Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4eb66819-e335-446d-8ca8-7436f3cd196d.roa
File:                     4eb66819-e335-446d-8ca8-7436f3cd196d.roa (raw, json)
Hash identifier:          Tu7lVZkDc7r188ZqufWelLpe6oHJ+KGmqPlcdUpUqOw=
Subject key identifier:   89:67:8B:3D:1C:31:C7:68:96:B3:ED:EC:67:8B:19:81:8E:7A:7E:DA
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       096EF183722DA0BE002F355AFB20F093A8C5D5F2
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4eb66819-e335-446d-8ca8-7436f3cd196d.roa
Signing time:             Fri 26 Sep 2025 20:10:04 +0000
ROA not before:           Fri 26 Sep 2025 20:10:04 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        143.65.128.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:27:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:6e:f1:83:72:2d:a0:be:00:2f:35:5a:fb:20:f0:93:a8:c5:d5:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 26 20:10:04 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=942949df9854b4be46cd9cd5656b32f07d6e2a93027a13965f4561302e22d948, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2c:a6:2c:8b:ab:38:8c:23:63:a0:d2:75:a7:
                    dc:9f:2f:3b:74:31:b9:29:4c:e3:d2:63:e0:09:c7:
                    fa:18:86:2f:12:9a:21:87:1f:4f:1d:0a:1a:8f:a6:
                    b6:9b:82:90:b2:f2:37:5e:bd:cd:61:36:d5:ce:d7:
                    c5:41:9f:96:bb:62:ca:c0:86:4f:42:81:db:2a:6c:
                    ec:be:e6:49:c6:54:d9:29:a6:80:b0:69:5a:14:5f:
                    6f:27:5a:f7:f6:c4:2e:f4:3b:34:2d:e4:82:d9:10:
                    43:65:3d:3f:02:99:42:cf:0f:4b:1e:6e:90:e6:07:
                    6d:00:0b:42:d4:03:0b:54:db:45:95:bc:a4:3a:12:
                    d1:60:de:74:14:13:64:50:a8:f9:e4:ce:7e:2e:9b:
                    8b:ec:61:de:6e:0e:f6:ce:0a:aa:2f:74:f3:66:69:
                    e4:26:f4:dc:22:7d:13:84:75:ee:34:64:92:0d:bc:
                    18:2b:fb:09:6c:8e:7c:cb:d3:8f:89:27:13:b9:b3:
                    28:d1:2b:f6:8f:c4:d0:03:3a:53:43:45:63:43:cb:
                    31:da:ec:ef:e3:fd:9e:a8:e3:4e:8a:da:c1:2c:c5:
                    88:d1:2f:ad:8c:19:6e:6b:c7:fc:54:62:32:93:e0:
                    f6:51:9a:7a:99:88:47:49:22:3c:c3:a5:54:21:3a:
                    93:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:67:8B:3D:1C:31:C7:68:96:B3:ED:EC:67:8B:19:81:8E:7A:7E:DA
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4eb66819-e335-446d-8ca8-7436f3cd196d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.65.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         23:0f:4a:1a:88:7f:25:e2:80:4a:43:ce:6c:90:8d:21:2b:3b:
         d4:61:53:f4:b7:a9:15:a1:b6:2e:dd:07:e0:6c:85:b9:f2:1c:
         09:6e:50:7a:d3:31:d9:2a:03:35:5d:6d:e9:1c:80:e1:a5:a5:
         66:52:e0:45:cf:0a:53:67:52:89:50:9f:f7:92:58:b7:df:14:
         0c:56:9c:67:ca:f2:44:b9:af:b2:08:00:51:2e:bd:4b:97:80:
         fc:d1:46:d1:99:87:3a:4b:49:53:85:b4:7b:d4:1b:24:3c:2f:
         44:43:ed:08:48:da:4a:4f:2d:a6:3a:95:77:4d:b9:20:e7:47:
         3d:44:a7:04:ce:54:19:ae:89:b9:47:b2:da:2b:0c:4c:a9:7f:
         3e:20:c1:4b:6a:77:07:3e:22:91:a8:1b:a9:8b:4b:ce:47:1f:
         68:be:7d:f9:5d:47:55:5e:df:fa:f4:67:39:ca:91:13:b9:24:
         e5:dc:3e:80:0d:f5:6b:e9:ec:11:d3:5c:e3:2d:32:ac:ef:b1:
         02:38:f5:65:72:e1:68:86:1e:8f:0d:4e:95:ef:0c:95:92:3a:
         7f:d5:32:a1:eb:e0:ff:dd:ce:89:29:80:77:3c:c4:55:0d:c9:
         b5:c9:ef:97:74:55:90:4b:97:a6:3e:c3:9a:98:2d:9a:b7:6d:
         de:0b:df:e2
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUCW7xg3ItoL4ALzVa+yDwk6jF1fIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDEwMDRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDk0Mjk0OWRmOTg1NGI0YmU0NmNkOWNkNTY1NmIzMmYwN2Q2ZTJhOTMwMjdh
MTM5NjVmNDU2MTMwMmUyMmQ5NDgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALcspiyLqziMI2Og0nWn3J8vO3QxuSlM49Jj4AnH+hiGLxKaIYcfTx0KGo+m
tpuCkLLyN169zWE21c7XxUGflrtiysCGT0KB2yps7L7mScZU2SmmgLBpWhRfbyda
9/bELvQ7NC3kgtkQQ2U9PwKZQs8PSx5ukOYHbQALQtQDC1TbRZW8pDoS0WDedBQT
ZFCo+eTOfi6bi+xh3m4O9s4Kqi9082Zp5Cb03CJ9E4R17jRkkg28GCv7CWyOfMvT
j4knE7mzKNEr9o/E0AM6U0NFY0PLMdrs7+P9nqjjTorawSzFiNEvrYwZbmvH/FRi
MpPg9lGaepmIR0kiPMOlVCE6k0sCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSJZ4s9
HDHHaJaz7exnixmBjnp+2jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NGViNjY4MTktZTMzNS00NDZkLThjYTgtNzQzNmYzY2QxOTZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBo9BgDAN
BgkqhkiG9w0BAQsFAAOCAQEAIw9KGoh/JeKASkPObJCNISs71GFT9LepFaG2Lt0H
4GyFufIcCW5QetMx2SoDNV1t6RyA4aWlZlLgRc8KU2dSiVCf95JYt98UDFacZ8ry
RLmvsggAUS69S5eA/NFG0ZmHOktJU4W0e9QbJDwvREPtCEjaSk8tpjqVd025IOdH
PUSnBM5UGa6JuUey2isMTKl/PiDBS2p3Bz4ikagbqYtLzkcfaL59+V1HVV7f+vRn
OcqRE7kk5dw+gA31a+nsEdNc4y0yrO+xAjj1ZXLhaIYejw1Ole8MlZI6f9Uyoevg
/93OiSmAdzzEVQ3Jtcnvl3RVkEuXpj7Dmpgtmrdt3gvf4g==
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:36:33 2025 by rpki-client