Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d371c773-1aa2-4d5b-9804-ea5d64fadc0a.roa
File:                     d371c773-1aa2-4d5b-9804-ea5d64fadc0a.roa (raw, json)
Hash identifier:          fgqODRGFjvw+uNnYqsER+Uu+VKEch1OMiuqeubcpLIE=
Subject key identifier:   9F:DD:F8:83:C2:06:26:5D:54:2C:10:09:E2:B0:BE:67:BA:D2:2A:1E
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       73B95D86EBE97A861EFC7DA22BA0FD4615420DD7
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d371c773-1aa2-4d5b-9804-ea5d64fadc0a.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        143.65.224.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:b9:5d:86:eb:e9:7a:86:1e:fc:7d:a2:2b:a0:fd:46:15:42:0d:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:02:b6:3f:54:b7:df:ae:f1:a3:66:5c:62:6e:
                    74:54:04:5e:7e:8b:90:0e:71:d8:2d:07:5a:d5:0e:
                    bb:e0:d2:05:0f:d0:6b:e3:77:38:c5:0b:c6:14:c1:
                    ee:54:5d:87:63:62:5b:6f:b3:3e:f5:7b:a9:7b:fe:
                    51:1a:59:54:35:56:49:a0:b6:e4:2f:45:39:57:4a:
                    d9:6f:87:a4:4e:5b:1a:2a:2e:1e:45:ca:94:e9:e3:
                    6e:db:98:fe:ba:48:21:01:2f:11:9f:bc:5c:6f:ac:
                    44:b4:d1:ab:6a:0c:36:cf:ef:9d:3c:4f:0e:5e:f6:
                    ce:b5:bd:f2:5b:20:a4:01:60:01:63:c9:3c:b6:67:
                    b0:da:99:2a:06:e4:f0:0a:8b:bd:b2:6f:97:40:1f:
                    2f:4b:32:5c:f3:f0:c5:51:65:97:84:89:7a:cb:ce:
                    82:fc:4a:39:71:bd:09:45:4e:7c:ac:92:80:d0:33:
                    3f:b2:a2:cf:07:2a:f6:14:c3:1d:18:4f:4c:9c:4b:
                    27:71:a4:41:72:14:98:56:58:41:af:22:1f:6d:fc:
                    59:69:a2:bc:ee:1d:e5:eb:58:bf:59:a7:71:f9:9a:
                    da:bf:3f:26:94:a5:bb:a1:8c:c2:99:1b:4d:f2:f7:
                    6a:db:b1:c6:93:00:44:8e:c0:1e:28:e9:49:cf:98:
                    5f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:DD:F8:83:C2:06:26:5D:54:2C:10:09:E2:B0:BE:67:BA:D2:2A:1E
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d371c773-1aa2-4d5b-9804-ea5d64fadc0a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.65.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         75:ef:b0:ab:21:5f:c3:9c:96:f7:ab:99:4e:72:38:a2:98:de:
         d7:37:db:8c:78:a1:0f:9b:9d:c4:95:8f:31:83:7e:6b:fb:69:
         61:46:f3:b0:ae:f9:2d:c8:f4:5d:d2:f7:a0:7a:35:c1:6e:7b:
         8d:68:25:7d:4e:e9:ef:27:da:e4:38:62:53:d4:0b:cf:d5:ea:
         21:34:38:1a:04:34:67:99:c6:ea:48:f8:92:cd:db:04:ff:ef:
         65:58:fc:54:5d:d6:a2:8b:09:7c:bd:f0:e4:0e:31:c6:6c:22:
         4d:ef:ac:ea:50:f5:b9:1b:29:a3:62:56:89:15:a3:c3:b7:59:
         41:44:8b:85:dd:0e:0d:8c:30:a4:4f:69:a2:5e:03:ca:8e:85:
         35:b6:d4:be:0c:5e:72:42:da:07:86:c4:04:79:37:e6:b5:9b:
         74:30:ba:cd:af:43:eb:1c:2d:4b:64:1b:e6:a4:ae:41:90:65:
         0d:df:0f:af:cb:07:3f:9c:0f:06:f2:a6:83:67:be:51:50:43:
         d8:bc:8c:db:04:ac:2f:da:25:a6:2c:1f:09:a9:89:01:26:32:
         e7:08:29:3d:87:50:50:6f:df:42:1f:92:6b:72:8d:ac:fb:f7:
         d2:8d:a4:ee:6f:c8:f8:97:19:e8:dc:b9:e0:12:4e:78:7b:57:
         9e:2f:d9:66
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUc7ldhuvpeoYe/H2iK6D9RhVCDdcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDgxZjIyZDJhZjVhMjM4NjFiNDkxZjY0MjMxNDZmOGE3MzdhZjFhNzE1OTFj
MzM0NjNlYTFhYzZlMDcyYWI0MDMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALUCtj9Ut9+u8aNmXGJudFQEXn6LkA5x2C0HWtUOu+DSBQ/Qa+N3OMULxhTB
7lRdh2NiW2+zPvV7qXv+URpZVDVWSaC25C9FOVdK2W+HpE5bGiouHkXKlOnjbtuY
/rpIIQEvEZ+8XG+sRLTRq2oMNs/vnTxPDl72zrW98lsgpAFgAWPJPLZnsNqZKgbk
8AqLvbJvl0AfL0syXPPwxVFll4SJesvOgvxKOXG9CUVOfKySgNAzP7Kizwcq9hTD
HRhPTJxLJ3GkQXIUmFZYQa8iH238WWmivO4d5etYv1mncfma2r8/JpSlu6GMwpkb
TfL3atuxxpMARI7AHijpSc+YX7UCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSf3fiD
wgYmXVQsEAnisL5nutIqHjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDM3MWM3NzMtMWFhMi00ZDViLTk4MDQtZWE1ZDY0ZmFkYzBhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBY9B4DAN
BgkqhkiG9w0BAQsFAAOCAQEAde+wqyFfw5yW96uZTnI4opje1zfbjHihD5udxJWP
MYN+a/tpYUbzsK75Lcj0XdL3oHo1wW57jWglfU7p7yfa5DhiU9QLz9XqITQ4GgQ0
Z5nG6kj4ks3bBP/vZVj8VF3WoosJfL3w5A4xxmwiTe+s6lD1uRspo2JWiRWjw7dZ
QUSLhd0ODYwwpE9pol4Dyo6FNbbUvgxeckLaB4bEBHk35rWbdDC6za9D6xwtS2Qb
5qSuQZBlDd8Pr8sHP5wPBvKmg2e+UVBD2LyM2wSsL9olpiwfCamJASYy5wgpPYdQ
UG/fQh+Sa3KNrPv30o2k7m/I+JcZ6Ny54BJOeHtXni/ZZg==
-----END CERTIFICATE-----