Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa
File:                     9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa (raw, json)
Hash identifier:          xp+hlzFjH0ZlvYzytEz8UeuU3cLKMAu1Qy71r/QmyGE=
Subject key identifier:   78:22:28:8B:8A:5B:BD:65:63:E7:1B:6C:CF:B6:82:02:11:DF:EF:56
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       060F552AF58D2869A82AA052150BE67AB28A2086
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa
Signing time:             Wed 19 Feb 2025 00:40:09 +0000
ROA not before:           Wed 19 Feb 2025 00:40:09 +0000
ROA not after:            Wed 26 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.74.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:0f:55:2a:f5:8d:28:69:a8:2a:a0:52:15:0b:e6:7a:b2:8a:20:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb 19 00:40:09 2025 GMT
            Not After : Mar 26 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:32:05:3b:b5:36:db:f8:73:55:90:8b:a5:18:
                    84:05:e8:71:ef:74:0b:c6:35:30:e0:d1:b2:36:2b:
                    27:42:29:0f:fd:9e:b6:75:de:c6:05:54:97:0b:08:
                    53:2e:ab:32:9c:49:67:36:14:16:8c:c4:1c:f6:93:
                    c5:a5:05:60:48:fd:89:fa:ad:ea:10:35:9f:fe:63:
                    d3:08:aa:90:9d:0b:b2:7d:97:e7:4e:38:7c:71:6f:
                    6a:0f:1d:6b:7b:cc:58:0d:6d:da:75:99:e6:dc:dd:
                    2a:dd:03:cc:df:fa:b1:ec:23:78:0d:c9:fb:e4:7e:
                    d1:79:3c:ec:0e:ce:c3:5e:68:81:77:9c:a2:ff:9f:
                    fe:af:6f:fb:a4:87:1f:9a:59:53:ad:f3:46:02:30:
                    05:3d:5a:f0:38:be:ca:b2:d6:02:ad:46:6a:65:a1:
                    eb:3a:9d:e4:d4:81:df:e9:b8:3e:d7:66:5f:b3:a0:
                    49:8e:4d:fb:55:65:91:5c:bd:3f:12:2a:89:1b:60:
                    76:a6:4d:bf:70:2c:a3:da:d0:15:79:86:49:21:02:
                    bf:ba:65:fd:e2:3c:a3:95:cc:55:51:ad:ad:1b:c3:
                    5e:a8:51:e3:65:c2:67:7b:ea:4b:7b:ef:87:f3:5c:
                    76:58:90:39:1c:0c:41:c5:1d:f5:f0:52:d6:98:0f:
                    56:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:22:28:8B:8A:5B:BD:65:63:E7:1B:6C:CF:B6:82:02:11:DF:EF:56
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.74.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c4:24:be:cc:11:35:64:c4:1e:a8:87:dc:bc:31:59:68:2d:00:
         87:7d:82:19:06:ec:99:41:c4:8e:0c:c5:55:16:f9:8e:02:a6:
         5b:63:58:54:dc:c6:fe:a8:46:17:27:96:72:59:a6:4c:07:1d:
         e8:16:55:c4:e2:0e:90:a2:e8:00:dd:27:87:48:5f:e4:7d:d5:
         39:a4:06:95:68:49:d0:85:42:8a:d0:8a:29:38:fa:55:54:0e:
         18:b5:6a:87:9d:d5:23:f9:13:85:b4:af:44:cf:c0:5a:78:b6:
         cc:6c:77:e2:06:59:4d:62:6b:99:4f:92:33:d3:ab:8c:e0:a5:
         1e:4a:b4:a4:b1:92:bb:14:cb:1d:8c:dc:88:1b:27:60:c8:ff:
         93:a3:4e:b0:bb:bf:62:3b:e3:af:8d:bd:dd:dc:a2:a8:f8:e6:
         97:66:66:80:6a:4b:c5:b1:b5:a1:b0:6e:0c:12:73:3f:d5:60:
         7d:cc:9e:35:f7:c7:81:4d:12:b6:8f:15:ce:6f:9c:dc:e7:4c:
         d2:76:0d:03:b2:13:50:23:f7:30:4b:04:23:a7:d9:cc:c0:b5:
         5b:b4:1a:78:1f:ff:e4:a2:3b:2c:d8:90:17:67:5c:25:3d:bb:
         21:94:0e:b7:5b:0c:ed:79:e9:f3:21:13:db:65:0b:c5:ab:bf:
         bf:f8:32:ff
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUBg9VKvWNKGmoKqBSFQvmerKKIIYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMTkwMDQwMDlaFw0yNTAzMjYyMzU5NTlaMHoxSTBHBgNV
BAUTQGE2YzZlMGY5YTUyN2RkMTQ2YmY4NGM1MjEwMmQ0ZGUzZGQ2NTgwNDdiNTRl
NTc5ZDhiOGMyZWU4NzI3OGUwMTcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPEyBTu1Ntv4c1WQi6UYhAXoce90C8Y1MODRsjYrJ0IpD/2etnXexgVUlwsI
Uy6rMpxJZzYUFozEHPaTxaUFYEj9ifqt6hA1n/5j0wiqkJ0Lsn2X5044fHFvag8d
a3vMWA1t2nWZ5tzdKt0DzN/6sewjeA3J++R+0Xk87A7Ow15ogXecov+f/q9v+6SH
H5pZU63zRgIwBT1a8Di+yrLWAq1GamWh6zqd5NSB3+m4PtdmX7OgSY5N+1VlkVy9
PxIqiRtgdqZNv3Aso9rQFXmGSSECv7pl/eI8o5XMVVGtrRvDXqhR42XCZ3vqS3vv
h/NcdliQORwMQcUd9fBS1pgPVlcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBR4IiiL
ilu9ZWPnG2zPtoICEd/vVjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWU1NjUxMGItNWYxYy00N2Y2LThhNTQtMmVmOWM5NmM1NzJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNKMA0G
CSqGSIb3DQEBCwUAA4IBAQDEJL7METVkxB6oh9y8MVloLQCHfYIZBuyZQcSODMVV
FvmOAqZbY1hU3Mb+qEYXJ5ZyWaZMBx3oFlXE4g6QougA3SeHSF/kfdU5pAaVaEnQ
hUKK0IopOPpVVA4YtWqHndUj+ROFtK9Ez8BaeLbMbHfiBllNYmuZT5Iz06uM4KUe
SrSksZK7FMsdjNyIGydgyP+To06wu79iO+Ovjb3d3KKo+OaXZmaAakvFsbWhsG4M
EnM/1WB9zJ4198eBTRK2jxXOb5zc50zSdg0DshNQI/cwSwQjp9nMwLVbtBp4H//k
ojss2JAXZ1wlPbshlA63WwzteenzIRPbZQvFq7+/+DL/
-----END CERTIFICATE-----