Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b1f2e92a-59bb-45af-9b7f-630a07248560.roa
File:                     b1f2e92a-59bb-45af-9b7f-630a07248560.roa (raw, json)
Hash identifier:          XEQW1Dc9F+TCXAnUDdbvd13cEVfSfqgyQqzNHo7E5gI=
Subject key identifier:   9F:3C:8B:60:03:AD:E7:F8:08:8C:C0:4C:D6:9E:EA:3A:36:1E:C1:E3
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5F14B7F4F899B452BEDDBC9AC624A3178743B925
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b1f2e92a-59bb-45af-9b7f-630a07248560.roa
Signing time:             Tue 06 May 2025 00:50:15 +0000
ROA not before:           Tue 06 May 2025 00:50:15 +0000
ROA not after:            Tue 10 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.240.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:14:b7:f4:f8:99:b4:52:be:dd:bc:9a:c6:24:a3:17:87:43:b9:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May  6 00:50:15 2025 GMT
            Not After : Jun 10 23:59:59 2025 GMT
        Subject: serialNumber=e2fa9a026ba1c47f1968094592c7184360cbbf6ed2ba46a5cd9610d06f5f6dc0, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:08:5a:51:49:27:31:0e:9f:47:16:58:ef:dd:
                    24:a6:c1:d5:0d:b7:f1:a1:ff:e7:e8:9b:20:df:f9:
                    38:22:01:5d:9a:36:b5:b1:43:82:de:35:dc:3c:3c:
                    0d:b0:cf:91:bf:89:5a:d8:2b:04:36:16:72:d2:11:
                    7e:70:54:9e:be:12:62:ee:c5:69:59:8e:90:9a:1b:
                    85:5f:c6:de:ab:16:ed:d7:6c:90:06:03:4c:6f:13:
                    70:62:e3:64:7e:d7:71:d6:cf:67:ff:a3:bf:a6:72:
                    92:01:fe:f5:ec:94:17:f8:3d:32:d3:54:5b:ba:ad:
                    e8:38:4b:1b:17:a3:ba:99:46:ed:a9:8a:7f:37:27:
                    10:4f:71:37:45:fa:e9:3f:ca:36:c8:30:7a:5d:37:
                    af:5d:90:ea:72:9a:3f:11:87:f4:f6:87:6a:58:2e:
                    c9:8d:03:12:16:8c:5f:c7:39:fc:b0:4b:6e:3b:72:
                    f7:80:35:96:2d:b9:71:c7:05:87:f0:d0:3a:87:76:
                    ed:42:9f:06:73:5d:8b:87:d0:5c:a0:42:31:0f:db:
                    18:2a:ca:f8:31:bb:cb:d6:7c:0d:af:63:3b:10:43:
                    d2:b9:e0:88:ec:48:da:ea:33:7e:08:19:51:fd:7e:
                    69:0b:9d:f8:de:4e:85:05:02:4d:a6:1b:21:1d:76:
                    48:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:3C:8B:60:03:AD:E7:F8:08:8C:C0:4C:D6:9E:EA:3A:36:1E:C1:E3
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b1f2e92a-59bb-45af-9b7f-630a07248560.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.240.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         38:eb:3c:4a:3f:77:26:c1:b4:e1:56:ef:df:ac:3b:6d:15:d3:
         da:24:8c:3f:9d:fc:aa:d3:c5:df:73:93:3e:82:af:cf:ac:e5:
         47:7d:e4:fe:c2:fe:e7:3f:70:a5:ef:07:86:fb:78:48:0c:23:
         a0:0d:a6:b1:e0:db:89:83:3d:68:83:cc:b1:e3:55:14:db:3e:
         f4:1e:d6:80:e6:70:f3:e5:c6:2b:41:70:90:57:69:bd:f6:ca:
         bb:f5:e0:99:51:e1:af:ed:ff:8f:ff:fd:8a:e5:22:74:b6:fd:
         d9:b0:d8:68:3e:33:d1:a5:4f:3c:a9:43:70:3d:03:2d:aa:f1:
         84:a3:db:64:67:8f:1e:e1:b4:c5:eb:94:1d:86:9a:d0:90:52:
         ba:01:af:eb:ea:96:1c:fa:0b:b4:f1:c4:31:48:cd:a9:83:b1:
         60:4d:fc:d1:f3:77:a1:18:9f:32:fd:05:13:b9:3f:cc:e1:95:
         f8:a6:7e:5b:1a:f2:91:a5:34:88:79:72:9a:32:1d:7f:c2:f5:
         19:13:ac:fe:02:58:a7:f8:5f:da:2f:d7:aa:ae:a4:6a:6c:de:
         01:87:4f:cb:15:64:94:eb:96:a4:8f:e7:c4:4b:f8:2f:33:24:
         2e:21:e9:11:14:7b:8e:05:42:f3:c5:bb:62:25:d1:a8:3c:7d:
         23:dd:58:0d
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXxS39PiZtFK+3byaxiSjF4dDuSUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MDYwMDUwMTVaFw0yNTA2MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyZmE5YTAyNmJhMWM0N2YxOTY4MDk0NTkyYzcxODQzNjBjYmJmNmVkMmJh
NDZhNWNkOTYxMGQwNmY1ZjZkYzAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANkIWlFJJzEOn0cWWO/dJKbB1Q238aH/5+ibIN/5OCIBXZo2tbFDgt413Dw8
DbDPkb+JWtgrBDYWctIRfnBUnr4SYu7FaVmOkJobhV/G3qsW7ddskAYDTG8TcGLj
ZH7XcdbPZ/+jv6ZykgH+9eyUF/g9MtNUW7qt6DhLGxejuplG7amKfzcnEE9xN0X6
6T/KNsgwel03r12Q6nKaPxGH9PaHalguyY0DEhaMX8c5/LBLbjty94A1li25cccF
h/DQOod27UKfBnNdi4fQXKBCMQ/bGCrK+DG7y9Z8Da9jOxBD0rngiOxI2uozfggZ
Uf1+aQud+N5OhQUCTaYbIR12SMcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSfPItg
A63n+AiMwEzWnuo6Nh7B4zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YjFmMmU5MmEtNTliYi00NWFmLTliN2YtNjMwYTA3MjQ4NTYwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADPwMA0G
CSqGSIb3DQEBCwUAA4IBAQA46zxKP3cmwbThVu/frDttFdPaJIw/nfyq08Xfc5M+
gq/PrOVHfeT+wv7nP3Cl7weG+3hIDCOgDaax4NuJgz1og8yx41UU2z70HtaA5nDz
5cYrQXCQV2m99sq79eCZUeGv7f+P//2K5SJ0tv3ZsNhoPjPRpU88qUNwPQMtqvGE
o9tkZ48e4bTF65QdhprQkFK6Aa/r6pYc+gu08cQxSM2pg7FgTfzR83ehGJ8y/QUT
uT/M4ZX4pn5bGvKRpTSIeXKaMh1/wvUZE6z+Alin+F/aL9eqrqRqbN4Bh0/LFWSU
65akj+fES/gvMyQuIekRFHuOBULzxbtiJdGoPH0j3VgN
-----END CERTIFICATE-----
Generated at Fri May 9 08:38:49 2025 by rpki-client