Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa
File:                     9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa (raw, json)
Hash identifier:          lS1yfZvKNT58r1sD+h0HOO8NbAFRepY2JHzkF+tvtyU=
Subject key identifier:   85:A4:4D:59:3A:26:B4:FE:3D:C6:CA:97:5A:CB:74:D7:E0:7D:3F:01
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       2396C77EE5797A80C7F35AD895B7E76F66395519
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa
Signing time:             Fri 26 Sep 2025 20:20:10 +0000
ROA not before:           Fri 26 Sep 2025 20:20:10 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.139.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:96:c7:7e:e5:79:7a:80:c7:f3:5a:d8:95:b7:e7:6f:66:39:55:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 26 20:20:10 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=f3d9c7309128b791a790442962058d0f6623f9628bb64dc660eb4365a47b0e66, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e3:7f:78:5c:9a:6f:b4:c3:9a:30:d6:be:ee:
                    54:b1:f7:43:67:98:1d:ff:51:4f:59:e2:fa:77:f9:
                    e0:41:eb:95:23:7a:99:a2:0d:78:f5:30:9b:c0:d1:
                    47:48:bf:67:9c:53:ce:2e:ca:54:c9:8f:83:7f:64:
                    20:2f:8c:7f:39:1b:9f:9d:c5:4a:fc:4e:ea:00:09:
                    99:f3:71:9d:bc:98:47:73:f4:33:f7:32:45:b7:af:
                    91:59:d4:77:69:f1:c2:98:90:dc:9b:e4:2b:e7:71:
                    52:ec:67:3e:b8:45:bd:03:17:63:e6:3c:65:34:6b:
                    c5:17:ca:03:71:ce:82:16:c2:0d:29:c4:e0:91:15:
                    c2:df:7a:de:e6:74:8e:20:8e:5f:76:4c:45:68:bb:
                    32:ca:f0:26:8e:55:33:77:c5:f2:10:a2:0e:99:dc:
                    ff:3c:c7:0f:75:93:82:4a:bc:92:d6:56:b2:5b:dd:
                    68:fe:8f:7b:5c:8c:ec:e2:a8:9f:00:21:75:39:b1:
                    b5:60:33:3d:9b:6a:97:da:54:7b:30:a3:59:8b:e0:
                    9e:c2:65:c6:fd:1d:51:ae:22:d1:ba:20:0c:4e:d6:
                    32:07:e7:1e:c6:fd:4e:59:9a:c0:b6:a6:c2:a7:2c:
                    e6:93:b4:14:d8:8f:76:c5:a5:0e:c5:37:f5:aa:21:
                    03:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:A4:4D:59:3A:26:B4:FE:3D:C6:CA:97:5A:CB:74:D7:E0:7D:3F:01
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.139.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d3:52:83:4c:63:91:38:fd:03:a6:55:83:46:f3:17:03:13:4d:
         9e:df:bf:e1:b9:94:a1:6b:d3:30:a1:de:02:69:ad:23:36:eb:
         4a:91:9b:88:1e:1e:af:4a:42:da:09:81:61:19:53:e7:a6:8b:
         b0:66:06:16:1e:7c:e9:b1:cb:89:cd:c3:9f:48:20:fc:b3:37:
         ff:d9:76:80:25:e6:c9:61:a9:ea:aa:89:6e:db:87:e6:21:d6:
         c2:b7:13:e7:35:21:d3:d8:3d:5a:81:f0:da:5c:f0:5a:5c:76:
         1d:c8:65:67:b1:a3:c5:59:5a:ca:78:17:37:2f:aa:d0:09:2c:
         95:8c:b0:19:b4:0c:0c:e5:1a:8a:f3:ba:81:62:ee:b9:0f:fd:
         f7:07:7a:ad:da:81:0d:7f:ef:b2:56:a3:e9:8a:82:a6:9b:63:
         18:f1:62:58:16:df:bb:f8:d8:71:f9:d1:ab:73:58:e2:4d:5b:
         f6:b1:c7:5c:6a:86:68:ae:c9:78:17:83:03:05:cf:de:88:7a:
         99:91:d1:c2:f9:8f:9f:ba:7d:66:7c:23:06:61:2e:6b:ca:87:
         7b:9b:0c:53:12:e2:38:84:05:ba:4e:ef:13:65:d9:64:fd:8c:
         ee:e7:e0:43:b5:a7:05:05:99:84:44:50:9d:ff:2b:45:d6:eb:
         b0:aa:6f:7b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUI5bHfuV5eoDH81rYlbfnb2Y5VRkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDIwMTBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGYzZDljNzMwOTEyOGI3OTFhNzkwNDQyOTYyMDU4ZDBmNjYyM2Y5NjI4YmI2
NGRjNjYwZWI0MzY1YTQ3YjBlNjYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALHjf3hcmm+0w5ow1r7uVLH3Q2eYHf9RT1ni+nf54EHrlSN6maINePUwm8DR
R0i/Z5xTzi7KVMmPg39kIC+Mfzkbn53FSvxO6gAJmfNxnbyYR3P0M/cyRbevkVnU
d2nxwpiQ3JvkK+dxUuxnPrhFvQMXY+Y8ZTRrxRfKA3HOghbCDSnE4JEVwt963uZ0
jiCOX3ZMRWi7MsrwJo5VM3fF8hCiDpnc/zzHD3WTgkq8ktZWslvdaP6Pe1yM7OKo
nwAhdTmxtWAzPZtql9pUezCjWYvgnsJlxv0dUa4i0bogDE7WMgfnHsb9TlmawLam
wqcs5pO0FNiPdsWlDsU39aohA0MCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSFpE1Z
Oia0/j3Gypday3TX4H0/ATAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWEzZWFlNWMtMDI3ZS00YzM4LWFiOGUtMzMwYjNlNWJhZDk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOLMA0G
CSqGSIb3DQEBCwUAA4IBAQDTUoNMY5E4/QOmVYNG8xcDE02e37/huZSha9Mwod4C
aa0jNutKkZuIHh6vSkLaCYFhGVPnpouwZgYWHnzpscuJzcOfSCD8szf/2XaAJebJ
Yanqqolu24fmIdbCtxPnNSHT2D1agfDaXPBaXHYdyGVnsaPFWVrKeBc3L6rQCSyV
jLAZtAwM5RqK87qBYu65D/33B3qt2oENf++yVqPpioKmm2MY8WJYFt+7+Nhx+dGr
c1jiTVv2scdcaoZorsl4F4MDBc/eiHqZkdHC+Y+fun1mfCMGYS5ryod7mwxTEuI4
hAW6Tu8TZdlk/Yzu5+BDtacFBZmERFCd/ytF1uuwqm97
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:07 2025 by rpki-client