Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/01c4adee-b8dc-44e3-959a-e4ab13e63ba7.roa
File:                     01c4adee-b8dc-44e3-959a-e4ab13e63ba7.roa (raw, json)
Hash identifier:          41SQzx+BIf5+e6EqwIYswO1h+MeeIn3uqfQ40rW95fY=
Subject key identifier:   6D:64:B6:4F:CA:B5:99:F1:91:01:18:06:D2:E9:03:EB:AB:9A:85:B1
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       64FCCDF33C4EFCBC8E5C9C770DCFEC7915F229D8
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/01c4adee-b8dc-44e3-959a-e4ab13e63ba7.roa
Signing time:             Mon 06 Oct 2025 18:10:04 +0000
ROA not before:           Mon 06 Oct 2025 18:10:04 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        83.118.234.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:fc:cd:f3:3c:4e:fc:bc:8e:5c:9c:77:0d:cf:ec:79:15:f2:29:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Oct  6 18:10:04 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=4849f66dd50fcabc649060c85caeb8e86e5a7026670786554a5597197582ac8f, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fe:1f:a4:76:4a:68:66:d5:2c:e2:3a:ba:05:
                    74:d9:31:8a:58:6d:6b:47:96:76:8e:54:4a:a8:d5:
                    98:20:68:36:a9:0f:b9:17:7f:e2:eb:e8:a1:74:b0:
                    8e:24:37:a9:a1:de:34:7b:8a:aa:10:d8:69:82:9b:
                    c5:5a:d7:5c:84:64:ba:01:d8:0c:d0:02:03:54:ca:
                    d7:1a:af:0d:02:76:10:51:87:ae:0e:9c:eb:7d:46:
                    8c:27:e0:33:af:66:39:b1:2d:ce:4b:ff:3b:d9:d0:
                    0d:b0:9f:17:66:a1:56:3d:fa:a5:18:8c:d5:75:ed:
                    c0:f7:33:10:84:09:68:ab:5b:e3:7b:b2:dd:2a:a0:
                    bd:ca:3a:68:6d:ac:51:92:05:92:34:b2:cd:dd:f7:
                    75:74:d1:ac:22:4f:d7:0f:08:17:5a:8d:e3:e8:0b:
                    83:54:73:e7:ef:48:2c:c3:f9:ed:ee:80:af:c1:2a:
                    df:36:2e:3c:2b:8b:32:73:2c:02:55:d7:c1:82:72:
                    f2:a6:49:8b:f7:5a:2b:ab:8c:b3:4f:37:81:23:ce:
                    fd:69:c1:41:f0:97:44:97:d2:5d:90:bd:66:ad:36:
                    e6:45:c6:1c:2f:ab:d1:a1:a6:8a:3f:fc:c5:7b:b2:
                    bc:e7:92:ab:70:d6:aa:b7:a5:44:bc:da:b0:9c:74:
                    b5:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:64:B6:4F:CA:B5:99:F1:91:01:18:06:D2:E9:03:EB:AB:9A:85:B1
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/01c4adee-b8dc-44e3-959a-e4ab13e63ba7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.118.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:fc:5f:cb:9b:c6:04:d2:1b:97:b1:d9:4a:b5:7b:37:59:fc:
         19:44:f2:6b:0b:65:df:92:8d:15:eb:46:e9:f4:8c:fa:16:92:
         64:f3:08:c5:8d:b4:b2:8b:6c:8e:1f:9b:4a:77:9c:84:c9:ae:
         25:a6:1e:6f:d7:71:2a:bf:69:ab:f8:09:60:7a:c9:10:c2:62:
         ad:94:18:77:98:0e:49:78:1b:db:91:f1:3f:f4:0d:4f:30:72:
         3b:11:40:cf:40:2d:2a:8d:8f:83:f1:0f:9c:7e:f5:d1:64:7a:
         9c:66:5c:3c:3f:65:82:82:a2:01:75:51:ee:0f:c1:c7:d3:ed:
         77:91:96:3b:61:10:34:42:dd:d1:33:10:b3:36:e3:8a:e3:71:
         81:a5:0f:77:78:e2:be:2a:bc:ed:f2:40:57:9f:f0:83:b2:16:
         27:d9:b7:50:cd:2a:08:ac:9e:b1:68:68:48:eb:f2:56:22:e3:
         23:ac:a2:45:9a:53:fd:70:52:a0:96:1b:99:ac:0d:e7:f5:ec:
         3c:26:56:35:d7:73:aa:60:44:56:23:db:09:6c:92:54:18:9f:
         29:8b:3d:7d:76:02:49:1e:a7:f2:e1:de:f4:79:bf:f1:ea:12:
         17:bc:d4:03:b4:a6:99:04:5b:90:4c:13:11:c6:bc:82:18:60:
         7a:f0:fc:66
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUZPzN8zxO/LyOXJx3Dc/seRXyKdgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMDYxODEwMDRaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ4NDlmNjZkZDUwZmNhYmM2NDkwNjBjODVjYWViOGU4NmU1YTcwMjY2NzA3
ODY1NTRhNTU5NzE5NzU4MmFjOGYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALH+H6R2Smhm1SziOroFdNkxilhta0eWdo5USqjVmCBoNqkPuRd/4uvooXSw
jiQ3qaHeNHuKqhDYaYKbxVrXXIRkugHYDNACA1TK1xqvDQJ2EFGHrg6c631GjCfg
M69mObEtzkv/O9nQDbCfF2ahVj36pRiM1XXtwPczEIQJaKtb43uy3Sqgvco6aG2s
UZIFkjSyzd33dXTRrCJP1w8IF1qN4+gLg1Rz5+9ILMP57e6Ar8Eq3zYuPCuLMnMs
AlXXwYJy8qZJi/daK6uMs083gSPO/WnBQfCXRJfSXZC9Zq025kXGHC+r0aGmij/8
xXuyvOeSq3DWqrelRLzasJx0tf0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRtZLZP
yrWZ8ZEBGAbS6QPrq5qFsTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MDFjNGFkZWUtYjhkYy00NGUzLTk1OWEtZTRhYjEzZTYzYmE3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVN26jAN
BgkqhkiG9w0BAQsFAAOCAQEAGfxfy5vGBNIbl7HZSrV7N1n8GUTyawtl35KNFetG
6fSM+haSZPMIxY20sotsjh+bSnechMmuJaYeb9dxKr9pq/gJYHrJEMJirZQYd5gO
SXgb25HxP/QNTzByOxFAz0AtKo2Pg/EPnH710WR6nGZcPD9lgoKiAXVR7g/Bx9Pt
d5GWO2EQNELd0TMQszbjiuNxgaUPd3jiviq87fJAV5/wg7IWJ9m3UM0qCKyesWho
SOvyViLjI6yiRZpT/XBSoJYbmawN5/XsPCZWNddzqmBEViPbCWySVBifKYs9fXYC
SR6n8uHe9Hm/8eoSF7zUA7SmmQRbkEwTEca8ghhgevD8Zg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 20:15:43 2025 by rpki-client