Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/16337db0-8420-40f0-982b-9d50c20f4e08.roa
File:                     16337db0-8420-40f0-982b-9d50c20f4e08.roa (raw, json)
Hash identifier:          zVcpg+4j/FGc9cSNo3F+WkSP9mg7FQ1YpQ6pGeHuZmY=
Subject key identifier:   B7:7E:F5:58:AB:3F:B4:3E:D1:E4:29:11:7B:E2:7F:DC:2A:41:15:D7
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5C336691EF075BE8F2453FE198F94B358F65CAA9
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/16337db0-8420-40f0-982b-9d50c20f4e08.roa
Signing time:             Mon 16 Jun 2025 21:50:19 +0000
ROA not before:           Mon 16 Jun 2025 21:50:19 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        193.57.254.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 14:23:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:33:66:91:ef:07:5b:e8:f2:45:3f:e1:98:f9:4b:35:8f:65:ca:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 16 21:50:19 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=1ad123c7e248f79390afd3a66740ddc66400ac105ee31e8a886d840becdf85a9, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:96:8b:89:46:05:ca:40:21:37:d1:0e:10:de:
                    0f:e9:f5:9b:ea:d3:18:4a:c1:7d:cc:68:e0:3c:56:
                    2e:ed:6c:19:f5:f6:56:8e:4e:ed:da:23:11:ff:24:
                    c6:6c:05:fe:fd:6b:6e:19:bf:ac:41:c1:e0:59:3c:
                    4c:5b:a2:16:7e:5c:9f:95:b2:4d:c1:ba:08:74:0c:
                    8e:c3:50:96:ca:a6:b3:12:99:59:5c:1e:e7:66:cb:
                    47:cf:8d:26:f2:0d:8c:62:6f:a5:b7:bd:b8:d7:50:
                    ab:0b:1a:79:3a:68:ee:b8:e9:4e:3c:a2:27:37:44:
                    e6:d2:b1:a9:db:c9:18:35:00:32:95:58:f5:13:0c:
                    b1:44:98:3d:72:ee:24:40:d6:6e:82:90:ed:ed:7a:
                    55:f1:2f:47:ca:a9:73:a0:60:db:cb:28:93:ce:43:
                    89:db:0e:8f:7d:17:af:96:b7:6b:0a:0d:f0:2f:b6:
                    25:a1:d6:57:d2:d3:eb:cd:ff:03:3a:df:28:7b:93:
                    e2:30:d7:b4:61:9b:30:bb:11:b5:48:df:c6:d7:6c:
                    43:a8:54:b4:95:28:c3:09:a8:8e:61:a3:88:5b:78:
                    55:82:3d:30:b4:88:62:7f:f9:14:ce:96:ee:af:30:
                    a4:90:fa:0f:2d:ee:7e:e0:52:d9:f0:36:43:f7:51:
                    25:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:7E:F5:58:AB:3F:B4:3E:D1:E4:29:11:7B:E2:7F:DC:2A:41:15:D7
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/16337db0-8420-40f0-982b-9d50c20f4e08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:dd:03:b1:c2:6f:b6:00:2c:32:2c:e2:82:64:30:cd:92:a4:
         19:11:ac:3e:71:84:78:4d:7d:94:7a:0a:86:4f:7d:55:d8:40:
         df:bb:2d:da:18:d5:8b:65:76:24:a8:47:4f:9f:80:86:dd:1d:
         3e:63:77:35:f9:dc:ea:05:cc:24:1f:71:fe:9e:cb:fd:c1:a4:
         f9:e3:3a:25:9a:55:bf:25:9a:da:9a:0d:08:e2:03:6f:01:f5:
         db:05:2e:06:b2:8e:89:4e:21:7c:0f:1a:fe:d0:b4:26:0a:64:
         9f:2b:4d:d2:b1:b6:c3:58:83:e0:96:13:16:f3:2b:d3:0d:2b:
         6b:43:1a:bf:a0:f3:af:cf:f2:23:97:f0:47:bc:84:a0:52:9b:
         d1:66:d3:01:8a:64:ee:3b:c3:f8:4d:9e:d7:aa:04:6d:ce:ac:
         af:d7:47:12:55:e2:56:cf:5a:03:ca:04:1e:32:a5:0e:a2:f3:
         9c:49:17:e8:89:eb:13:d9:e5:47:73:97:95:5c:f1:67:25:85:
         a9:8d:c1:79:37:cb:20:5f:ae:2b:94:5a:75:ac:cd:f0:18:ae:
         1f:a4:59:cc:14:ae:c3:d1:f9:1c:31:e1:c2:fd:3b:bc:b7:86:
         82:42:67:14:6a:59:27:c1:8d:3a:fd:07:4f:9b:d2:c3:91:2d:
         aa:ca:61:6b
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUXDNmke8HW+jyRT/hmPlLNY9lyqkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA2MTYyMTUwMTlaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDFhZDEyM2M3ZTI0OGY3OTM5MGFmZDNhNjY3NDBkZGM2NjQwMGFjMTA1ZWUz
MWU4YTg4NmQ4NDBiZWNkZjg1YTkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOuWi4lGBcpAITfRDhDeD+n1m+rTGErBfcxo4DxWLu1sGfX2Vo5O7dojEf8k
xmwF/v1rbhm/rEHB4Fk8TFuiFn5cn5WyTcG6CHQMjsNQlsqmsxKZWVwe52bLR8+N
JvINjGJvpbe9uNdQqwsaeTpo7rjpTjyiJzdE5tKxqdvJGDUAMpVY9RMMsUSYPXLu
JEDWboKQ7e16VfEvR8qpc6Bg28sok85DidsOj30Xr5a3awoN8C+2JaHWV9LT683/
AzrfKHuT4jDXtGGbMLsRtUjfxtdsQ6hUtJUowwmojmGjiFt4VYI9MLSIYn/5FM6W
7q8wpJD6Dy3ufuBS2fA2Q/dRJQUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBS3fvVY
qz+0PtHkKRF74n/cKkEV1zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MTYzMzdkYjAtODQyMC00MGYwLTk4MmItOWQ1MGMyMGY0ZTA4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcE5/jAN
BgkqhkiG9w0BAQsFAAOCAQEAUt0DscJvtgAsMizigmQwzZKkGRGsPnGEeE19lHoK
hk99VdhA37st2hjVi2V2JKhHT5+Aht0dPmN3Nfnc6gXMJB9x/p7L/cGk+eM6JZpV
vyWa2poNCOIDbwH12wUuBrKOiU4hfA8a/tC0JgpknytN0rG2w1iD4JYTFvMr0w0r
a0Mav6Dzr8/yI5fwR7yEoFKb0WbTAYpk7jvD+E2e16oEbc6sr9dHElXiVs9aA8oE
HjKlDqLznEkX6InrE9nlR3OXlVzxZyWFqY3BeTfLIF+uK5RadazN8BiuH6RZzBSu
w9H5HDHhwv07vLeGgkJnFGpZJ8GNOv0HT5vSw5Etqsphaw==
-----END CERTIFICATE-----
Generated at Mon Jun 30 22:55:51 2025 by rpki-client