Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/207ef309-dcb5-4264-bf57-0d52fea079cd.roa
File:                     207ef309-dcb5-4264-bf57-0d52fea079cd.roa (raw, json)
Hash identifier:          F3KeOQ8z7S3RSilTVHljo1X9h9Bn+gue3s/7f8UJe3I=
Subject key identifier:   5C:62:8D:F4:24:40:CF:66:C7:1F:6E:82:A9:A7:27:A6:3D:88:A4:71
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       7FDB250B04F972FE5BCF65F231FDE70441E9C81C
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/207ef309-dcb5-4264-bf57-0d52fea079cd.roa
Signing time:             Mon 06 Oct 2025 18:10:29 +0000
ROA not before:           Mon 06 Oct 2025 18:10:29 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        130.24.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:db:25:0b:04:f9:72:fe:5b:cf:65:f2:31:fd:e7:04:41:e9:c8:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Oct  6 18:10:29 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=6598af68ca7b64950a07a2d2ab472140653f2c82311d510f9caf08c87ec87387, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:be:e4:c9:47:12:61:36:1c:fe:17:ac:ff:9b:
                    ec:9f:48:c6:44:7f:f7:5e:d8:67:35:29:16:74:ce:
                    ea:3a:32:07:45:f7:d0:2b:31:38:4b:28:7b:c2:a9:
                    38:f0:3c:b7:15:22:a1:d3:7c:bd:2d:63:b2:c5:77:
                    c1:83:44:ca:e5:72:3c:51:a6:0e:f4:9b:a3:83:c4:
                    6e:26:aa:e5:f2:7c:4c:e4:e1:e7:c7:79:f1:99:01:
                    70:66:42:dd:88:7d:8b:d9:9d:49:10:b6:df:be:af:
                    6b:69:33:6c:cd:03:4d:0b:8a:bc:cd:da:ff:f7:2d:
                    20:6a:26:8d:9b:2d:63:bc:b5:03:33:12:db:5d:70:
                    11:08:e8:b8:1a:3f:d0:26:f3:a4:e9:21:fe:12:41:
                    46:08:ba:14:f1:0c:e3:92:82:0e:65:80:67:4f:78:
                    74:b6:a5:e2:af:31:be:fd:6b:98:70:6d:54:52:ab:
                    97:a3:31:75:a3:45:a9:b5:6b:b4:a4:83:7a:95:ac:
                    17:e2:66:24:bd:3d:13:f9:9f:ba:3e:e7:1d:bb:02:
                    32:9b:32:d2:53:1f:9f:eb:74:bf:c4:ac:a8:cd:e2:
                    96:c9:5e:f4:c2:c4:e5:4e:83:a8:e0:89:b8:09:53:
                    58:c6:ad:da:6a:97:62:3d:b7:53:0d:f5:a2:20:6e:
                    6b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:62:8D:F4:24:40:CF:66:C7:1F:6E:82:A9:A7:27:A6:3D:88:A4:71
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/207ef309-dcb5-4264-bf57-0d52fea079cd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.24.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         00:29:80:5a:8b:3d:a9:71:43:1c:30:da:ec:89:c5:ec:c9:d7:
         0a:85:3f:ea:2e:b5:b1:d5:9c:db:53:6d:cb:d9:06:c7:d9:b1:
         4d:97:2d:2a:bc:84:c2:50:65:68:46:43:45:66:0e:b2:01:86:
         c6:1c:b9:fa:5c:c7:47:15:a5:ff:26:e5:4c:7d:c7:e9:d9:d0:
         e0:a6:d4:cd:93:9b:bd:db:64:14:af:b3:2c:68:77:b1:89:fe:
         c5:23:5a:9e:ab:12:ca:8a:be:07:9b:ea:14:52:a7:f8:18:26:
         e0:1c:f9:93:fb:8b:1b:a2:1c:26:50:ac:2c:44:63:69:13:54:
         1d:09:f6:17:fc:14:c4:de:39:bd:9e:4a:56:62:5d:9a:90:75:
         a0:2a:f5:ce:86:09:23:7d:8f:b7:21:db:b3:9d:97:fa:94:d6:
         f8:ce:af:f3:8c:16:6d:9d:f3:be:f8:22:36:ad:b2:71:84:1b:
         9b:b8:a0:75:e6:cc:5b:a4:e3:29:f0:2c:bf:bc:2c:8e:31:fd:
         f7:2d:e1:02:7d:2c:95:83:ea:2b:92:38:9b:c5:d5:28:a4:37:
         79:f0:12:12:18:f7:2d:e3:4b:58:b3:50:bc:c0:74:f7:e3:d9:
         9e:6c:94:22:d4:60:0d:37:ee:8a:54:41:a6:f3:d7:12:6a:a9:
         57:03:2c:21
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUf9slCwT5cv5bz2XyMf3nBEHpyBwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMDYxODEwMjlaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDY1OThhZjY4Y2E3YjY0OTUwYTA3YTJkMmFiNDcyMTQwNjUzZjJjODIzMTFk
NTEwZjljYWYwOGM4N2VjODczODcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMi+5MlHEmE2HP4XrP+b7J9IxkR/917YZzUpFnTO6joyB0X30CsxOEsoe8Kp
OPA8txUiodN8vS1jssV3wYNEyuVyPFGmDvSbo4PEbiaq5fJ8TOTh58d58ZkBcGZC
3Yh9i9mdSRC2376va2kzbM0DTQuKvM3a//ctIGomjZstY7y1AzMS211wEQjouBo/
0CbzpOkh/hJBRgi6FPEM45KCDmWAZ094dLal4q8xvv1rmHBtVFKrl6MxdaNFqbVr
tKSDepWsF+JmJL09E/mfuj7nHbsCMpsy0lMfn+t0v8SsqM3ilsle9MLE5U6DqOCJ
uAlTWMat2mqXYj23Uw31oiBua58CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRcYo30
JEDPZscfboKppyemPYikcTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MjA3ZWYzMDktZGNiNS00MjY0LWJmNTctMGQ1MmZlYTA3OWNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAIIYMA0G
CSqGSIb3DQEBCwUAA4IBAQAAKYBaiz2pcUMcMNrsicXsydcKhT/qLrWx1ZzbU23L
2QbH2bFNly0qvITCUGVoRkNFZg6yAYbGHLn6XMdHFaX/JuVMfcfp2dDgptTNk5u9
22QUr7MsaHexif7FI1qeqxLKir4Hm+oUUqf4GCbgHPmT+4sbohwmUKwsRGNpE1Qd
CfYX/BTE3jm9nkpWYl2akHWgKvXOhgkjfY+3IduznZf6lNb4zq/zjBZtnfO++CI2
rbJxhBubuKB15sxbpOMp8Cy/vCyOMf33LeECfSyVg+orkjibxdUopDd58BISGPct
40tYs1C8wHT349mebJQi1GANN+6KVEGm89cSaqlXAywh
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:04:58 2025 by rpki-client