Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa
File:                     9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa (raw, json)
Hash identifier:          1UyrGpzGs7uQs73JDdGIfDaQtIPTHIDTUdyJ+1uOM9A=
Subject key identifier:   7D:B6:F2:86:14:C7:6B:9C:3E:FF:7B:50:B0:BB:F4:5D:23:73:E8:6C
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       0A801F42248E8B84A0269A65510BBDE4A8F5FFB2
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa
Signing time:             Sat 25 Jan 2025 00:00:00 +0000
ROA not before:           Sat 25 Jan 2025 00:00:00 +0000
ROA not after:            Sat 01 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.74.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:80:1f:42:24:8e:8b:84:a0:26:9a:65:51:0b:bd:e4:a8:f5:ff:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jan 25 00:00:00 2025 GMT
            Not After : Mar  1 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:72:c3:48:39:bf:be:99:d1:52:50:11:01:2d:
                    1b:be:46:f1:fc:84:d6:7e:b8:23:84:08:6b:ec:d7:
                    eb:a8:7f:33:a8:1a:ee:22:12:bf:6a:ef:51:98:66:
                    09:06:9a:2f:98:d2:06:ec:40:4d:25:f3:e1:d7:d6:
                    a6:9b:df:17:d2:f8:0b:76:be:fc:51:9b:89:6c:b1:
                    d2:97:88:3e:71:04:89:51:ae:a0:db:de:d9:3f:1e:
                    41:ed:42:66:c2:64:f7:42:2f:e9:09:4e:d6:1d:9d:
                    5f:ed:c2:7a:d2:28:90:6a:d8:51:11:c2:c9:2f:17:
                    d9:cc:73:e8:37:97:2c:d4:f9:1c:33:13:57:30:1f:
                    4c:da:12:04:16:22:e3:04:8e:e0:47:5e:1c:17:c4:
                    52:cc:c9:7e:f1:c5:f5:f9:48:6a:52:de:f8:b5:29:
                    9c:7d:74:6f:74:67:48:12:dc:a2:6a:2c:9d:08:d7:
                    77:4d:a4:74:7d:21:d2:c8:30:37:55:90:60:32:6a:
                    31:e5:5d:91:95:ce:b2:a5:05:17:9b:3d:46:f3:db:
                    9d:86:8d:ee:de:3e:1b:5c:ed:33:c4:c9:4c:73:2a:
                    72:61:11:21:f5:f8:49:ec:54:a0:da:8a:b7:70:23:
                    33:2d:8d:1c:1b:f9:f3:4d:dc:3b:9a:d6:3c:e9:5d:
                    3a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:B6:F2:86:14:C7:6B:9C:3E:FF:7B:50:B0:BB:F4:5D:23:73:E8:6C
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9e56510b-5f1c-47f6-8a54-2ef9c96c572c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.74.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         73:d6:53:a8:d4:37:40:dc:cd:cf:10:24:39:bc:67:48:69:74:
         3e:16:15:a2:0b:2c:01:ac:e6:3a:9f:bc:e0:4f:59:a2:41:f4:
         7f:3c:b7:e9:67:17:43:aa:ea:57:36:a1:47:7f:a7:5e:54:6b:
         82:44:63:48:c5:b8:8a:24:70:00:81:f9:47:6d:c4:67:3a:b8:
         ea:8d:12:34:5b:17:67:e7:20:ad:8b:b0:83:b7:93:04:6e:27:
         53:b3:e7:f9:f5:9c:ad:4d:ef:cd:a7:e7:6f:75:63:02:73:6e:
         e0:cd:04:da:82:78:b8:5e:46:3c:52:8d:42:2a:bc:3e:ad:e1:
         86:ac:e7:e2:a2:3a:77:f7:b2:d8:3c:a7:8d:46:30:3a:54:47:
         55:3b:74:cd:38:05:a2:4c:cf:f2:b8:81:d6:52:2f:da:06:86:
         f8:4e:85:ff:4b:30:45:2e:80:32:ba:64:29:1e:55:1e:5e:96:
         c3:37:ba:1e:84:b3:32:9c:d1:58:7d:15:6f:4e:94:7b:2f:83:
         0d:9c:ac:a1:7f:99:8e:1e:1f:d8:6c:9c:93:05:3a:04:3b:ae:
         96:16:2f:6f:8f:42:59:a5:c2:28:13:9f:7b:8a:31:3b:c4:4f:
         9b:c6:26:6e:0a:e0:24:b5:5f:c9:32:0b:8a:b9:88:f8:32:a2:
         fc:01:5f:a7
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUCoAfQiSOi4SgJpplUQu95Kj1/7IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAxMjUwMDAwMDBaFw0yNTAzMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQGMxN2FlYWFmMTc4MTQzOWFkZDEwOGY0MzhhYzAxOThjZjliNjZjMzQ0OTBi
Y2EyNzdmMDg5NDI0NmY3NDRjY2QxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN5yw0g5v76Z0VJQEQEtG75G8fyE1n64I4QIa+zX66h/M6ga7iISv2rvUZhm
CQaaL5jSBuxATSXz4dfWppvfF9L4C3a+/FGbiWyx0peIPnEEiVGuoNve2T8eQe1C
ZsJk90Iv6QlO1h2dX+3CetIokGrYURHCyS8X2cxz6DeXLNT5HDMTVzAfTNoSBBYi
4wSO4EdeHBfEUszJfvHF9flIalLe+LUpnH10b3RnSBLcomosnQjXd02kdH0h0sgw
N1WQYDJqMeVdkZXOsqUFF5s9RvPbnYaN7t4+G1ztM8TJTHMqcmERIfX4SexUoNqK
t3AjMy2NHBv5803cO5rWPOldOocCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBR9tvKG
FMdrnD7/e1Cwu/RdI3PobDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWU1NjUxMGItNWYxYy00N2Y2LThhNTQtMmVmOWM5NmM1NzJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNKMA0G
CSqGSIb3DQEBCwUAA4IBAQBz1lOo1DdA3M3PECQ5vGdIaXQ+FhWiCywBrOY6n7zg
T1miQfR/PLfpZxdDqupXNqFHf6deVGuCRGNIxbiKJHAAgflHbcRnOrjqjRI0Wxdn
5yCti7CDt5MEbidTs+f59ZytTe/Np+dvdWMCc27gzQTagni4XkY8Uo1CKrw+reGG
rOfiojp397LYPKeNRjA6VEdVO3TNOAWiTM/yuIHWUi/aBob4ToX/SzBFLoAyumQp
HlUeXpbDN7oehLMynNFYfRVvTpR7L4MNnKyhf5mOHh/YbJyTBToEO66WFi9vj0JZ
pcIoE597ijE7xE+bxiZuCuAktV/JMguKuYj4MqL8AV+n
-----END CERTIFICATE-----