Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2740a5f5-ec55-42ac-b7df-f4c863c83981.roa
File:                     2740a5f5-ec55-42ac-b7df-f4c863c83981.roa (raw, json)
Hash identifier:          lVgpa/hzwvxL8rMYeXQo1wX7nTgT0591qhJix6P8cIg=
Subject key identifier:   FA:90:4F:AC:C5:E3:32:0B:8C:E7:23:3D:79:12:E7:9B:B3:56:41:86
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5D56FF8BEE0D1266B5A146C2173FA7E81FC4D92E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2740a5f5-ec55-42ac-b7df-f4c863c83981.roa
Signing time:             Mon 16 Jun 2025 21:51:14 +0000
ROA not before:           Mon 16 Jun 2025 21:51:14 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.125.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 14:23:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:56:ff:8b:ee:0d:12:66:b5:a1:46:c2:17:3f:a7:e8:1f:c4:d9:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 16 21:51:14 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=e2f4961f5d728f73458e196aba1d775abb4919a7d7202b1b1d912c20ef2de7b9, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:39:6a:9b:28:d9:24:eb:d6:34:58:79:3b:59:
                    7a:db:dd:2d:6a:b3:96:01:58:fb:25:b8:9f:86:d5:
                    c5:0f:84:44:7e:5a:98:6f:b1:12:f3:90:a5:e3:4a:
                    11:51:5f:62:33:e5:77:6f:fc:1c:84:9d:98:af:f9:
                    05:da:a6:84:9f:8b:59:63:d6:44:3f:28:f9:da:dc:
                    b9:4e:cd:6a:76:dc:eb:f0:c4:af:bf:9d:32:13:aa:
                    01:df:3c:1a:de:17:1e:20:40:dd:d2:a1:d7:60:18:
                    80:c3:6d:1b:15:e8:a3:30:ac:a9:92:c3:bc:c0:4e:
                    c7:d6:64:6e:89:0f:e9:6d:3f:4a:d6:e3:2b:dd:f1:
                    2a:2e:a9:fe:5f:5b:c8:15:2f:a9:1b:70:8f:53:eb:
                    bc:bd:2a:54:89:5c:13:52:3b:81:79:a7:57:bd:66:
                    b5:34:fb:0e:14:8d:4a:ba:97:b1:33:a7:6b:ca:d5:
                    33:7d:35:a9:78:1d:4f:fb:30:d4:4a:d7:06:47:93:
                    e9:db:58:51:f1:69:9a:05:fb:1a:a2:8d:c7:48:67:
                    dd:b0:e9:48:4f:b0:1e:34:dc:a2:84:6b:8c:10:b2:
                    13:4c:92:42:68:cb:b7:bc:76:81:59:75:fd:a6:a8:
                    41:0a:df:33:5c:f6:36:fe:81:20:00:46:fd:7d:2b:
                    93:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:90:4F:AC:C5:E3:32:0B:8C:E7:23:3D:79:12:E7:9B:B3:56:41:86
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2740a5f5-ec55-42ac-b7df-f4c863c83981.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.125.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ae:a2:54:41:7a:05:50:3e:40:cc:4c:8a:d8:f9:f3:f6:21:51:
         a0:af:96:54:79:0f:14:0f:a4:bb:7c:78:cc:4c:41:f6:a3:92:
         47:38:8e:e2:85:3c:ed:f1:17:30:a6:30:ac:b3:92:03:3a:fe:
         a9:87:67:af:5b:c4:c9:2f:68:3b:95:e6:a7:bf:fe:46:76:db:
         34:4e:9c:a2:b9:0a:fb:46:d8:13:e5:ce:72:47:a0:69:4d:c6:
         fb:4e:e3:6f:c8:3e:b4:85:23:5d:db:e8:93:03:1f:64:7c:4f:
         07:28:4b:88:6b:b1:ec:21:af:f5:27:4e:16:79:db:b3:19:41:
         1b:30:02:a8:7b:af:4f:69:af:29:b6:3e:f7:b6:45:77:f7:75:
         04:18:99:d5:e0:8c:3d:56:ea:bf:dc:aa:3a:1f:fb:db:0d:86:
         de:24:93:c0:7d:52:b9:b7:b0:e3:eb:07:2b:2f:36:a6:07:1c:
         4c:01:de:52:50:4c:3c:02:0e:99:e0:dd:68:41:dc:40:90:91:
         eb:84:c6:f8:73:75:9c:ce:f5:16:22:66:8a:63:81:85:10:ae:
         50:9b:26:bc:2d:53:c8:3b:9e:ba:e1:06:e7:40:3c:f1:6f:e0:
         c2:58:58:6b:1b:cb:98:4f:c9:02:de:e3:84:e6:c1:c4:e1:83:
         c5:b1:7c:a9
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXVb/i+4NEma1oUbCFz+n6B/E2S4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA2MTYyMTUxMTRaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyZjQ5NjFmNWQ3MjhmNzM0NThlMTk2YWJhMWQ3NzVhYmI0OTE5YTdkNzIw
MmIxYjFkOTEyYzIwZWYyZGU3YjkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMM5apso2STr1jRYeTtZetvdLWqzlgFY+yW4n4bVxQ+ERH5amG+xEvOQpeNK
EVFfYjPld2/8HISdmK/5BdqmhJ+LWWPWRD8o+drcuU7Nanbc6/DEr7+dMhOqAd88
Gt4XHiBA3dKh12AYgMNtGxXoozCsqZLDvMBOx9ZkbokP6W0/StbjK93xKi6p/l9b
yBUvqRtwj1PrvL0qVIlcE1I7gXmnV71mtTT7DhSNSrqXsTOna8rVM301qXgdT/sw
1ErXBkeT6dtYUfFpmgX7GqKNx0hn3bDpSE+wHjTcooRrjBCyE0ySQmjLt7x2gVl1
/aaoQQrfM1z2Nv6BIABG/X0rk6cCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBT6kE+s
xeMyC4znIz15Euebs1ZBhjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Mjc0MGE1ZjUtZWM1NS00MmFjLWI3ZGYtZjRjODYzYzgzOTgxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADN9MA0G
CSqGSIb3DQEBCwUAA4IBAQCuolRBegVQPkDMTIrY+fP2IVGgr5ZUeQ8UD6S7fHjM
TEH2o5JHOI7ihTzt8RcwpjCss5IDOv6ph2evW8TJL2g7leanv/5Gdts0TpyiuQr7
RtgT5c5yR6BpTcb7TuNvyD60hSNd2+iTAx9kfE8HKEuIa7HsIa/1J04WeduzGUEb
MAKoe69Paa8ptj73tkV393UEGJnV4Iw9Vuq/3Ko6H/vbDYbeJJPAfVK5t7Dj6wcr
LzamBxxMAd5SUEw8Ag6Z4N1oQdxAkJHrhMb4c3WczvUWImaKY4GFEK5Qmya8LVPI
O5664QbnQDzxb+DCWFhrG8uYT8kC3uOE5sHE4YPFsXyp
-----END CERTIFICATE-----
Generated at Mon Jun 30 23:18:09 2025 by rpki-client