Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e680ffe7-d77c-4433-81f9-ffbf76a45a6d.roa
File:                     e680ffe7-d77c-4433-81f9-ffbf76a45a6d.roa (raw, json)
Hash identifier:          MiqozVnrcLiLe1mROxGRE8ptQDbyQ/wTmLUqPjji6lc=
Subject key identifier:   A8:0F:36:2E:EB:A1:2F:B5:95:59:64:CE:7F:6A:D7:A2:2C:5A:F8:0E
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       7B01BABBA41019F41E5C4E6A89A03A8218432364
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e680ffe7-d77c-4433-81f9-ffbf76a45a6d.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        193.57.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:01:ba:bb:a4:10:19:f4:1e:5c:4e:6a:89:a0:3a:82:18:43:23:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8f:94:f2:bd:86:be:59:2b:20:35:cd:72:de:
                    7f:21:9c:3e:e0:28:60:b1:cf:0b:cf:5a:3e:27:bb:
                    0c:74:88:09:a9:3d:5c:c3:a0:53:7d:5a:9a:14:8f:
                    12:ee:c9:c8:77:87:70:c5:40:33:50:90:4d:32:9d:
                    f5:a2:2b:81:e6:ec:eb:f2:26:1e:01:b0:3b:04:0f:
                    0c:90:30:e9:c1:1a:a5:36:68:de:a8:d9:fe:3e:01:
                    4c:6c:4e:03:6d:9d:5d:7a:81:75:ef:46:e3:87:8e:
                    73:3a:0d:52:c4:4b:4d:d1:ab:05:0e:43:02:cb:24:
                    a1:ea:01:2d:e0:53:30:c2:8a:39:66:ac:f6:ad:6f:
                    64:31:3d:6c:a2:6a:6b:75:dd:7f:3b:0d:4b:da:43:
                    19:e5:61:c2:bf:e1:4b:dd:c8:92:05:35:7f:41:f0:
                    25:ea:f1:71:0e:05:80:22:5e:a7:e0:d5:e6:78:61:
                    d3:f5:1c:09:3a:57:40:78:8a:b4:07:08:44:d2:d3:
                    f4:e9:99:36:4f:36:16:5a:61:05:09:58:98:85:37:
                    b5:96:a5:b3:0b:67:e6:dc:79:7a:db:a5:70:d8:84:
                    7f:60:13:fa:b7:4c:bc:99:8a:ce:20:90:d7:3f:2d:
                    e4:36:f7:74:97:0d:48:0e:9e:45:b2:77:a2:40:b7:
                    49:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:0F:36:2E:EB:A1:2F:B5:95:59:64:CE:7F:6A:D7:A2:2C:5A:F8:0E
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e680ffe7-d77c-4433-81f9-ffbf76a45a6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:f8:1d:c7:d9:3f:69:29:43:fc:4e:ad:62:53:1e:8f:76:06:
         0e:4e:b0:27:99:9e:71:ea:c9:63:39:96:8f:4b:85:0e:55:5a:
         5f:fe:16:62:b3:95:f5:48:32:15:5a:6c:99:ff:6f:93:91:cc:
         b1:90:be:b9:46:09:15:b5:8b:17:6a:7e:e6:63:95:c8:46:91:
         1d:1d:0b:3b:ed:15:fe:a5:91:af:c1:e2:ba:60:08:5e:1f:35:
         4b:0f:61:d8:4e:7a:62:e2:88:99:38:0d:ee:c5:97:2b:bc:04:
         e1:5f:38:7a:93:83:25:f3:97:e0:86:07:18:78:49:ee:22:55:
         65:4b:a9:82:de:b3:06:81:81:0b:a1:c3:7f:f2:55:38:51:45:
         f8:d2:d7:4a:5e:a2:eb:78:4b:e5:19:07:2d:d9:6b:ef:c4:a8:
         45:3f:3d:1f:2a:9e:15:c7:89:6b:cc:e0:14:3a:49:92:84:f1:
         ef:27:61:36:ba:17:c7:66:ec:ed:38:8c:79:72:aa:1a:02:80:
         be:37:0f:0b:df:f4:e3:fe:2b:8e:95:a3:71:64:26:cc:9e:81:
         53:2f:67:df:ad:4b:d3:dd:7f:8c:27:d1:33:66:a8:74:1a:b2:
         1d:e4:5a:e3:61:85:7b:ee:38:36:7f:67:9d:09:c9:16:ac:1e:
         dc:86:c4:88
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUewG6u6QQGfQeXE5qiaA6ghhDI2QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDNjNGFhYjE0OWRiMmVmNTU5ODI2M2QyZDk0ODQxMzExNzQ4OTEyNDcwN2Fi
ZDJlZjA2ZmNjYjdjNzJhOWNiZTMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALOPlPK9hr5ZKyA1zXLefyGcPuAoYLHPC89aPie7DHSICak9XMOgU31amhSP
Eu7JyHeHcMVAM1CQTTKd9aIrgebs6/ImHgGwOwQPDJAw6cEapTZo3qjZ/j4BTGxO
A22dXXqBde9G44eOczoNUsRLTdGrBQ5DAsskoeoBLeBTMMKKOWas9q1vZDE9bKJq
a3XdfzsNS9pDGeVhwr/hS93IkgU1f0HwJerxcQ4FgCJep+DV5nhh0/UcCTpXQHiK
tAcIRNLT9OmZNk82FlphBQlYmIU3tZalswtn5tx5etulcNiEf2AT+rdMvJmKziCQ
1z8t5Db3dJcNSA6eRbJ3okC3Sd0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSoDzYu
66EvtZVZZM5/ateiLFr4DjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZTY4MGZmZTctZDc3Yy00NDMzLTgxZjktZmZiZjc2YTQ1YTZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAME5tTAN
BgkqhkiG9w0BAQsFAAOCAQEAf/gdx9k/aSlD/E6tYlMej3YGDk6wJ5mecerJYzmW
j0uFDlVaX/4WYrOV9UgyFVpsmf9vk5HMsZC+uUYJFbWLF2p+5mOVyEaRHR0LO+0V
/qWRr8HiumAIXh81Sw9h2E56YuKImTgN7sWXK7wE4V84epODJfOX4IYHGHhJ7iJV
ZUupgt6zBoGBC6HDf/JVOFFF+NLXSl6i63hL5RkHLdlr78SoRT89HyqeFceJa8zg
FDpJkoTx7ydhNroXx2bs7TiMeXKqGgKAvjcPC9/04/4rjpWjcWQmzJ6BUy9n361L
091/jCfRM2aodBqyHeRa42GFe+44Nn9nnQnJFqwe3IbEiA==
-----END CERTIFICATE-----