Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
File:                     397b5a86-52b0-4a8c-87de-e6da77812b46.roa (raw, json)
Hash identifier:          vvxoxYjNHLvO0vU7s8o/KctuJlGu7hBQNOxVIXCzRTk=
Subject key identifier:   B1:7C:67:39:26:D8:42:EB:8B:8B:9E:B3:BF:00:D9:E0:F2:F1:B9:C4
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       081EA97BFB06E66D4A10DDFCCA42547393264BA5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
Signing time:             Fri 26 Sep 2025 20:39:39 +0000
ROA not before:           Fri 26 Sep 2025 20:39:39 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.248.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:1e:a9:7b:fb:06:e6:6d:4a:10:dd:fc:ca:42:54:73:93:26:4b:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 26 20:39:39 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=e0884ae001ee3d45f70376112cb435ac7701acc347e917c4d92250a9ed1ae000, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:cb:be:e9:39:8c:d9:0d:65:f1:bc:be:c3:0f:
                    9a:14:ee:d5:02:80:e3:b3:da:6f:de:d3:63:ee:f0:
                    60:b2:af:86:d8:fe:18:72:3a:e0:24:b2:f1:20:b9:
                    47:2a:69:4f:ce:56:a0:2f:6f:13:a2:bb:01:04:36:
                    74:cc:a0:ab:e1:d5:58:cf:29:25:40:38:8c:1c:3d:
                    47:2c:b3:fc:f7:da:a4:53:ad:93:1b:d8:a7:88:19:
                    99:c0:7e:75:44:b8:b1:41:cc:98:52:54:a1:69:21:
                    ad:4a:56:31:8c:c7:6b:c2:f2:ad:35:65:e4:87:81:
                    17:36:36:93:d6:3f:1a:96:71:f2:98:88:06:49:97:
                    9d:67:94:83:cc:81:80:26:3b:77:2e:55:f6:b3:1d:
                    82:a4:0c:43:60:5f:45:e3:37:23:b9:c5:d7:59:4b:
                    fa:97:75:f0:1b:58:a4:29:a3:15:50:83:2d:65:d0:
                    92:cb:05:a6:b8:b7:80:1d:29:c4:3e:28:88:48:e3:
                    2e:c1:2c:a6:d9:a0:b0:b2:de:1b:ed:e4:5b:58:f2:
                    7d:2e:d0:9c:49:28:de:d8:41:a3:60:46:87:4e:7e:
                    fb:e7:04:d5:75:37:b9:13:2f:dd:75:75:35:fe:78:
                    7c:eb:42:4b:c2:e7:59:04:77:31:ec:50:75:49:4d:
                    0c:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:7C:67:39:26:D8:42:EB:8B:8B:9E:B3:BF:00:D9:E0:F2:F1:B9:C4
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.248.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         d7:ad:c1:52:17:43:2b:87:21:d3:08:6a:29:be:c7:b6:64:ab:
         65:cd:0b:3d:ae:6e:e6:51:07:1b:75:6b:a2:31:f8:e1:a1:e3:
         a6:87:2c:ce:d2:c0:42:63:e4:1b:23:26:e9:e1:49:8b:59:86:
         7a:d3:b5:e2:6a:b6:6b:a2:26:c6:af:67:7a:00:17:2d:c6:26:
         23:26:4d:65:8f:db:24:94:d7:f9:77:9e:53:6e:60:e2:fe:19:
         a1:af:60:86:d2:da:fc:b6:8c:2b:2c:34:a6:9e:dc:bc:0e:15:
         71:65:14:13:48:fa:9a:48:bd:23:71:bf:bb:ad:2d:58:ee:b2:
         18:8e:6d:20:ca:b4:d7:70:92:2b:84:20:9b:12:e6:d4:f2:b6:
         7b:f6:2e:34:1a:c4:45:4a:ff:0a:8e:3b:23:ee:36:8f:49:1b:
         55:85:c4:ca:b9:2a:fc:59:b9:43:81:77:a6:6c:ad:15:8f:23:
         cc:00:b0:f1:4c:63:25:62:4f:aa:85:db:79:07:d1:4a:d9:2a:
         dc:25:e5:0a:e4:e9:c5:83:29:8c:8f:d4:40:cb:e6:96:49:75:
         cf:83:50:fc:6f:ee:37:36:06:c9:e7:d2:90:d8:e5:d6:a5:bc:
         ad:0a:8c:d5:46:49:22:b9:8f:2e:41:2f:d8:96:32:5f:d0:e1:
         90:4d:d8:1b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUCB6pe/sG5m1KEN38ykJUc5MmS6UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDM5MzlaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGUwODg0YWUwMDFlZTNkNDVmNzAzNzYxMTJjYjQzNWFjNzcwMWFjYzM0N2U5
MTdjNGQ5MjI1MGE5ZWQxYWUwMDAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKzLvuk5jNkNZfG8vsMPmhTu1QKA47Pab97TY+7wYLKvhtj+GHI64CSy8SC5
RyppT85WoC9vE6K7AQQ2dMygq+HVWM8pJUA4jBw9Ryyz/PfapFOtkxvYp4gZmcB+
dUS4sUHMmFJUoWkhrUpWMYzHa8LyrTVl5IeBFzY2k9Y/GpZx8piIBkmXnWeUg8yB
gCY7dy5V9rMdgqQMQ2BfReM3I7nF11lL+pd18BtYpCmjFVCDLWXQkssFpri3gB0p
xD4oiEjjLsEsptmgsLLeG+3kW1jyfS7QnEko3thBo2BGh05+++cE1XU3uRMv3XV1
Nf54fOtCS8LnWQR3MexQdUlNDPcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSxfGc5
JthC64uLnrO/ANng8vG5xDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Mzk3YjVhODYtNTJiMC00YThjLTg3ZGUtZTZkYTc3ODEyYjQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATP4MA0G
CSqGSIb3DQEBCwUAA4IBAQDXrcFSF0MrhyHTCGopvse2ZKtlzQs9rm7mUQcbdWui
MfjhoeOmhyzO0sBCY+QbIybp4UmLWYZ607XiarZroibGr2d6ABctxiYjJk1lj9sk
lNf5d55TbmDi/hmhr2CG0tr8towrLDSmnty8DhVxZRQTSPqaSL0jcb+7rS1Y7rIY
jm0gyrTXcJIrhCCbEubU8rZ79i40GsRFSv8Kjjsj7jaPSRtVhcTKuSr8WblDgXem
bK0VjyPMALDxTGMlYk+qhdt5B9FK2SrcJeUK5OnFgymMj9RAy+aWSXXPg1D8b+43
NgbJ59KQ2OXWpbytCozVRkkiuY8uQS/YljJf0OGQTdgb
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:34:35 2025 by rpki-client