Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/97585122-fbed-4029-849a-162097054103.roa
File:                     97585122-fbed-4029-849a-162097054103.roa (raw, json)
Hash identifier:          cPJaavsHYAf0NF9VMxMpMS4CsIbZ0LJD0jxjIvinnD4=
Subject key identifier:   DA:FE:1C:F4:8D:BE:BB:79:3F:31:81:40:70:1F:19:33:33:E2:7F:B3
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       57BB1400F8C945BDD647689708513A17E7AEEEC7
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/97585122-fbed-4029-849a-162097054103.roa
Signing time:             Wed 25 Jun 2025 00:50:31 +0000
ROA not before:           Wed 25 Jun 2025 00:50:31 +0000
ROA not after:            Wed 30 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.72.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:bb:14:00:f8:c9:45:bd:d6:47:68:97:08:51:3a:17:e7:ae:ee:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 25 00:50:31 2025 GMT
            Not After : Jul 30 23:59:59 2025 GMT
        Subject: serialNumber=40f359390ecd7b18c6427d8e0e600563614d209638d5dd2b3f1eeb2029a60ef1, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:54:46:bb:83:38:74:05:3c:0c:8e:cd:cd:ff:
                    da:b9:31:1d:5e:11:a5:f1:be:ed:b7:66:48:10:07:
                    ba:03:17:69:fd:39:f2:17:51:59:34:c5:51:a3:0f:
                    ae:b4:04:30:d8:85:96:15:1a:b2:53:ee:e0:b6:68:
                    d2:bf:2c:2a:07:bd:50:bd:c2:b8:d8:12:f4:86:c5:
                    1a:c2:46:1b:9d:91:f7:65:cf:ae:c0:af:7e:e0:e7:
                    ef:0d:9a:5d:1a:61:b5:49:dd:50:24:99:61:16:6f:
                    71:2b:f7:58:9f:7a:79:5e:32:c1:01:67:06:3f:2d:
                    61:74:38:65:60:c9:7c:43:5b:4f:eb:fb:99:1d:31:
                    a7:58:d2:14:35:f3:da:c6:ec:f9:41:b5:e8:0e:26:
                    a6:54:d9:0a:1c:45:c6:8b:69:21:20:fe:b4:33:37:
                    25:a0:3a:a9:9c:c8:e7:c0:cc:42:cc:3c:85:8c:d1:
                    cf:b4:2e:14:bb:f5:c0:9c:96:ce:b6:ac:13:d5:1e:
                    22:05:7a:68:4d:a3:c7:5c:89:d7:28:a5:5c:a1:eb:
                    ba:40:64:4b:34:4b:2d:79:07:80:a2:8d:ec:d5:70:
                    ab:dd:66:da:2f:87:f1:ab:b1:58:14:85:d1:a9:f9:
                    bf:e4:1e:ff:39:75:1a:da:cf:69:e5:68:06:46:4d:
                    07:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:FE:1C:F4:8D:BE:BB:79:3F:31:81:40:70:1F:19:33:33:E2:7F:B3
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/97585122-fbed-4029-849a-162097054103.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.72.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         98:28:34:21:35:af:4f:f9:39:e9:74:35:47:ed:d7:ed:76:6b:
         6d:85:89:11:db:b8:84:91:22:90:3a:6f:1e:c8:a9:0f:74:90:
         fa:ff:25:e6:db:32:c2:ea:2f:ae:d7:c9:c9:3c:7f:a5:45:2c:
         d9:e5:d2:37:50:09:8a:e9:76:82:f2:05:b2:4e:e3:ec:bb:a1:
         8c:49:03:50:7c:5a:ae:d2:f6:a8:ac:d0:87:ff:3a:b8:e4:86:
         66:c0:20:13:c2:89:51:d1:ce:52:f3:c4:be:5c:3e:5e:42:c6:
         ac:79:39:78:5b:60:da:cf:e6:41:76:68:8b:b5:34:eb:f9:85:
         6e:71:ce:a5:c3:2f:9f:a0:46:93:33:85:e1:db:f5:ae:33:a3:
         ea:d5:ea:2b:58:25:c4:d7:87:95:2c:49:89:1f:4c:50:9a:ad:
         70:0e:50:86:16:69:79:ec:5e:fb:0a:5b:40:d2:28:b1:43:44:
         b2:84:f0:f5:a1:86:dc:32:cc:c8:95:60:e6:d3:8e:6f:c5:18:
         b8:cf:1d:fa:5b:bc:67:8f:37:08:51:76:4b:7c:fc:2f:f3:39:
         a3:33:df:0c:04:60:16:e9:4f:81:7b:b6:e6:71:3a:72:38:64:
         c5:e6:c6:a1:c7:f5:25:f3:a8:09:f2:a2:c4:32:5b:6b:c1:8d:
         9f:85:c4:4a
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUV7sUAPjJRb3WR2iXCFE6F+eu7scwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA2MjUwMDUwMzFaFw0yNTA3MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDQwZjM1OTM5MGVjZDdiMThjNjQyN2Q4ZTBlNjAwNTYzNjE0ZDIwOTYzOGQ1
ZGQyYjNmMWVlYjIwMjlhNjBlZjExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALFURruDOHQFPAyOzc3/2rkxHV4RpfG+7bdmSBAHugMXaf058hdRWTTFUaMP
rrQEMNiFlhUaslPu4LZo0r8sKge9UL3CuNgS9IbFGsJGG52R92XPrsCvfuDn7w2a
XRphtUndUCSZYRZvcSv3WJ96eV4ywQFnBj8tYXQ4ZWDJfENbT+v7mR0xp1jSFDXz
2sbs+UG16A4mplTZChxFxotpISD+tDM3JaA6qZzI58DMQsw8hYzRz7QuFLv1wJyW
zrasE9UeIgV6aE2jx1yJ1yilXKHrukBkSzRLLXkHgKKN7NVwq91m2i+H8auxWBSF
0an5v+Qe/zl1GtrPaeVoBkZNB90CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTa/hz0
jb67eT8xgUBwHxkzM+J/szAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTc1ODUxMjItZmJlZC00MDI5LTg0OWEtMTYyMDk3MDU0MTAzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNIMA0G
CSqGSIb3DQEBCwUAA4IBAQCYKDQhNa9P+TnpdDVH7dftdmtthYkR27iEkSKQOm8e
yKkPdJD6/yXm2zLC6i+u18nJPH+lRSzZ5dI3UAmK6XaC8gWyTuPsu6GMSQNQfFqu
0vaorNCH/zq45IZmwCATwolR0c5S88S+XD5eQsaseTl4W2Daz+ZBdmiLtTTr+YVu
cc6lwy+foEaTM4Xh2/WuM6Pq1eorWCXE14eVLEmJH0xQmq1wDlCGFml57F77CltA
0iixQ0SyhPD1oYbcMszIlWDm045vxRi4zx36W7xnjzcIUXZLfPwv8zmjM98MBGAW
6U+Be7bmcTpyOGTF5sahx/Ul86gJ8qLEMltrwY2fhcRK
-----END CERTIFICATE-----
Generated at Tue Jul 1 01:16:33 2025 by rpki-client