by rpki-client