Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dbc88f4b-781b-45e4-8402-e6b216deacc3.roa
File:                     dbc88f4b-781b-45e4-8402-e6b216deacc3.roa (raw, json)
Hash identifier:          Aw6I8XsJHsd4XY2VzCWDpuo0925DujXC15HHrulFq64=
Subject key identifier:   B5:08:43:46:84:B1:37:2F:6A:64:39:53:0B:87:D5:11:CF:2B:21:BB
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       63E263F8016BEF3AB7AC8C8805BAEAB44BFBC663
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dbc88f4b-781b-45e4-8402-e6b216deacc3.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        151.176.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:e2:63:f8:01:6b:ef:3a:b7:ac:8c:88:05:ba:ea:b4:4b:fb:c6:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:eb:2e:0d:fc:80:d9:79:97:65:04:cf:8b:80:
                    a6:6d:2f:d9:b7:10:76:d8:4e:67:54:da:af:9b:e1:
                    59:f9:cb:09:9e:b7:ef:0d:64:57:77:dc:c7:41:03:
                    35:b1:57:7b:a6:53:2a:2c:17:27:9a:71:fb:0d:8a:
                    74:84:ad:ac:55:25:91:c0:cf:e1:a9:d2:e9:67:76:
                    66:7b:fb:5e:db:c1:e6:13:32:2c:a8:bb:14:0f:8e:
                    dd:c1:f5:4a:21:e7:6a:9b:47:02:2a:26:3d:34:85:
                    8f:b5:e2:ab:d3:c2:af:1d:d3:64:3e:0b:56:ea:bb:
                    89:96:25:dd:38:85:e5:ca:2d:4d:c0:7b:8f:96:f4:
                    33:b8:9f:55:30:91:45:0a:e7:df:d1:f2:9c:80:24:
                    0a:5a:8f:cb:87:d5:fa:8d:40:02:95:5a:1b:b3:57:
                    31:a7:29:ec:0e:b0:b4:a8:ea:f3:a2:39:70:67:71:
                    3f:b1:f2:7d:25:fd:1a:0b:d9:68:12:df:c7:01:20:
                    5c:be:9a:94:0e:c3:60:46:1f:df:aa:91:88:72:c6:
                    9a:82:58:af:6e:be:92:b6:69:bb:52:6a:e0:30:0e:
                    4f:96:46:85:71:5b:f4:ed:21:1b:15:62:c5:56:0b:
                    bb:28:74:3f:15:0d:24:c8:48:1e:0f:89:d8:a3:0b:
                    1e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:08:43:46:84:B1:37:2F:6A:64:39:53:0B:87:D5:11:CF:2B:21:BB
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dbc88f4b-781b-45e4-8402-e6b216deacc3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.176.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c4:e7:0c:35:08:30:aa:a6:36:e0:f9:dc:9c:a1:fe:1d:ca:54:
         5c:9a:df:7a:b5:5a:c6:e2:23:3f:64:7f:2e:cf:19:5a:eb:5b:
         8f:25:c9:e6:7f:71:ef:5c:09:08:5c:1a:98:34:ed:c1:21:f9:
         ee:b7:fa:03:e5:62:86:59:84:c3:a6:77:c6:1d:f5:98:9f:7d:
         d7:86:00:0b:52:49:6b:ae:19:f7:be:55:7f:11:61:19:85:48:
         ba:a7:ec:4f:3b:ee:4e:ca:4d:57:11:23:84:98:90:0e:b1:87:
         c5:26:4f:e3:8f:1c:dc:72:11:89:27:06:5b:cf:74:27:e5:08:
         37:7d:a5:07:59:e5:f3:73:89:39:05:0f:50:70:17:29:50:75:
         b7:f8:5a:5e:53:47:0e:eb:58:4c:65:ec:61:d0:6b:91:9f:6a:
         5c:eb:e3:ef:a4:3b:a1:3b:18:a1:c0:4f:d8:dc:a3:28:76:99:
         92:5c:e0:9c:41:54:17:57:33:37:d1:04:5d:9e:56:9c:73:8a:
         f7:9c:0b:2f:40:94:d6:02:81:2d:eb:28:bb:6b:db:e1:12:cf:
         37:da:08:b1:55:32:c4:29:64:f6:06:d5:d9:ba:7b:fd:14:20:
         e6:94:b7:70:99:10:b2:9f:40:d3:ad:fd:c2:5c:ba:cc:0a:45:
         13:35:48:0a
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUY+Jj+AFr7zq3rIyIBbrqtEv7xmMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGJmYjQyZDRhMTY2OTI3YWZjMmQwNzA1NTdlOWY5MjhkMGFmOWU0NWM1MWM5
Mzg4MzdmMDE3YjE5ODZmMjZlZGIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL/rLg38gNl5l2UEz4uApm0v2bcQdthOZ1Tar5vhWfnLCZ637w1kV3fcx0ED
NbFXe6ZTKiwXJ5px+w2KdIStrFUlkcDP4anS6Wd2Znv7XtvB5hMyLKi7FA+O3cH1
SiHnaptHAiomPTSFj7Xiq9PCrx3TZD4LVuq7iZYl3TiF5cotTcB7j5b0M7ifVTCR
RQrn39HynIAkClqPy4fV+o1AApVaG7NXMacp7A6wtKjq86I5cGdxP7HyfSX9GgvZ
aBLfxwEgXL6alA7DYEYf36qRiHLGmoJYr26+krZpu1Jq4DAOT5ZGhXFb9O0hGxVi
xVYLuyh0PxUNJMhIHg+J2KMLHlECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS1CENG
hLE3L2pkOVMLh9URzyshuzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGJjODhmNGItNzgxYi00NWU0LTg0MDItZTZiMjE2ZGVhY2MzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJewMA0G
CSqGSIb3DQEBCwUAA4IBAQDE5ww1CDCqpjbg+dycof4dylRcmt96tVrG4iM/ZH8u
zxla61uPJcnmf3HvXAkIXBqYNO3BIfnut/oD5WKGWYTDpnfGHfWYn33XhgALUklr
rhn3vlV/EWEZhUi6p+xPO+5Oyk1XESOEmJAOsYfFJk/jjxzcchGJJwZbz3Qn5Qg3
faUHWeXzc4k5BQ9QcBcpUHW3+FpeU0cO61hMZexh0GuRn2pc6+PvpDuhOxihwE/Y
3KModpmSXOCcQVQXVzM30QRdnlacc4r3nAsvQJTWAoEt6yi7a9vhEs832gixVTLE
KWT2BtXZunv9FCDmlLdwmRCyn0DTrf3CXLrMCkUTNUgK
-----END CERTIFICATE-----