Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a08b99a-284f-4e69-83b1-fbfba94e7f22.roa
File:                     9a08b99a-284f-4e69-83b1-fbfba94e7f22.roa (raw, json)
Hash identifier:          zWQuyETDgb9vAAqbwZy12/mbHf3FBVaNNXJuoPsOHNA=
Subject key identifier:   A8:70:60:7A:7C:ED:0E:FB:2F:92:18:BF:9C:3F:DA:51:99:FE:FC:64
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5B005148C12F8D6809C0192E188E806AFCDB8F61
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a08b99a-284f-4e69-83b1-fbfba94e7f22.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        145.55.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:00:51:48:c1:2f:8d:68:09:c0:19:2e:18:8e:80:6a:fc:db:8f:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:cd:ac:09:c9:13:e6:a7:16:f1:59:da:84:54:
                    a9:4e:8e:ae:78:81:3d:d9:34:e3:ac:2d:18:c7:b4:
                    17:a4:c8:14:7d:64:9d:44:d3:f3:8c:e5:4a:71:82:
                    d6:1e:0c:cb:be:47:9d:d3:7f:0c:aa:34:04:e9:f7:
                    16:10:79:54:58:bf:38:c7:0e:b2:55:6c:7e:34:ac:
                    f5:33:bb:5f:e1:6a:77:73:3d:7e:32:49:c5:0e:82:
                    3c:15:3e:75:72:f4:68:3c:7f:59:d2:82:83:e3:a5:
                    50:0e:b3:25:19:62:08:94:ab:20:90:fd:0e:9e:db:
                    66:16:10:ab:85:8d:dd:ee:c6:3e:65:67:4b:73:78:
                    ad:f4:ed:f5:46:1d:ae:8d:f8:68:be:f4:78:f8:99:
                    e0:52:13:34:55:9d:79:1c:8b:32:aa:f4:2b:d2:ef:
                    08:ff:85:2c:da:a9:ee:12:4d:28:a6:a8:6a:35:f6:
                    3e:5f:97:10:86:28:4a:56:f2:5d:2c:b6:a8:b9:30:
                    6c:d7:9c:31:d0:b8:6a:67:70:31:7a:f1:99:b9:22:
                    33:bb:19:33:72:c3:1f:cf:35:32:b8:f8:31:b3:82:
                    0b:0c:50:39:9e:b5:b6:f7:3a:e7:46:63:6a:f6:e6:
                    11:b7:06:b7:cb:62:cb:a7:eb:f1:05:b5:cb:f5:57:
                    1c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:70:60:7A:7C:ED:0E:FB:2F:92:18:BF:9C:3F:DA:51:99:FE:FC:64
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a08b99a-284f-4e69-83b1-fbfba94e7f22.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.55.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9a:de:4b:e1:e1:65:81:52:64:97:48:e6:af:10:9b:7e:4d:a5:
         34:a2:0d:a9:d7:25:13:70:75:62:4b:45:d8:9d:44:15:16:5b:
         db:be:07:1a:ea:f6:e7:81:cd:1e:40:ec:f0:ec:99:bc:21:6a:
         b8:4a:a0:81:dd:91:ca:99:00:d6:c3:cc:d1:e0:00:56:82:ad:
         eb:f8:cf:ec:ec:5e:a5:3a:d2:ba:87:0b:0c:c2:aa:37:b6:75:
         ee:71:a7:9d:0b:26:c9:ce:71:c3:d5:3d:0f:c9:0b:d4:6a:65:
         65:ee:0b:61:2f:52:fa:d7:38:90:ca:24:60:1b:4c:a2:ad:2e:
         aa:fb:ac:04:aa:fe:3c:7b:9e:1d:bf:a5:43:c5:e2:e4:0b:8b:
         5c:34:7a:eb:e5:ca:e8:bd:25:51:f5:f9:c4:ba:12:19:e7:32:
         0f:41:9c:d5:20:49:81:ad:b5:08:8c:82:4b:99:98:5f:c6:74:
         75:cf:a1:54:7b:22:69:f8:fb:c8:d1:65:db:8b:c6:da:a5:0e:
         54:6f:99:12:88:ea:51:83:21:c3:83:4a:2c:d5:14:15:05:82:
         93:d4:85:a7:f7:09:c3:e7:76:97:71:44:8b:30:5c:fb:96:1e:
         03:51:44:70:34:35:28:27:8b:28:a9:ea:67:ef:39:0b:f6:56:
         54:8c:ac:91
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUWwBRSMEvjWgJwBkuGI6Aavzbj2EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDU5MzQ2OGU2MjVjOGRhZTA0ZjM0OTcwZWZlYWRhNDRjZGRkMmUzM2UyMTRl
NzMwNmY4NDIxMTg2ZjQ1NzI0MDIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMzNrAnJE+anFvFZ2oRUqU6OrniBPdk046wtGMe0F6TIFH1knUTT84zlSnGC
1h4My75HndN/DKo0BOn3FhB5VFi/OMcOslVsfjSs9TO7X+Fqd3M9fjJJxQ6CPBU+
dXL0aDx/WdKCg+OlUA6zJRliCJSrIJD9Dp7bZhYQq4WN3e7GPmVnS3N4rfTt9UYd
ro34aL70ePiZ4FITNFWdeRyLMqr0K9LvCP+FLNqp7hJNKKaoajX2Pl+XEIYoSlby
XSy2qLkwbNecMdC4amdwMXrxmbkiM7sZM3LDH881Mrj4MbOCCwxQOZ61tvc650Zj
avbmEbcGt8tiy6fr8QW1y/VXHPMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSocGB6
fO0O+y+SGL+cP9pRmf78ZDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWEwOGI5OWEtMjg0Zi00ZTY5LTgzYjEtZmJmYmE5NGU3ZjIyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJE3MA0G
CSqGSIb3DQEBCwUAA4IBAQCa3kvh4WWBUmSXSOavEJt+TaU0og2p1yUTcHViS0XY
nUQVFlvbvgca6vbngc0eQOzw7Jm8IWq4SqCB3ZHKmQDWw8zR4ABWgq3r+M/s7F6l
OtK6hwsMwqo3tnXucaedCybJznHD1T0PyQvUamVl7gthL1L61ziQyiRgG0yirS6q
+6wEqv48e54dv6VDxeLkC4tcNHrr5crovSVR9fnEuhIZ5zIPQZzVIEmBrbUIjIJL
mZhfxnR1z6FUeyJp+PvI0WXbi8bapQ5Ub5kSiOpRgyHDg0os1RQVBYKT1IWn9wnD
53aXcUSLMFz7lh4DUURwNDUoJ4soqepn7zkL9lZUjKyR
-----END CERTIFICATE-----