Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/49b2b5d5-46a7-42a3-9900-bcb7e3edffdb.roa
File:                     49b2b5d5-46a7-42a3-9900-bcb7e3edffdb.roa (raw, json)
Hash identifier:          iyjxBBFcjFrlqFLUDvYppPt7pQ79XRiObZaKdwBQVD8=
Subject key identifier:   24:F2:9F:EE:BD:EF:D4:2C:B8:88:22:4C:E7:60:73:B1:79:D7:FC:2B
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       3C76C8979FC9EFF95F771D7A366D2083DC206F20
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/49b2b5d5-46a7-42a3-9900-bcb7e3edffdb.roa
Signing time:             Fri 26 Sep 2025 20:20:35 +0000
ROA not before:           Fri 26 Sep 2025 20:20:35 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.192.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:76:c8:97:9f:c9:ef:f9:5f:77:1d:7a:36:6d:20:83:dc:20:6f:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 26 20:20:35 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=14e7fee5b73a6e3180236116b49ec64ef5c868f5bcd4f434258f40f4e6c9378e, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:1a:95:6e:6a:3e:91:a6:13:1e:ce:fb:b5:58:
                    13:3a:c3:06:96:a5:40:b2:7d:b1:9b:89:26:0b:0b:
                    19:4d:12:20:41:c8:9f:34:4c:e5:42:e5:58:42:cc:
                    d8:ab:8d:45:ba:0e:9c:91:53:65:75:87:d1:70:de:
                    1a:26:0b:da:3c:1b:66:34:3a:90:b0:91:0b:8f:1e:
                    e5:b8:87:68:5c:4f:bd:1b:11:75:0e:9c:78:d5:d3:
                    e8:05:a5:ce:67:6c:c3:0b:f2:57:ec:54:56:07:d2:
                    50:be:b9:7f:50:65:17:d1:8e:c2:d3:f1:0a:9b:c7:
                    91:27:c4:eb:1f:4d:9d:1b:f6:c8:4d:c3:29:3e:a0:
                    bc:bc:7c:00:e8:75:3b:f8:7b:a7:aa:9c:75:8f:b6:
                    e9:64:3f:25:32:f7:49:ac:67:a4:94:64:15:32:af:
                    6d:ea:c8:f9:e8:bf:40:95:1c:2d:91:61:07:2c:a6:
                    84:36:35:73:63:55:28:de:cc:f6:68:c5:ba:08:8f:
                    33:51:15:69:03:d1:cb:62:3e:fd:38:f0:4f:bb:69:
                    11:4d:db:b1:34:6e:b7:b5:2f:8b:55:60:b4:aa:25:
                    d7:00:83:a9:35:d1:62:a2:fb:5e:bc:01:96:b3:67:
                    fe:28:56:39:b7:ee:6c:d5:a9:07:a5:d9:9c:84:c0:
                    9b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:F2:9F:EE:BD:EF:D4:2C:B8:88:22:4C:E7:60:73:B1:79:D7:FC:2B
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/49b2b5d5-46a7-42a3-9900-bcb7e3edffdb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.192.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         2f:66:d2:9c:29:d6:f6:f6:dd:39:c9:87:02:07:81:4d:36:9c:
         6b:ab:a6:68:ad:37:60:a8:4e:7d:a9:ae:a2:18:29:59:14:2e:
         e0:39:34:ed:3a:c7:55:5b:47:f2:a9:3f:a1:7d:5c:17:09:07:
         d9:bb:6c:d1:ec:2a:60:8b:49:98:d6:13:6a:26:3c:fd:62:bb:
         8d:ca:72:ea:51:e4:83:04:61:db:d1:98:c6:8e:c4:06:27:61:
         94:db:51:bf:d9:12:7b:63:7c:19:0e:5b:d3:09:ea:16:ec:66:
         d0:ce:89:67:d4:c3:52:3f:b2:5c:3b:d4:4c:17:2f:40:49:7b:
         2c:30:02:71:03:ac:40:61:e3:5b:37:bb:97:50:aa:7c:81:53:
         f9:70:97:48:00:5b:6b:a8:da:e4:a3:d6:92:a6:57:c8:78:62:
         59:fb:e8:f4:1a:a5:20:cd:71:13:75:ac:23:cb:05:c7:60:40:
         a2:a5:87:ba:0d:4e:72:94:74:24:2e:0b:0e:34:2a:0a:6c:76:
         10:e9:9d:a5:fa:ea:fd:89:23:74:03:1a:25:e5:7b:4a:4f:e6:
         ee:07:a5:f6:ed:8d:28:34:3d:2f:67:24:44:b7:31:21:16:da:
         69:5d:42:bf:cc:31:7a:ba:45:89:98:36:28:5c:ca:3a:14:61:
         a6:66:07:da
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUPHbIl5/J7/lfdx16Nm0gg9wgbyAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDIwMzVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDE0ZTdmZWU1YjczYTZlMzE4MDIzNjExNmI0OWVjNjRlZjVjODY4ZjViY2Q0
ZjQzNDI1OGY0MGY0ZTZjOTM3OGUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANkalW5qPpGmEx7O+7VYEzrDBpalQLJ9sZuJJgsLGU0SIEHInzRM5ULlWELM
2KuNRboOnJFTZXWH0XDeGiYL2jwbZjQ6kLCRC48e5biHaFxPvRsRdQ6ceNXT6AWl
zmdswwvyV+xUVgfSUL65f1BlF9GOwtPxCpvHkSfE6x9NnRv2yE3DKT6gvLx8AOh1
O/h7p6qcdY+26WQ/JTL3SaxnpJRkFTKvberI+ei/QJUcLZFhByymhDY1c2NVKN7M
9mjFugiPM1EVaQPRy2I+/TjwT7tpEU3bsTRut7Uvi1VgtKol1wCDqTXRYqL7XrwB
lrNn/ihWObfubNWpB6XZnITAmyECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQk8p/u
ve/ULLiIIkznYHOxedf8KzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDliMmI1ZDUtNDZhNy00MmEzLTk5MDAtYmNiN2UzZWRmZmRiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPAMA0G
CSqGSIb3DQEBCwUAA4IBAQAvZtKcKdb29t05yYcCB4FNNpxrq6ZorTdgqE59qa6i
GClZFC7gOTTtOsdVW0fyqT+hfVwXCQfZu2zR7Cpgi0mY1hNqJjz9YruNynLqUeSD
BGHb0ZjGjsQGJ2GU21G/2RJ7Y3wZDlvTCeoW7GbQzoln1MNSP7JcO9RMFy9ASXss
MAJxA6xAYeNbN7uXUKp8gVP5cJdIAFtrqNrko9aSplfIeGJZ++j0GqUgzXETdawj
ywXHYECipYe6DU5ylHQkLgsONCoKbHYQ6Z2l+ur9iSN0Axol5XtKT+buB6X27Y0o
ND0vZyREtzEhFtppXUK/zDF6ukWJmDYoXMo6FGGmZgfa
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:34:46 2025 by rpki-client