Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dbc88f4b-781b-45e4-8402-e6b216deacc3.roa
File:                     dbc88f4b-781b-45e4-8402-e6b216deacc3.roa (raw, json)
Hash identifier:          UPw06zR3avv+X99O4xNCkfMJ/M0EPrY3bA5hqscaWng=
Subject key identifier:   2C:96:05:1B:30:5E:B3:DB:5F:56:17:BC:EF:07:23:98:01:CB:72:83
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       519BD673777C502B0A9DF44347FAA2ABED4F576A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dbc88f4b-781b-45e4-8402-e6b216deacc3.roa
Signing time:             Mon 16 Jun 2025 21:50:08 +0000
ROA not before:           Mon 16 Jun 2025 21:50:08 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        151.176.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 14:23:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:9b:d6:73:77:7c:50:2b:0a:9d:f4:43:47:fa:a2:ab:ed:4f:57:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 16 21:50:08 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=4412456e6e916cd1db59b8a800864a163dc70a4aba7521874057bb3065c80c04, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8f:64:0c:82:67:55:18:e6:12:be:1e:0c:32:
                    cf:a0:2a:70:c0:3f:57:1b:1f:6a:75:10:42:aa:7e:
                    de:3c:0e:11:b1:c4:af:e7:e5:96:33:a2:4a:18:bb:
                    eb:dc:0e:f0:da:38:bf:9d:22:6b:4e:71:28:b3:eb:
                    77:e4:e2:33:dc:06:14:6f:00:79:1b:b1:ec:75:bd:
                    d3:66:3b:6c:13:da:8d:d8:92:52:cb:57:28:ce:93:
                    3b:99:5b:18:c5:29:97:5b:93:3c:12:e3:40:35:f3:
                    7a:35:6b:f9:f0:b0:e7:22:40:61:33:f6:bd:1b:f2:
                    90:5a:54:fb:81:50:d5:a5:f0:0b:40:08:e2:c0:ab:
                    cf:0b:19:ee:0b:cd:6e:2e:69:3d:69:f4:95:55:60:
                    a7:28:fa:02:5c:9e:35:26:74:a8:16:f4:5c:51:a7:
                    cb:03:90:40:46:33:43:fd:05:03:ed:a0:b4:cd:81:
                    a1:d1:da:b1:b1:19:8a:48:ff:e2:15:7b:5c:5c:bf:
                    7a:1b:a7:30:de:99:47:a7:c2:60:dc:ff:7c:01:ee:
                    61:c3:ea:64:10:45:7b:2a:8b:c9:21:a5:00:f1:71:
                    66:cc:56:ba:1c:d7:e3:ea:b8:79:76:f4:18:79:62:
                    19:57:2b:a4:54:2b:da:77:74:a4:2e:fe:68:0c:86:
                    49:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:96:05:1B:30:5E:B3:DB:5F:56:17:BC:EF:07:23:98:01:CB:72:83
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dbc88f4b-781b-45e4-8402-e6b216deacc3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.176.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ce:6f:ad:16:f7:a4:89:3a:7c:95:40:65:7c:13:87:f9:ba:03:
         d5:80:2f:bd:a2:8b:30:31:41:cc:1f:cf:88:db:00:cd:44:8c:
         02:29:52:9c:37:97:dc:4f:05:81:bf:5d:95:1c:f5:eb:62:0e:
         d9:d3:cb:11:bb:64:5c:4d:1f:f7:c3:e5:ed:f3:ca:ce:c2:ad:
         51:e6:2f:d6:02:43:76:39:8c:27:be:be:6b:34:f5:a9:90:82:
         01:9b:6d:3f:f7:70:bd:99:f8:54:bb:e5:a2:37:52:62:22:a9:
         04:e5:d5:cc:e2:32:35:99:2b:ee:23:fc:fd:0c:cf:27:d2:a7:
         db:d9:e8:b7:3e:c6:fc:e4:dd:66:a5:14:4d:25:b1:6e:f2:e1:
         6e:e5:d3:72:6c:a8:9f:99:c8:e9:3c:03:fd:57:a6:7b:ee:9f:
         d2:e3:14:3d:34:78:c2:d1:28:48:7b:6d:03:bb:42:fc:b9:2e:
         61:a3:b3:cb:0c:94:2f:0e:5e:76:3e:14:53:54:d5:4f:57:09:
         1e:e5:87:49:ac:df:8f:7b:b1:83:e9:4a:38:a9:c0:3d:65:13:
         e1:11:1a:65:9e:ab:84:11:e6:10:f9:bf:e6:e3:c5:68:ad:09:
         a7:4c:5c:19:44:c7:b7:89:ca:99:d2:4c:ab:13:3b:76:e4:33:
         85:71:d6:15
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUUZvWc3d8UCsKnfRDR/qiq+1PV2owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA2MTYyMTUwMDhaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ0MTI0NTZlNmU5MTZjZDFkYjU5YjhhODAwODY0YTE2M2RjNzBhNGFiYTc1
MjE4NzQwNTdiYjMwNjVjODBjMDQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKKPZAyCZ1UY5hK+Hgwyz6AqcMA/VxsfanUQQqp+3jwOEbHEr+flljOiShi7
69wO8No4v50ia05xKLPrd+TiM9wGFG8AeRux7HW902Y7bBPajdiSUstXKM6TO5lb
GMUpl1uTPBLjQDXzejVr+fCw5yJAYTP2vRvykFpU+4FQ1aXwC0AI4sCrzwsZ7gvN
bi5pPWn0lVVgpyj6AlyeNSZ0qBb0XFGnywOQQEYzQ/0FA+2gtM2BodHasbEZikj/
4hV7XFy/ehunMN6ZR6fCYNz/fAHuYcPqZBBFeyqLySGlAPFxZsxWuhzX4+q4eXb0
GHliGVcrpFQr2nd0pC7+aAyGSSkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQslgUb
MF6z219WF7zvByOYActygzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGJjODhmNGItNzgxYi00NWU0LTg0MDItZTZiMjE2ZGVhY2MzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJewMA0G
CSqGSIb3DQEBCwUAA4IBAQDOb60W96SJOnyVQGV8E4f5ugPVgC+9ooswMUHMH8+I
2wDNRIwCKVKcN5fcTwWBv12VHPXrYg7Z08sRu2RcTR/3w+Xt88rOwq1R5i/WAkN2
OYwnvr5rNPWpkIIBm20/93C9mfhUu+WiN1JiIqkE5dXM4jI1mSvuI/z9DM8n0qfb
2ei3Psb85N1mpRRNJbFu8uFu5dNybKifmcjpPAP9V6Z77p/S4xQ9NHjC0ShIe20D
u0L8uS5ho7PLDJQvDl52PhRTVNVPVwke5YdJrN+Pe7GD6Uo4qcA9ZRPhERplnquE
EeYQ+b/m48VorQmnTFwZRMe3icqZ0kyrEzt25DOFcdYV
-----END CERTIFICATE-----
Generated at Mon Jun 30 23:14:52 2025 by rpki-client