Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/709c8cf6-9d5d-47d6-8b70-40eff8390658.roa
File:                     709c8cf6-9d5d-47d6-8b70-40eff8390658.roa (raw, json)
Hash identifier:          Z6La0XYk6LlkLJYA8h31B3EfMVmJBWWv+M0pkTOz14Q=
Subject key identifier:   20:B0:74:78:9A:42:40:AE:78:1D:B1:1C:A9:6D:82:77:D8:CA:E2:6F
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       060F6B94F77562FFB615CCE3C72756C1DF554EF7
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/709c8cf6-9d5d-47d6-8b70-40eff8390658.roa
Signing time:             Fri 26 Sep 2025 20:20:47 +0000
ROA not before:           Fri 26 Sep 2025 20:20:47 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.220.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:0f:6b:94:f7:75:62:ff:b6:15:cc:e3:c7:27:56:c1:df:55:4e:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 26 20:20:47 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=dcb13a44e77fb7bbb783bba06747750f17d2d8db79f89a7dbd3a6a551f88361f, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ff:5a:40:c3:53:ff:da:3e:5d:cb:29:6f:8c:
                    55:3b:a9:44:bc:c3:47:72:4d:fc:e2:c7:59:78:e2:
                    1f:da:5d:9b:b4:8c:a2:96:18:6d:de:50:fd:a3:dc:
                    d6:6d:ac:c2:19:2d:8d:c8:05:e1:35:1b:e8:0b:6d:
                    97:0a:fe:ee:d1:4d:34:85:55:cd:59:a9:b5:dd:f8:
                    a6:c4:e1:d0:bf:98:73:3b:26:32:64:78:ba:93:0c:
                    d5:9a:40:ec:cc:d1:21:2e:36:44:a5:2c:c8:8e:2c:
                    26:1d:fe:2f:12:ce:5b:ab:be:66:10:71:c0:fb:47:
                    63:d1:9b:6c:51:1f:d2:00:4d:9e:2c:46:95:28:db:
                    37:9f:95:f3:c5:a8:38:64:54:f5:9a:51:ce:71:c2:
                    0a:2a:c9:fa:78:35:69:62:42:68:ae:e5:81:3e:5e:
                    f5:c8:3c:06:19:e1:31:26:4a:9d:96:31:da:0d:f6:
                    ef:e2:b1:ca:36:ba:44:e7:87:3d:4e:cf:f3:82:90:
                    fd:ab:90:86:6d:38:80:36:01:a7:e7:dc:48:f0:52:
                    19:98:62:a4:b5:4f:58:da:59:a4:dd:09:01:c4:6c:
                    07:b6:34:f5:3b:fb:89:d1:56:c7:a5:74:08:8e:8e:
                    97:15:29:ab:df:66:aa:24:90:f7:b2:60:4b:e3:54:
                    4f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:B0:74:78:9A:42:40:AE:78:1D:B1:1C:A9:6D:82:77:D8:CA:E2:6F
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/709c8cf6-9d5d-47d6-8b70-40eff8390658.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.220.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         2e:e4:8f:6c:2e:4d:ff:1c:06:50:06:21:57:01:91:7a:aa:ee:
         c0:60:2f:2e:70:08:25:4f:7b:a8:f1:eb:7c:4a:75:01:99:aa:
         6e:d8:53:46:0b:e1:0b:16:33:73:f4:88:f7:ea:53:a3:d5:34:
         2a:d8:36:1e:38:4f:c3:b6:79:e6:76:41:0c:76:61:d8:7d:07:
         ec:e9:af:0c:10:14:7a:fc:ec:ea:7d:eb:c0:2a:fd:9e:fd:d4:
         c5:f0:ae:47:60:18:fc:a4:44:f6:b1:25:2c:de:9e:73:5e:82:
         17:0c:a7:f4:7d:6e:de:33:1b:6c:87:90:a2:eb:b9:1b:3c:e8:
         55:f4:90:08:61:d1:59:60:f3:f0:f1:82:5d:29:14:dd:05:aa:
         bc:ae:c5:94:10:f7:3a:4f:2e:28:d3:12:1a:75:3f:1a:a2:8a:
         7e:a1:de:84:eb:44:4c:89:24:94:1c:b6:07:f3:1c:f4:87:f5:
         0d:ad:6d:af:65:da:18:ab:27:58:c0:26:07:a5:25:8b:0c:74:
         1a:9b:b5:78:c6:9b:52:f2:dc:67:b7:2f:f6:6f:c8:e7:69:24:
         1e:85:ae:2e:6f:e8:ac:b1:72:e3:7b:f2:3f:27:88:2e:49:b6:
         d2:65:8f:d3:60:b1:3a:69:1f:a6:79:53:56:a7:2b:a1:9f:44:
         b5:29:11:80
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUBg9rlPd1Yv+2FczjxydWwd9VTvcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDIwNDdaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGRjYjEzYTQ0ZTc3ZmI3YmJiNzgzYmJhMDY3NDc3NTBmMTdkMmQ4ZGI3OWY4
OWE3ZGJkM2E2YTU1MWY4ODM2MWYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL//WkDDU//aPl3LKW+MVTupRLzDR3JN/OLHWXjiH9pdm7SMopYYbd5Q/aPc
1m2swhktjcgF4TUb6Attlwr+7tFNNIVVzVmptd34psTh0L+YczsmMmR4upMM1ZpA
7MzRIS42RKUsyI4sJh3+LxLOW6u+ZhBxwPtHY9GbbFEf0gBNnixGlSjbN5+V88Wo
OGRU9ZpRznHCCirJ+ng1aWJCaK7lgT5e9cg8BhnhMSZKnZYx2g327+Kxyja6ROeH
PU7P84KQ/auQhm04gDYBp+fcSPBSGZhipLVPWNpZpN0JAcRsB7Y09Tv7idFWx6V0
CI6OlxUpq99mqiSQ97JgS+NUTxUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQgsHR4
mkJArngdsRypbYJ32MribzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NzA5YzhjZjYtOWQ1ZC00N2Q2LThiNzAtNDBlZmY4MzkwNjU4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPcMA0G
CSqGSIb3DQEBCwUAA4IBAQAu5I9sLk3/HAZQBiFXAZF6qu7AYC8ucAglT3uo8et8
SnUBmapu2FNGC+ELFjNz9Ij36lOj1TQq2DYeOE/DtnnmdkEMdmHYfQfs6a8MEBR6
/OzqfevAKv2e/dTF8K5HYBj8pET2sSUs3p5zXoIXDKf0fW7eMxtsh5Ci67kbPOhV
9JAIYdFZYPPw8YJdKRTdBaq8rsWUEPc6Ty4o0xIadT8aoop+od6E60RMiSSUHLYH
8xz0h/UNrW2vZdoYqydYwCYHpSWLDHQam7V4xptS8txnty/2b8jnaSQeha4ub+is
sXLje/I/J4guSbbSZY/TYLE6aR+meVNWpyuhn0S1KRGA
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:06:37 2025 by rpki-client