Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/575d6f80-6d4b-4183-8b86-cc4106bedd78.roa
File:                     575d6f80-6d4b-4183-8b86-cc4106bedd78.roa (raw, json)
Hash identifier:          rwclXXKNRS6wZ5bhaf0lizK0yVs2pru92ZSv7AL0JDU=
Subject key identifier:   85:D0:0A:28:BF:C6:6E:68:B1:27:60:8B:1C:90:02:02:B7:56:17:4D
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6C6772A61BFD1F5EEA6BFEF95441C36239131218
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/575d6f80-6d4b-4183-8b86-cc4106bedd78.roa
Signing time:             Mon 06 Oct 2025 18:10:31 +0000
ROA not before:           Mon 06 Oct 2025 18:10:31 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        195.119.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Oct 2025 20:33:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:67:72:a6:1b:fd:1f:5e:ea:6b:fe:f9:54:41:c3:62:39:13:12:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Oct  6 18:10:31 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=3c03403fc4ec391a739461e30c6f72f4047e1a079daa50eafde1fb6fc6ed709d, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2f:a6:9c:ef:8a:73:0d:b5:a0:f5:e2:2d:3e:
                    fd:21:e2:fd:3f:76:e6:90:58:a9:d8:42:f0:4a:b2:
                    f7:e5:2f:43:91:cf:17:fa:a5:b2:54:4b:6c:f1:5e:
                    6e:f9:c9:cd:71:60:c8:bf:fd:2b:a4:26:84:c6:74:
                    1b:c2:23:df:e0:c4:cd:63:42:74:68:cf:45:42:c3:
                    4b:3f:b5:79:92:ea:7d:3d:fe:e4:99:89:1f:8c:45:
                    b3:43:4e:c5:cf:72:1e:32:c7:66:f9:0e:cf:7a:d3:
                    af:52:e3:a8:a8:4b:b2:b6:4c:22:db:5f:d9:53:75:
                    de:35:27:06:e4:64:f7:12:a7:e6:d2:70:b1:36:ed:
                    6d:65:eb:8b:4c:34:00:b1:5b:6d:10:09:67:af:52:
                    28:41:5d:85:5b:b9:16:ca:c1:82:65:55:5b:3b:19:
                    64:3e:77:6b:57:a6:6d:dc:b6:13:c7:80:6b:07:58:
                    79:8c:20:9b:84:94:20:2f:d9:09:9a:e6:4f:95:18:
                    3e:aa:6e:a9:33:7b:bc:1f:83:bc:3f:73:1c:54:2a:
                    60:fa:cb:e0:b3:6b:20:90:29:1e:5a:65:2b:37:df:
                    bd:2a:11:d5:23:f3:39:77:a8:6c:5d:b7:09:08:50:
                    db:3e:a6:06:38:ee:70:41:b1:34:cd:b7:95:fe:ad:
                    bb:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:D0:0A:28:BF:C6:6E:68:B1:27:60:8B:1C:90:02:02:B7:56:17:4D
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/575d6f80-6d4b-4183-8b86-cc4106bedd78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.119.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         29:7e:3c:4c:75:49:78:09:b5:47:54:bf:2c:f5:6a:b0:49:3c:
         bf:6f:d9:a4:a1:00:13:7b:70:62:c7:d1:02:48:ea:15:d7:16:
         04:4d:22:7d:be:b5:42:37:6f:49:07:29:de:63:45:d4:1c:49:
         9d:8c:bf:5c:e5:c6:4e:6d:ca:a5:e9:94:62:14:42:a2:d9:4c:
         37:9b:a0:34:9c:45:b2:8a:cf:6e:6f:3f:00:64:0a:1e:c7:e0:
         1f:8d:cf:0f:41:1e:58:b7:4b:2b:f1:07:a5:86:2c:d7:42:1a:
         ce:fb:43:50:a3:79:e5:22:32:64:b8:60:e6:c4:06:ed:a0:5f:
         1d:26:b6:1f:4e:c1:12:2f:77:33:bf:e7:78:29:e4:4c:9e:60:
         64:4d:10:d2:79:2f:86:bb:95:80:3d:82:0b:f0:90:e4:40:91:
         27:4a:8f:dc:60:56:de:b4:84:c0:fc:51:d0:51:90:5e:9d:7b:
         ac:c7:cf:58:ba:34:1a:33:a5:7a:46:b4:50:12:39:8a:07:f0:
         8e:09:8b:a7:f0:cd:36:4f:51:ee:31:d7:1f:c5:e1:9f:84:1d:
         eb:92:c0:83:50:2a:91:0e:c9:d4:e4:95:73:54:42:9b:3d:b0:
         a7:73:fe:6d:90:81:55:61:74:36:d6:72:6a:32:bb:8a:66:83:
         7d:61:40:d2
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUbGdyphv9H17qa/75VEHDYjkTEhgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMDYxODEwMzFaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDNjMDM0MDNmYzRlYzM5MWE3Mzk0NjFlMzBjNmY3MmY0MDQ3ZTFhMDc5ZGFh
NTBlYWZkZTFmYjZmYzZlZDcwOWQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMYvppzvinMNtaD14i0+/SHi/T925pBYqdhC8Eqy9+UvQ5HPF/qlslRLbPFe
bvnJzXFgyL/9K6QmhMZ0G8Ij3+DEzWNCdGjPRULDSz+1eZLqfT3+5JmJH4xFs0NO
xc9yHjLHZvkOz3rTr1LjqKhLsrZMIttf2VN13jUnBuRk9xKn5tJwsTbtbWXri0w0
ALFbbRAJZ69SKEFdhVu5FsrBgmVVWzsZZD53a1embdy2E8eAawdYeYwgm4SUIC/Z
CZrmT5UYPqpuqTN7vB+DvD9zHFQqYPrL4LNrIJApHlplKzffvSoR1SPzOXeobF23
CQhQ2z6mBjjucEGxNM23lf6tux8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSF0Aoo
v8ZuaLEnYIsckAICt1YXTTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NTc1ZDZmODAtNmQ0Yi00MTgzLThiODYtY2M0MTA2YmVkZDc4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMN3MA0G
CSqGSIb3DQEBCwUAA4IBAQApfjxMdUl4CbVHVL8s9WqwSTy/b9mkoQATe3Bix9EC
SOoV1xYETSJ9vrVCN29JByneY0XUHEmdjL9c5cZObcql6ZRiFEKi2Uw3m6A0nEWy
is9ubz8AZAoex+Afjc8PQR5Yt0sr8QelhizXQhrO+0NQo3nlIjJkuGDmxAbtoF8d
JrYfTsESL3czv+d4KeRMnmBkTRDSeS+Gu5WAPYIL8JDkQJEnSo/cYFbetITA/FHQ
UZBenXusx89YujQaM6V6RrRQEjmKB/COCYun8M02T1HuMdcfxeGfhB3rksCDUCqR
DsnU5JVzVEKbPbCnc/5tkIFVYXQ21nJqMruKZoN9YUDS
-----END CERTIFICATE-----
Generated at Thu Oct 16 05:19:15 2025 by rpki-client