Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/695716ab-c4db-435d-95fe-4143be62030e.roa
File:                     695716ab-c4db-435d-95fe-4143be62030e.roa (raw, json)
Hash identifier:          u/cfidwiXMaBQnBsyBudmeXMb6gpARd3pPSWS9UYvLA=
Subject key identifier:   97:F7:E2:2B:9E:72:2B:AC:D5:2C:5A:20:F4:BC:A0:D0:53:94:C8:4B
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       0DDB59E6E041A64D8F60AD39B6B2462DD2D22964
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/695716ab-c4db-435d-95fe-4143be62030e.roa
Signing time:             Sat 27 Sep 2025 00:52:26 +0000
ROA not before:           Sat 27 Sep 2025 00:52:26 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        139.79.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:db:59:e6:e0:41:a6:4d:8f:60:ad:39:b6:b2:46:2d:d2:d2:29:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 27 00:52:26 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=8473283b379ce1d2120bc5034ebaeb9cc54e8f6c2dee7f154edc309050ab887a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ef:e0:72:cb:2b:60:a0:cd:7c:f7:f8:1a:6c:
                    cb:11:c8:a3:34:28:35:cc:e1:e0:09:d4:ca:db:2f:
                    17:10:53:7c:a8:cc:bd:fd:a4:00:4f:71:87:be:78:
                    63:28:0e:ad:fb:36:e6:3f:2a:5d:d6:b1:b2:50:28:
                    18:04:ff:8e:f8:5f:b8:76:2f:f3:b6:e9:d0:45:28:
                    fa:9d:22:ea:14:95:d0:a5:61:22:c9:b2:36:ec:0b:
                    b9:a9:86:7e:e7:de:15:db:8f:1c:91:dd:4e:9c:7f:
                    e3:ea:70:24:1b:c3:41:46:51:df:8d:e9:01:30:eb:
                    63:87:cc:e6:35:33:00:34:dc:3d:df:de:eb:bd:01:
                    81:e2:8c:3f:86:a1:83:5b:3a:77:05:c1:77:ba:ab:
                    6e:16:68:09:84:45:4f:af:e6:1c:53:25:9e:75:ca:
                    35:77:6f:d6:aa:44:20:0b:c4:16:b7:63:9f:94:ad:
                    4e:8c:e5:5a:b8:8e:ae:09:fc:fd:cf:ad:da:8e:ae:
                    54:e2:61:3f:7d:d9:0a:c2:cb:6e:a3:b0:c7:a8:98:
                    2d:a7:1f:2d:63:18:4b:b5:cf:1a:f3:a0:49:4f:f8:
                    81:dc:f9:ee:6c:93:c7:e9:67:df:66:b0:1f:be:79:
                    1e:5a:a5:26:22:0c:98:b5:dc:5c:32:6a:ca:c1:99:
                    f7:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:F7:E2:2B:9E:72:2B:AC:D5:2C:5A:20:F4:BC:A0:D0:53:94:C8:4B
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/695716ab-c4db-435d-95fe-4143be62030e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.79.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3a:cb:a3:1d:7d:02:c4:d2:5c:3e:2b:19:7c:7f:fb:47:5a:24:
         24:68:9b:a7:3f:aa:64:38:d6:80:47:fc:29:41:59:e1:ab:00:
         3b:b0:d5:a3:86:14:db:c2:2b:e0:fa:0c:76:77:79:2c:04:15:
         f5:d8:6d:09:62:c9:4e:a6:5c:ab:7d:ad:43:27:4a:43:72:e9:
         e2:82:c9:b5:fc:2b:48:aa:e1:af:d9:b4:f6:8a:02:b8:9d:d3:
         dd:13:ac:e3:da:ce:80:6a:48:84:bc:a4:c8:b8:79:a5:63:75:
         9c:a3:0c:19:91:32:50:91:c5:50:22:1b:76:b9:b3:63:37:ee:
         fe:c5:51:4a:2a:fa:78:47:cf:fa:61:99:1c:c5:fa:27:f7:cb:
         9e:11:2a:58:d6:bc:bd:84:4d:23:2e:ab:d5:34:8f:fe:9b:0e:
         46:35:18:16:a3:25:d6:1c:cd:be:53:0f:ae:e6:a7:19:e1:95:
         8d:75:6f:2b:2d:5c:89:30:5d:8f:d2:9c:6d:cc:98:87:17:bc:
         ec:b8:44:30:c5:64:e6:1d:6f:ea:b1:32:6c:2b:4f:04:8c:90:
         78:f4:b6:f7:8b:8e:18:e1:2e:4c:c4:5e:ab:85:1f:22:63:e6:
         2b:7a:d1:4c:a3:10:e0:0e:bd:dd:8b:53:f0:a1:58:7a:f4:b6:
         2d:91:f7:e8
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUDdtZ5uBBpk2PYK05trJGLdLSKWQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjcwMDUyMjZaFw0yNTExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQDg0NzMyODNiMzc5Y2UxZDIxMjBiYzUwMzRlYmFlYjljYzU0ZThmNmMyZGVl
N2YxNTRlZGMzMDkwNTBhYjg4N2ExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK3v4HLLK2CgzXz3+BpsyxHIozQoNczh4AnUytsvFxBTfKjMvf2kAE9xh754
YygOrfs25j8qXdaxslAoGAT/jvhfuHYv87bp0EUo+p0i6hSV0KVhIsmyNuwLuamG
fufeFduPHJHdTpx/4+pwJBvDQUZR343pATDrY4fM5jUzADTcPd/e670BgeKMP4ah
g1s6dwXBd7qrbhZoCYRFT6/mHFMlnnXKNXdv1qpEIAvEFrdjn5StTozlWriOrgn8
/c+t2o6uVOJhP33ZCsLLbqOwx6iYLacfLWMYS7XPGvOgSU/4gdz57myTx+ln32aw
H755HlqlJiIMmLXcXDJqysGZ96sCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSX9+Ir
nnIrrNUsWiD0vKDQU5TISzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njk1NzE2YWItYzRkYi00MzVkLTk1ZmUtNDE0M2JlNjIwMzBlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAItPMA0G
CSqGSIb3DQEBCwUAA4IBAQA6y6MdfQLE0lw+Kxl8f/tHWiQkaJunP6pkONaAR/wp
QVnhqwA7sNWjhhTbwivg+gx2d3ksBBX12G0JYslOplyrfa1DJ0pDcunigsm1/CtI
quGv2bT2igK4ndPdE6zj2s6AakiEvKTIuHmlY3WcowwZkTJQkcVQIht2ubNjN+7+
xVFKKvp4R8/6YZkcxfon98ueESpY1ry9hE0jLqvVNI/+mw5GNRgWoyXWHM2+Uw+u
5qcZ4ZWNdW8rLVyJMF2P0pxtzJiHF7zsuEQwxWTmHW/qsTJsK08EjJB49Lb3i44Y
4S5MxF6rhR8iY+YretFMoxDgDr3di1PwoVh69LYtkffo
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:34:39 2025 by rpki-client