Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa
File:                     9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa (raw, json)
Hash identifier:          oF5Ol/WVHxiYDJTUb5k7N1QqL3pWtXCWAw+BhwZg6Eg=
Subject key identifier:   17:48:00:82:BB:1A:67:09:6E:99:20:84:09:BC:33:6B:2B:AA:4A:F1
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       2AE72D630F87FDA2B8F6D90A1F4F3BD0A160FE0F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa
Signing time:             Tue 06 May 2025 00:50:19 +0000
ROA not before:           Tue 06 May 2025 00:50:19 +0000
ROA not after:            Tue 10 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.74.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:e7:2d:63:0f:87:fd:a2:b8:f6:d9:0a:1f:4f:3b:d0:a1:60:fe:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May  6 00:50:19 2025 GMT
            Not After : Jun 10 23:59:59 2025 GMT
        Subject: serialNumber=70018627e14ec9e405decbdc587edc4be460a7939806d82eecfd234dc675139a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e9:12:f0:5d:9e:16:b5:6d:42:3b:fc:e4:16:
                    53:b0:3e:b0:72:ee:58:50:9e:d8:c4:62:f5:0b:c1:
                    c7:c3:45:f9:54:b2:48:87:f4:3a:e6:3f:d7:a1:ba:
                    86:de:14:6a:b5:c2:1b:7a:be:62:90:2a:fb:60:10:
                    81:d5:27:f8:bb:54:27:e4:df:c2:13:70:6d:92:4c:
                    60:2a:8b:30:e8:ba:e0:a7:30:c5:f5:e7:fd:40:9c:
                    77:84:bd:e9:45:c6:00:0d:e7:04:f6:7f:c6:46:79:
                    73:17:36:84:74:f8:f7:d2:d9:5c:5f:84:90:b0:13:
                    8e:64:40:72:59:21:e2:c5:44:24:30:13:e4:29:13:
                    10:29:7a:be:77:3c:aa:66:79:c5:52:2b:63:67:b2:
                    36:be:af:ea:ff:11:66:18:fd:05:78:e8:04:40:6e:
                    c6:16:be:47:6d:d9:cb:76:44:5b:ce:09:6a:58:73:
                    44:02:34:b1:7c:a3:46:ef:47:25:33:9a:9b:fe:9a:
                    7c:31:13:a3:18:65:71:67:a1:e5:ac:2c:99:7a:99:
                    91:5a:b3:23:ef:c5:08:11:7c:05:d7:94:8f:35:86:
                    de:71:1c:30:a5:e8:7f:b7:81:1c:55:cb:76:e2:76:
                    86:a1:4d:b8:39:78:d1:5c:c4:18:68:d3:e7:95:39:
                    ea:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:48:00:82:BB:1A:67:09:6E:99:20:84:09:BC:33:6B:2B:AA:4A:F1
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.74.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c1:6a:ae:0c:dc:88:c4:82:f4:08:6e:2f:49:a0:6c:9b:83:10:
         e7:1b:2d:21:82:9b:d6:03:2e:75:c2:d2:56:df:71:9e:70:bd:
         fb:69:86:39:53:db:fc:10:6e:95:1f:8d:26:a4:e9:db:2e:e9:
         c5:e5:20:da:21:07:f8:36:98:8b:9f:a4:5f:6e:f6:95:74:dd:
         4a:7a:21:54:a7:b5:60:84:55:08:a0:b3:76:60:81:27:ad:3d:
         03:42:4b:16:de:eb:13:35:dd:20:2d:7c:1f:37:06:43:e4:54:
         24:9e:5c:5b:76:76:f9:ba:ca:7e:1b:6d:74:a8:23:b9:6e:c5:
         43:84:30:21:08:c1:83:f4:8b:c6:a8:c7:4e:4a:11:61:4c:3e:
         e0:d8:81:48:10:24:23:40:1e:f7:6b:ef:89:77:14:c0:f0:00:
         13:21:24:77:2f:45:46:57:d9:70:cd:78:30:91:d4:df:6e:73:
         3c:e0:46:a3:c3:ee:02:40:32:fd:9c:37:56:fd:93:5b:42:d2:
         4c:e6:9b:91:34:24:f4:90:6e:b1:ef:e6:e4:99:7a:e7:67:23:
         7e:ef:67:f5:e1:8c:8e:49:d2:bf:b5:de:9e:0c:07:2e:90:53:
         3d:6f:7f:11:12:16:aa:e6:43:04:b5:8e:06:76:22:46:f3:cc:
         8c:c5:2c:58
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUKuctYw+H/aK49tkKH0870KFg/g8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MDYwMDUwMTlaFw0yNTA2MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDcwMDE4NjI3ZTE0ZWM5ZTQwNWRlY2JkYzU4N2VkYzRiZTQ2MGE3OTM5ODA2
ZDgyZWVjZmQyMzRkYzY3NTEzOWExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM3pEvBdnha1bUI7/OQWU7A+sHLuWFCe2MRi9QvBx8NF+VSySIf0OuY/16G6
ht4UarXCG3q+YpAq+2AQgdUn+LtUJ+TfwhNwbZJMYCqLMOi64KcwxfXn/UCcd4S9
6UXGAA3nBPZ/xkZ5cxc2hHT499LZXF+EkLATjmRAclkh4sVEJDAT5CkTECl6vnc8
qmZ5xVIrY2eyNr6v6v8RZhj9BXjoBEBuxha+R23Zy3ZEW84JalhzRAI0sXyjRu9H
JTOam/6afDEToxhlcWeh5awsmXqZkVqzI+/FCBF8BdeUjzWG3nEcMKXof7eBHFXL
duJ2hqFNuDl40VzEGGjT55U56kkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQXSACC
uxpnCW6ZIIQJvDNrK6pK8TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWU1NjUxMGItNWYxYy00N2Y2LThhNTQtMmVmOWM5NmM1NzJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNKMA0G
CSqGSIb3DQEBCwUAA4IBAQDBaq4M3IjEgvQIbi9JoGybgxDnGy0hgpvWAy51wtJW
33GecL37aYY5U9v8EG6VH40mpOnbLunF5SDaIQf4NpiLn6RfbvaVdN1KeiFUp7Vg
hFUIoLN2YIEnrT0DQksW3usTNd0gLXwfNwZD5FQknlxbdnb5usp+G210qCO5bsVD
hDAhCMGD9IvGqMdOShFhTD7g2IFIECQjQB73a++JdxTA8AATISR3L0VGV9lwzXgw
kdTfbnM84Eajw+4CQDL9nDdW/ZNbQtJM5puRNCT0kG6x7+bkmXrnZyN+72f14YyO
SdK/td6eDAcukFM9b38REhaq5kMEtY4GdiJG88yMxSxY
-----END CERTIFICATE-----
Generated at Fri May 9 07:30:54 2025 by rpki-client