Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bad59de4-adad-41c5-bcd9-10599419c7b5.roa
File:                     bad59de4-adad-41c5-bcd9-10599419c7b5.roa (raw, json)
Hash identifier:          f6nDeSm4kiPoXZQUzioK98k24QKedk1J9MkIHxxJ2qo=
Subject key identifier:   A0:97:27:EA:C3:9E:E2:E1:6B:23:40:59:FC:27:42:38:70:6F:83:71
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       2DB277C4E1E0DE01C2EBF62F16EEA0783E260993
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bad59de4-adad-41c5-bcd9-10599419c7b5.roa
Signing time:             Mon 14 Jul 2025 15:30:40 +0000
ROA not before:           Mon 14 Jul 2025 15:30:40 +0000
ROA not after:            Mon 18 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.0.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:b2:77:c4:e1:e0:de:01:c2:eb:f6:2f:16:ee:a0:78:3e:26:09:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 14 15:30:40 2025 GMT
            Not After : Aug 18 23:59:59 2025 GMT
        Subject: serialNumber=dfc71312875716b02f3aa487feb8d912fa37d4c4adc76ef4a0e514a72fc774da, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:cc:25:39:db:1c:2e:4c:d7:f4:2e:a2:44:99:
                    20:bd:18:63:03:c2:2a:70:27:36:2a:ce:cb:8f:6f:
                    b6:d0:0d:55:b5:a2:0a:4f:66:8d:4b:18:5f:2e:17:
                    43:47:82:4d:21:3f:98:2d:e8:a9:f8:a0:09:d8:58:
                    fb:ea:7f:35:4c:c7:af:df:0b:a1:a6:50:84:f1:7a:
                    3f:b6:7a:6d:d2:a1:7d:5f:8a:6c:46:27:10:ff:fc:
                    35:c8:b5:a5:2c:06:95:db:80:5a:97:bd:c1:31:23:
                    b0:c3:52:be:91:fe:02:69:ce:26:34:af:17:4e:27:
                    c1:83:b0:08:54:ab:bd:fc:d8:54:11:af:5c:b1:f8:
                    c6:a9:28:be:a7:3e:19:c0:83:07:81:07:30:f8:e0:
                    3d:30:bc:6c:c8:36:35:81:72:f9:cb:4b:1d:ca:d8:
                    1f:3e:74:b8:6a:35:3f:b4:92:b6:73:33:7e:77:47:
                    b4:98:11:b8:b0:a8:bb:d8:aa:a0:1d:2c:9f:c8:19:
                    3b:14:3a:a9:d4:f1:92:35:c6:3d:42:6c:72:51:ce:
                    60:03:94:2e:c8:f2:8d:99:5e:d5:fd:6a:51:bf:8e:
                    6d:60:c8:c1:cd:69:db:db:dd:5a:d1:7c:fa:ec:7a:
                    e2:87:ea:69:7c:5a:9e:90:d6:0b:4b:42:21:ec:75:
                    5c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:97:27:EA:C3:9E:E2:E1:6B:23:40:59:FC:27:42:38:70:6F:83:71
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bad59de4-adad-41c5-bcd9-10599419c7b5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.0.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         b1:f9:08:fb:ff:53:08:f0:bb:9c:7e:f7:e3:ff:47:62:1b:14:
         26:5e:65:9e:c8:fb:5c:ca:24:01:04:1f:04:de:ea:35:f2:99:
         19:2d:9e:35:3c:5f:df:7a:4e:e2:67:55:d9:22:8a:fd:f5:39:
         9a:6d:1d:c1:ff:72:04:e7:bb:3d:42:9d:1b:1c:7f:63:a7:bb:
         58:19:5a:49:01:44:58:c5:35:9e:29:3b:13:8e:88:c7:21:d1:
         af:9e:25:eb:fe:54:1b:d7:d3:7e:f9:30:e4:bc:7b:65:73:f0:
         06:25:48:f2:8e:10:38:06:26:b0:f3:6a:bf:5a:a5:57:f3:79:
         ff:2a:c2:91:40:e3:e5:41:b9:d4:dc:f8:1a:53:b0:a9:ba:6e:
         bd:fe:6a:63:8f:40:3e:e5:02:73:c8:9d:40:c3:b4:95:0f:53:
         7b:1c:93:61:02:13:73:56:63:c4:f3:13:7b:6f:9f:d7:1a:e9:
         19:49:d4:50:a1:49:65:1c:18:88:65:76:c9:8c:ca:d8:3f:ae:
         16:18:92:82:d9:ee:19:01:39:d8:5b:f5:29:57:98:a7:20:29:
         f0:43:43:09:a9:2e:1e:14:f5:33:e0:ac:73:84:c2:f2:6c:4f:
         ba:d5:5e:ca:85:0f:94:e8:54:5c:21:f9:be:83:d0:77:12:c6:
         7c:fa:f4:03
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIULbJ3xOHg3gHC6/YvFu6geD4mCZMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTQxNTMwNDBaFw0yNTA4MTgyMzU5NTlaMHoxSTBHBgNV
BAUTQGRmYzcxMzEyODc1NzE2YjAyZjNhYTQ4N2ZlYjhkOTEyZmEzN2Q0YzRhZGM3
NmVmNGEwZTUxNGE3MmZjNzc0ZGExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANDMJTnbHC5M1/QuokSZIL0YYwPCKnAnNirOy49vttANVbWiCk9mjUsYXy4X
Q0eCTSE/mC3oqfigCdhY++p/NUzHr98LoaZQhPF6P7Z6bdKhfV+KbEYnEP/8Nci1
pSwGlduAWpe9wTEjsMNSvpH+AmnOJjSvF04nwYOwCFSrvfzYVBGvXLH4xqkovqc+
GcCDB4EHMPjgPTC8bMg2NYFy+ctLHcrYHz50uGo1P7SStnMzfndHtJgRuLCou9iq
oB0sn8gZOxQ6qdTxkjXGPUJsclHOYAOULsjyjZle1f1qUb+ObWDIwc1p29vdWtF8
+ux64ofqaXxanpDWC0tCIex1XCkCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSglyfq
w57i4WsjQFn8J0I4cG+DcTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YmFkNTlkZTQtYWRhZC00MWM1LWJjZDktMTA1OTk0MTljN2I1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBjMAQDAN
BgkqhkiG9w0BAQsFAAOCAQEAsfkI+/9TCPC7nH734/9HYhsUJl5lnsj7XMokAQQf
BN7qNfKZGS2eNTxf33pO4mdV2SKK/fU5mm0dwf9yBOe7PUKdGxx/Y6e7WBlaSQFE
WMU1nik7E46IxyHRr54l6/5UG9fTfvkw5Lx7ZXPwBiVI8o4QOAYmsPNqv1qlV/N5
/yrCkUDj5UG51Nz4GlOwqbpuvf5qY49APuUCc8idQMO0lQ9TexyTYQITc1ZjxPMT
e2+f1xrpGUnUUKFJZRwYiGV2yYzK2D+uFhiSgtnuGQE52Fv1KVeYpyAp8ENDCaku
HhT1M+Csc4TC8mxPutVeyoUPlOhUXCH5voPQdxLGfPr0Aw==
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:37:49 2025 by rpki-client