
Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/575d6f80-6d4b-4183-8b86-cc4106bedd78.roa
File:                     575d6f80-6d4b-4183-8b86-cc4106bedd78.roa (raw, json)
Hash identifier:          L/uvAgx71GRul/cd66OkOeWaKbl0x63GUQqaMGlOJB4=
Subject key identifier:   99:A7:C6:35:69:33:D5:07:69:6C:07:C1:11:F7:27:0B:8F:66:2F:00
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       28E9E6E4ABE86D304A48A5AFA5D840B9A4E3E742
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/575d6f80-6d4b-4183-8b86-cc4106bedd78.roa
Signing time:             Fri 31 Oct 2025 02:00:17 +0000
ROA not before:           Fri 31 Oct 2025 02:00:17 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        195.119.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Nov 2025 09:00:03 +0000
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:e9:e6:e4:ab:e8:6d:30:4a:48:a5:af:a5:d8:40:b9:a4:e3:e7:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Oct 31 02:00:17 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=1e2a43f7507644857a0435fdec2e59d6faf65e14bbf1a381f7c724242b5a3fc0, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:24:13:6b:d7:fc:71:e6:79:f1:f6:ed:16:6d:
                    70:14:72:da:02:39:a9:81:2b:b5:17:ab:69:89:16:
                    31:a1:09:d0:78:94:ce:c7:8e:8f:f2:b9:c8:0e:2d:
                    4f:b2:83:36:eb:51:64:93:08:23:e6:9c:cd:4d:c0:
                    7a:d5:b4:9c:c0:da:2a:12:8f:ad:3a:e0:d2:04:b3:
                    1e:0c:44:02:6f:28:37:8c:1b:cb:e1:c8:8e:98:97:
                    35:1d:02:ee:2a:bd:f6:d9:65:93:c7:c7:a5:84:77:
                    c1:12:eb:a3:b1:cc:68:f5:5c:b4:96:c5:8e:d3:c7:
                    c8:c3:39:9a:b7:07:5f:5a:a3:4f:3d:a8:39:ff:55:
                    7f:10:f6:c6:d6:3d:df:90:1b:1b:48:30:ca:8c:26:
                    5f:8c:88:27:de:0a:f5:72:a2:c1:7e:a8:19:09:41:
                    8b:1b:8b:b9:b5:0f:e6:2c:52:3c:d0:97:01:a4:9c:
                    d8:2b:05:f0:8c:13:9c:34:c5:77:79:f8:2c:56:99:
                    f5:c2:69:44:31:aa:cb:9f:ed:33:40:d9:73:36:85:
                    92:13:62:90:cf:82:4a:c3:fc:f5:55:dd:a2:af:a2:
                    bc:0b:6f:e2:59:c5:f0:ca:55:9f:f7:e6:de:c5:af:
                    73:6d:a2:9e:22:6b:75:b4:f3:bd:80:bc:9f:ec:0e:
                    ec:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:A7:C6:35:69:33:D5:07:69:6C:07:C1:11:F7:27:0B:8F:66:2F:00
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/575d6f80-6d4b-4183-8b86-cc4106bedd78.roa
            X509v3 CRL Distribution Points:
                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
            sbgp-ipAddrBlock: critical
                IPv4:
                  195.119.0.0/16
    Signature Algorithm: sha256WithRSAEncryption
         4e:47:b2:cd:1a:42:80:32:7b:c5:2c:cb:e1:36:35:3a:f8:8d:
         71:e3:73:80:a0:10:0a:dc:c6:de:cf:c0:51:a6:33:3f:38:bb:
         f7:97:d1:27:47:2d:4e:be:21:7e:16:af:76:11:6b:48:dc:26:
         12:e6:11:0a:c4:e3:61:11:bb:01:00:66:8c:f5:29:ae:07:7b:
         f8:9b:84:d1:53:98:e2:54:02:b1:86:48:f6:03:6c:c4:17:94:
         90:68:a9:85:99:57:93:73:b9:c2:95:d4:9a:15:b3:1d:29:51:
         c2:a5:8f:54:d6:e0:0d:8d:ab:4d:07:a0:25:67:ee:68:e9:89:
         23:f6:bf:6c:2c:3f:d2:17:d5:fd:a5:78:5b:dc:d6:0f:4c:e3:
         37:ac:c3:be:3b:8d:ec:83:94:91:19:91:9b:3c:93:08:f4:47:
         9c:9d:fc:d3:75:7d:f0:8a:02:8c:ed:31:d8:2f:ed:1d:d9:84:
         d2:7f:91:f6:8f:ee:bf:13:cb:ce:cc:30:5e:d2:0e:f7:09:16:
         af:c0:dd:08:8c:e0:44:4f:24:1c:63:d4:12:9b:42:e4:26:72:
         be:e8:a7:50:c1:2e:f9:70:59:19:1f:8e:b7:4f:ad:ca:b8:ff:
         42:38:3e:c2:00:75:7d:72:c4:ac:75:55:97:64:6b:3e:a2:75:
         75:6e:b5:7a
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUKOnm5KvobTBKSKWvpdhAuaTj50IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMzEwMjAwMTdaFw0yNTEyMDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDFlMmE0M2Y3NTA3NjQ0ODU3YTA0MzVmZGVjMmU1OWQ2ZmFmNjVlMTRiYmYx
YTM4MWY3YzcyNDI0MmI1YTNmYzAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMIkE2vX/HHmefH27RZtcBRy2gI5qYErtReraYkWMaEJ0HiUzseOj/K5yA4t
T7KDNutRZJMII+aczU3AetW0nMDaKhKPrTrg0gSzHgxEAm8oN4wby+HIjpiXNR0C
7iq99tllk8fHpYR3wRLro7HMaPVctJbFjtPHyMM5mrcHX1qjTz2oOf9VfxD2xtY9
35AbG0gwyowmX4yIJ94K9XKiwX6oGQlBixuLubUP5ixSPNCXAaSc2CsF8IwTnDTF
d3n4LFaZ9cJpRDGqy5/tM0DZczaFkhNikM+CSsP89VXdoq+ivAtv4lnF8MpVn/fm
3sWvc22iniJrdbTzvYC8n+wO7BsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSZp8Y1
aTPVB2lsB8ER9ycLj2YvADAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NTc1ZDZmODAtNmQ0Yi00MTgzLThiODYtY2M0MTA2YmVkZDc4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMN3MA0G
CSqGSIb3DQEBCwUAA4IBAQBOR7LNGkKAMnvFLMvhNjU6+I1x43OAoBAK3Mbez8BR
pjM/OLv3l9EnRy1OviF+Fq92EWtI3CYS5hEKxONhEbsBAGaM9SmuB3v4m4TRU5ji
VAKxhkj2A2zEF5SQaKmFmVeTc7nCldSaFbMdKVHCpY9U1uANjatNB6AlZ+5o6Ykj
9r9sLD/SF9X9pXhb3NYPTOM3rMO+O43sg5SRGZGbPJMI9EecnfzTdX3wigKM7THY
L+0d2YTSf5H2j+6/E8vOzDBe0g73CRavwN0IjOBETyQcY9QSm0LkJnK+6KdQwS75
cFkZH463T63KuP9COD7CAHV9csSsdVWXZGs+onV1brV6
-----END CERTIFICATE-----
Generated at Fri Oct 31 12:04:51 2025 by rpki-client