Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/97585122-fbed-4029-849a-162097054103.roa
File:                     97585122-fbed-4029-849a-162097054103.roa (raw, json)
Hash identifier:          DuPvuR3Tg/9pFHNQumT2Rx51ALG3t/tmUp/vWMkfoW4=
Subject key identifier:   6A:3E:5E:BF:5A:88:5B:68:44:DD:E8:1D:A7:E3:36:C9:84:92:A4:4A
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       7D7D110877B9B5C5414BED00B166EBF029996747
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/97585122-fbed-4029-849a-162097054103.roa
Signing time:             Tue 06 May 2025 00:50:18 +0000
ROA not before:           Tue 06 May 2025 00:50:18 +0000
ROA not after:            Tue 10 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.72.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:7d:11:08:77:b9:b5:c5:41:4b:ed:00:b1:66:eb:f0:29:99:67:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May  6 00:50:18 2025 GMT
            Not After : Jun 10 23:59:59 2025 GMT
        Subject: serialNumber=e3e136390f7f1c71d782a38c3551ac91c0da9411f6779838646e24d9d6efe671, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:e5:ef:a8:2a:e8:aa:0c:ab:8e:0e:b0:2d:86:
                    a9:43:22:21:53:8f:2e:af:f6:74:74:58:6a:37:28:
                    a1:df:a1:2d:8e:0d:10:40:27:7c:61:6e:35:5b:0e:
                    4c:32:cf:bb:8c:42:cf:25:78:a0:68:ec:e3:7a:a0:
                    21:66:bb:d6:d2:47:f7:c8:5b:2c:1b:eb:9c:a0:95:
                    8c:c2:c6:f5:e4:a6:cc:67:61:8c:0c:22:f6:b8:06:
                    e6:ac:69:d3:38:a0:51:bf:c3:43:de:fe:20:66:4c:
                    48:17:cc:32:09:d8:03:df:b4:e4:fa:2c:67:83:c9:
                    65:56:de:7a:53:36:dc:d9:d0:16:18:69:38:e2:25:
                    06:04:fc:b5:17:a6:51:6b:68:af:d9:b9:14:26:67:
                    7f:be:90:77:2e:fb:bb:c5:43:47:7a:66:5a:fe:65:
                    f3:94:6d:64:f1:4f:31:5c:a7:bc:30:90:af:71:38:
                    a9:db:14:f1:12:1d:db:4a:f2:ca:2a:a6:2a:08:b7:
                    8c:b3:86:ba:c4:c8:88:dd:ad:73:60:21:29:b2:3c:
                    45:88:5c:6f:21:52:f2:9c:56:a0:f9:d7:ca:4f:7c:
                    0d:0e:e3:52:81:6c:98:df:f1:09:cd:b0:64:5a:4a:
                    fc:b6:2e:b1:b4:64:89:74:3c:76:f5:01:af:c8:2f:
                    0a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:3E:5E:BF:5A:88:5B:68:44:DD:E8:1D:A7:E3:36:C9:84:92:A4:4A
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/97585122-fbed-4029-849a-162097054103.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.72.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         49:84:f6:4f:cb:8b:46:d2:8c:df:39:6b:87:f5:da:39:c2:cd:
         23:0d:b7:39:c3:7c:04:24:19:2a:01:a0:4b:d1:92:61:6c:b5:
         6b:12:da:e1:59:0a:3c:29:e5:60:47:c6:46:e6:be:7f:4e:dd:
         29:32:48:31:4b:3d:6b:a5:38:33:e8:97:08:06:3f:5d:7a:30:
         b9:65:90:0d:a5:64:56:78:9f:0c:95:12:a2:37:36:c7:a8:56:
         4b:d6:5f:38:06:46:c8:87:1b:46:aa:ed:a1:4e:48:82:ff:57:
         9b:69:0f:da:5c:b8:1f:b9:a8:86:ba:0b:9b:69:80:5b:6f:b5:
         d5:1f:8b:f8:ca:87:ec:24:96:44:5d:9c:f3:e9:82:b6:26:6e:
         19:a8:8a:23:51:b2:3a:4f:af:58:f3:b2:44:57:9e:41:e7:b7:
         0f:ae:4a:dc:05:0d:42:fc:df:18:fa:3a:2c:2f:87:e2:e3:76:
         dc:85:d9:b0:29:00:80:95:28:66:31:ff:f7:08:27:9e:74:61:
         16:a2:72:ba:98:d3:14:6f:88:76:cc:6f:34:35:2c:fa:76:69:
         ad:2a:1d:bc:56:9b:ca:49:83:f2:73:72:cb:f4:54:77:2a:ca:
         21:ba:02:cb:3d:7e:58:1a:b3:ad:b9:0a:2e:a1:dc:ff:0f:66:
         90:15:f1:95
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUfX0RCHe5tcVBS+0AsWbr8CmZZ0cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MDYwMDUwMThaFw0yNTA2MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGUzZTEzNjM5MGY3ZjFjNzFkNzgyYTM4YzM1NTFhYzkxYzBkYTk0MTFmNjc3
OTgzODY0NmUyNGQ5ZDZlZmU2NzExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOzl76gq6KoMq44OsC2GqUMiIVOPLq/2dHRYajcood+hLY4NEEAnfGFuNVsO
TDLPu4xCzyV4oGjs43qgIWa71tJH98hbLBvrnKCVjMLG9eSmzGdhjAwi9rgG5qxp
0zigUb/DQ97+IGZMSBfMMgnYA9+05PosZ4PJZVbeelM23NnQFhhpOOIlBgT8tRem
UWtor9m5FCZnf76Qdy77u8VDR3pmWv5l85RtZPFPMVynvDCQr3E4qdsU8RId20ry
yiqmKgi3jLOGusTIiN2tc2AhKbI8RYhcbyFS8pxWoPnXyk98DQ7jUoFsmN/xCc2w
ZFpK/LYusbRkiXQ8dvUBr8gvCgcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRqPl6/
WohbaETd6B2n4zbJhJKkSjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTc1ODUxMjItZmJlZC00MDI5LTg0OWEtMTYyMDk3MDU0MTAzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNIMA0G
CSqGSIb3DQEBCwUAA4IBAQBJhPZPy4tG0ozfOWuH9do5ws0jDbc5w3wEJBkqAaBL
0ZJhbLVrEtrhWQo8KeVgR8ZG5r5/Tt0pMkgxSz1rpTgz6JcIBj9dejC5ZZANpWRW
eJ8MlRKiNzbHqFZL1l84BkbIhxtGqu2hTkiC/1ebaQ/aXLgfuaiGugubaYBbb7XV
H4v4yofsJJZEXZzz6YK2Jm4ZqIojUbI6T69Y87JEV55B57cPrkrcBQ1C/N8Y+jos
L4fi43bchdmwKQCAlShmMf/3CCeedGEWonK6mNMUb4h2zG80NSz6dmmtKh28VpvK
SYPyc3LL9FR3KsohugLLPX5YGrOtuQouodz/D2aQFfGV
-----END CERTIFICATE-----
Generated at Fri May 9 13:13:17 2025 by rpki-client