Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/39032a05-08aa-42f2-98fc-8aa6aeee1dc2.roa
File:                     39032a05-08aa-42f2-98fc-8aa6aeee1dc2.roa (raw, json)
Hash identifier:          ry3GtOXGqSPjvjIyO6YgLRb9eALcq5l7T8mjuIcUj/w=
Subject key identifier:   E1:80:B6:49:CC:1D:C7:9F:9F:73:CB:E6:48:CA:09:3B:87:16:E8:DA
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       65EAE852CC2D824513F6AA19B75F45C3810DA268
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/39032a05-08aa-42f2-98fc-8aa6aeee1dc2.roa
Signing time:             Sat 27 Sep 2025 00:52:38 +0000
ROA not before:           Sat 27 Sep 2025 00:52:38 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.0.80.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:ea:e8:52:cc:2d:82:45:13:f6:aa:19:b7:5f:45:c3:81:0d:a2:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 27 00:52:38 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=1e6b13330a4637e53aa50d207e5e291340e155618dc89c12335571e4830ed7a6, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:06:65:92:35:8b:47:83:37:23:6d:c8:87:02:
                    92:1b:2e:dd:84:95:23:a0:2b:24:a7:4a:21:b6:6c:
                    5f:12:67:5b:35:51:53:e2:7c:fc:36:b3:d9:e1:3a:
                    6a:9b:65:95:2f:69:6d:af:5b:7a:9e:69:2b:c4:21:
                    45:b3:7f:aa:52:67:62:f5:be:4d:75:8e:71:63:40:
                    97:29:01:d5:6e:25:eb:c8:11:8f:a1:40:a0:d4:ec:
                    dc:10:ed:b8:77:b1:98:0e:35:88:67:ed:0d:92:f4:
                    31:f6:bb:ad:e9:a1:61:a0:d0:58:f6:8a:51:27:21:
                    ba:5c:09:d5:ae:d8:3e:81:d7:78:8d:73:d2:15:56:
                    f3:0c:ce:a9:94:0d:17:af:47:dd:a6:cc:a0:48:6c:
                    38:db:0a:3d:70:14:b5:79:ac:63:a1:bc:82:af:a4:
                    57:6a:c3:5c:9a:3b:b2:f9:a5:5d:54:20:da:97:7a:
                    2b:98:98:84:14:a2:30:86:2c:67:77:c2:eb:96:cd:
                    f2:3e:46:6d:c1:f4:bf:3d:27:5a:a6:73:d1:cc:6b:
                    4e:6a:ab:68:1b:f0:80:de:23:eb:5d:d6:d6:6d:ec:
                    4e:50:da:89:96:c6:0a:26:6b:0a:9e:80:82:f1:cb:
                    19:f7:d5:bf:e7:5f:9c:dd:38:96:b4:25:b6:f7:47:
                    d1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:80:B6:49:CC:1D:C7:9F:9F:73:CB:E6:48:CA:09:3B:87:16:E8:DA
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/39032a05-08aa-42f2-98fc-8aa6aeee1dc2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.0.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1f:5f:6c:ae:22:e8:f6:62:b8:25:ae:65:7d:87:b8:81:f6:57:
         e6:63:ea:0a:0d:77:69:5d:ec:ee:0e:d5:b6:f3:08:bf:2a:c4:
         ec:16:ee:0d:b0:bd:39:f0:9e:36:8a:ad:ea:cd:a7:38:e3:4c:
         16:9e:01:4c:b9:80:e0:65:4f:5f:49:11:12:1f:29:4f:7c:03:
         70:27:22:91:a0:ea:bd:10:c0:3d:21:5f:cc:b5:55:93:21:d1:
         39:a3:6e:c8:f6:2a:52:e6:93:68:52:c2:0e:9b:89:3b:4d:38:
         89:1c:2f:96:ac:a7:3c:a8:90:fc:ab:fc:c3:17:31:4a:82:16:
         df:46:df:3f:c0:c7:87:11:6a:a4:20:fb:a4:ad:19:64:dc:73:
         f8:da:a2:8b:8c:e3:f1:78:75:43:32:b9:5b:17:ed:4c:0b:08:
         a1:84:6c:29:a2:70:77:d8:3f:8e:ca:d8:33:b7:62:93:3b:15:
         a2:1f:dd:22:23:f7:6c:eb:86:18:03:a2:17:d9:af:3b:57:b6:
         28:1b:db:66:6f:ed:65:6f:1d:df:95:06:dd:ae:b9:f5:a7:08:
         e8:ad:b2:cc:db:50:4e:73:34:19:19:ff:6b:3e:47:40:2e:21:
         b1:72:22:93:b5:c6:3b:83:80:5c:21:51:a1:5d:2a:ba:3d:67:
         89:50:a6:4a
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUZeroUswtgkUT9qoZt19Fw4ENomgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjcwMDUyMzhaFw0yNTExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQDFlNmIxMzMzMGE0NjM3ZTUzYWE1MGQyMDdlNWUyOTEzNDBlMTU1NjE4ZGM4
OWMxMjMzNTU3MWU0ODMwZWQ3YTYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOUGZZI1i0eDNyNtyIcCkhsu3YSVI6ArJKdKIbZsXxJnWzVRU+J8/Daz2eE6
aptllS9pba9bep5pK8QhRbN/qlJnYvW+TXWOcWNAlykB1W4l68gRj6FAoNTs3BDt
uHexmA41iGftDZL0Mfa7remhYaDQWPaKUSchulwJ1a7YPoHXeI1z0hVW8wzOqZQN
F69H3abMoEhsONsKPXAUtXmsY6G8gq+kV2rDXJo7svmlXVQg2pd6K5iYhBSiMIYs
Z3fC65bN8j5GbcH0vz0nWqZz0cxrTmqraBvwgN4j613W1m3sTlDaiZbGCiZrCp6A
gvHLGffVv+dfnN04lrQltvdH0X8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBThgLZJ
zB3Hn59zy+ZIygk7hxbo2jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzkwMzJhMDUtMDhhYS00MmYyLTk4ZmMtOGFhNmFlZWUxZGMyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAUDAN
BgkqhkiG9w0BAQsFAAOCAQEAH19sriLo9mK4Ja5lfYe4gfZX5mPqCg13aV3s7g7V
tvMIvyrE7BbuDbC9OfCeNoqt6s2nOONMFp4BTLmA4GVPX0kREh8pT3wDcCcikaDq
vRDAPSFfzLVVkyHROaNuyPYqUuaTaFLCDpuJO004iRwvlqynPKiQ/Kv8wxcxSoIW
30bfP8DHhxFqpCD7pK0ZZNxz+Nqii4zj8Xh1QzK5WxftTAsIoYRsKaJwd9g/jsrY
M7dikzsVoh/dIiP3bOuGGAOiF9mvO1e2KBvbZm/tZW8d35UG3a659acI6K2yzNtQ
TnM0GRn/az5HQC4hsXIik7XGO4OAXCFRoV0quj1niVCmSg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:34:39 2025 by rpki-client