Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7b957dae-110a-40bf-9710-191cf24c9e94.roa
File:                     7b957dae-110a-40bf-9710-191cf24c9e94.roa (raw, json)
Hash identifier:          zZ+tmXMqnEMkoM7gJu0u9YIqDEplJJ+uluHI+JstAo4=
Subject key identifier:   FB:6F:B2:A3:9B:3F:4F:A3:77:3B:E7:CF:51:9A:3C:2E:F6:D9:9F:CD
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5DB6EB59D4BDB50552575924ABBD35384B4AC355
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7b957dae-110a-40bf-9710-191cf24c9e94.roa
Signing time:             Sat 27 Sep 2025 00:52:34 +0000
ROA not before:           Sat 27 Sep 2025 00:52:34 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.0.96.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:b6:eb:59:d4:bd:b5:05:52:57:59:24:ab:bd:35:38:4b:4a:c3:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 27 00:52:34 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=4ef8f35ddb8123442794c710e87a975681afaf947e102e0c63c4c0a46d50912d, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d3:00:8f:0c:07:fd:6f:54:f9:cd:8a:0e:0a:
                    42:a4:0f:03:17:5a:74:dc:92:1a:fd:a3:48:76:33:
                    c0:4c:f7:98:64:a6:7e:f5:af:4e:50:38:1c:e9:71:
                    e6:44:94:02:14:06:10:a7:02:21:05:97:60:a0:85:
                    cd:81:a3:a4:2b:73:97:e4:ea:3c:62:77:3f:0c:44:
                    9a:1e:24:2e:ee:a1:23:7b:e9:23:a9:ce:0f:07:48:
                    7f:dd:0d:6d:2e:18:20:9b:d8:3e:e0:7a:d5:9f:9b:
                    31:70:0a:de:88:9b:1f:68:74:71:b0:00:d6:3c:a5:
                    99:ec:bb:da:89:a7:06:d4:4c:b3:20:00:50:d5:e4:
                    90:06:c7:f2:60:f6:92:ed:d8:75:af:44:f0:a8:7c:
                    ff:a1:aa:4a:02:7c:f5:b0:21:1d:ba:5c:ea:b7:c3:
                    4e:ac:17:26:2d:a5:be:93:b4:f1:4d:d5:d4:01:6f:
                    d7:cf:50:13:93:8d:ac:31:0a:de:b4:10:7a:18:aa:
                    d6:9a:17:ed:7b:41:aa:a5:78:6d:13:f6:8b:be:76:
                    aa:94:c9:75:bf:f1:29:d0:12:cb:22:0b:9e:3a:06:
                    87:80:f6:7f:d5:60:c2:96:3c:8b:9e:10:e5:91:b5:
                    4d:b6:23:58:19:de:b6:31:42:2c:a3:f6:3f:ea:00:
                    a1:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:6F:B2:A3:9B:3F:4F:A3:77:3B:E7:CF:51:9A:3C:2E:F6:D9:9F:CD
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7b957dae-110a-40bf-9710-191cf24c9e94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.0.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ce:e4:9d:0a:b9:4f:51:bb:b0:4a:94:14:15:14:cc:31:e8:3a:
         e2:1b:88:b8:50:3e:31:89:24:7c:18:bb:a4:e8:f6:71:b9:4e:
         0b:ab:5d:c0:62:eb:38:f5:b8:4b:4b:9c:f0:78:5a:17:42:e6:
         67:85:27:d3:22:a3:91:62:e4:13:22:9b:12:39:09:6d:c0:f3:
         e7:62:78:02:0d:6d:66:8b:ad:a5:0d:02:63:c2:c7:a0:77:17:
         81:2b:b7:fa:78:1c:a4:dc:de:fe:87:ee:02:86:9a:2d:bd:aa:
         1d:e3:9e:ae:68:ef:5e:ca:49:06:ce:6b:37:ab:78:9a:2a:1c:
         35:7b:8d:5f:cb:aa:ce:df:90:27:9b:54:a4:3f:3a:03:a2:2f:
         b3:a0:b6:a4:c5:f7:a7:3d:a3:e3:cf:88:64:dc:df:e5:57:84:
         5b:80:2e:24:ea:9f:6a:23:84:fb:de:f8:97:24:83:c2:f0:98:
         29:ba:28:bb:6a:dc:e8:33:3b:3b:84:8b:e7:57:71:69:a1:ac:
         95:3c:96:07:62:1b:61:51:ee:d5:bb:75:9e:c0:88:8b:f5:13:
         3c:48:2d:8f:2e:b8:6c:48:e5:6a:89:ff:77:e4:d3:c9:41:6d:
         70:fb:a3:c4:cd:0f:98:32:ba:77:9f:94:74:05:13:2d:6b:0b:
         f9:56:f5:44
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUXbbrWdS9tQVSV1kkq701OEtKw1UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjcwMDUyMzRaFw0yNTExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQDRlZjhmMzVkZGI4MTIzNDQyNzk0YzcxMGU4N2E5NzU2ODFhZmFmOTQ3ZTEw
MmUwYzYzYzRjMGE0NmQ1MDkxMmQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANTTAI8MB/1vVPnNig4KQqQPAxdadNySGv2jSHYzwEz3mGSmfvWvTlA4HOlx
5kSUAhQGEKcCIQWXYKCFzYGjpCtzl+TqPGJ3PwxEmh4kLu6hI3vpI6nODwdIf90N
bS4YIJvYPuB61Z+bMXAK3oibH2h0cbAA1jylmey72omnBtRMsyAAUNXkkAbH8mD2
ku3Yda9E8Kh8/6GqSgJ89bAhHbpc6rfDTqwXJi2lvpO08U3V1AFv189QE5ONrDEK
3rQQehiq1poX7XtBqqV4bRP2i752qpTJdb/xKdASyyILnjoGh4D2f9VgwpY8i54Q
5ZG1TbYjWBnetjFCLKP2P+oAod0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBT7b7Kj
mz9Po3c7589Rmjwu9tmfzTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
N2I5NTdkYWUtMTEwYS00MGJmLTk3MTAtMTkxY2YyNGM5ZTk0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAYDAN
BgkqhkiG9w0BAQsFAAOCAQEAzuSdCrlPUbuwSpQUFRTMMeg64huIuFA+MYkkfBi7
pOj2cblOC6tdwGLrOPW4S0uc8HhaF0LmZ4Un0yKjkWLkEyKbEjkJbcDz52J4Ag1t
ZoutpQ0CY8LHoHcXgSu3+ngcpNze/ofuAoaaLb2qHeOermjvXspJBs5rN6t4mioc
NXuNX8uqzt+QJ5tUpD86A6Ivs6C2pMX3pz2j48+IZNzf5VeEW4AuJOqfaiOE+974
lySDwvCYKboou2rc6DM7O4SL51dxaaGslTyWB2IbYVHu1bt1nsCIi/UTPEgtjy64
bEjlaon/d+TTyUFtcPujxM0PmDK6d5+UdAUTLWsL+Vb1RA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:54:16 2025 by rpki-client