Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/81bd2649-ad60-4c6a-bdf9-7b775e3d060e.roa
File:                     81bd2649-ad60-4c6a-bdf9-7b775e3d060e.roa (raw, json)
Hash identifier:          rj4AUvBGfcqpoNPvMRizVN/H+rwU2IBQJmRQc+Yiu0M=
Subject key identifier:   5F:A4:96:C7:20:C9:72:AA:22:2C:6E:2D:EC:19:85:AD:56:AA:74:73
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       08492B5199AF1141777C720367443404E406C63E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/81bd2649-ad60-4c6a-bdf9-7b775e3d060e.roa
Signing time:             Mon 06 Oct 2025 18:10:33 +0000
ROA not before:           Mon 06 Oct 2025 18:10:33 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a01:578::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:49:2b:51:99:af:11:41:77:7c:72:03:67:44:34:04:e4:06:c6:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Oct  6 18:10:33 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=62890c9b135aba2fb125d661c561e79dff6e25d3b4e0c5366f4aff907c52c032, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:30:be:03:ff:00:0d:f7:b8:56:9a:68:af:79:
                    89:3d:d8:ef:3b:0e:cd:0e:67:dd:90:a4:77:5b:98:
                    12:12:a2:a7:b4:1c:cf:6d:2d:09:39:5b:cc:98:7f:
                    89:ef:82:34:5c:f6:cd:94:24:24:4a:53:46:be:b8:
                    dd:ac:20:51:66:74:8e:ff:9f:bd:0e:cc:51:a5:67:
                    4c:64:ee:a3:a9:d9:5c:ec:d3:cb:a1:ac:33:74:7e:
                    68:8a:fb:87:d2:41:a3:c2:72:c6:df:0b:31:81:43:
                    6e:4d:e2:db:ca:46:77:2a:a3:5b:2f:66:bb:6c:db:
                    12:94:b7:77:32:23:c6:c0:c6:3d:9b:1d:bd:d4:71:
                    05:95:7d:72:77:63:29:bd:75:00:a2:38:67:ab:11:
                    1c:76:b2:26:28:8a:01:ba:8e:02:8b:bd:b1:0f:e4:
                    eb:95:8d:0b:21:c7:6b:6c:ec:95:95:42:c4:a5:50:
                    e8:1b:08:d1:3b:08:e2:4a:de:b6:f3:dd:84:3a:75:
                    bc:31:30:b2:c1:b6:2c:5e:84:04:72:b2:77:29:e4:
                    96:28:c6:27:57:72:a8:8a:4b:40:1e:e5:8a:95:c3:
                    56:43:46:f4:73:79:4c:83:51:58:7d:e1:f2:a6:c7:
                    18:ff:ad:59:92:39:db:1d:70:5d:d6:a1:31:4d:65:
                    5d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:A4:96:C7:20:C9:72:AA:22:2C:6E:2D:EC:19:85:AD:56:AA:74:73
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/81bd2649-ad60-4c6a-bdf9-7b775e3d060e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578::/32

    Signature Algorithm: sha256WithRSAEncryption
         b1:be:d1:c1:e8:8c:b5:61:07:95:be:a6:aa:30:17:e5:8c:4f:
         9c:9a:4f:c5:91:bf:f8:26:22:91:f3:ef:1e:21:91:8d:ad:2b:
         f7:79:ac:04:39:dc:d9:cc:ad:5c:e9:30:72:b1:1d:d4:2d:6c:
         d7:f4:f0:18:2d:c4:8c:c3:74:b7:5f:ba:c6:43:6c:56:4b:34:
         7b:7c:93:f8:b3:2f:37:cb:71:ff:c8:48:b8:f1:21:28:c9:b2:
         9d:34:cd:0b:1d:a5:b1:95:5b:f3:f3:e9:53:4f:3c:5f:c9:b0:
         b2:be:c5:f6:e5:65:23:c8:e5:e4:23:5d:58:df:4c:c3:95:97:
         d8:a8:9e:a1:36:60:02:0a:f8:9c:b1:a2:d3:e6:9d:4f:46:ca:
         cf:ae:31:3e:7c:57:e6:eb:09:65:00:45:d6:e7:4e:cd:e2:16:
         88:b1:5d:b6:8d:7f:2f:6e:bc:ba:c9:87:18:67:e2:58:f9:7b:
         b4:4c:83:1e:85:59:97:86:dc:e2:d1:88:3d:5b:78:d5:f7:1f:
         1b:9a:4a:e2:e8:fe:78:66:35:01:69:6e:92:24:e1:9b:83:49:
         39:c4:2c:ab:65:cf:b9:cb:5c:12:3a:58:66:88:37:c2:b3:f0:
         14:98:87:c6:93:cd:c9:60:e3:74:c6:20:b4:95:57:48:74:93:
         44:ca:aa:6a
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUCEkrUZmvEUF3fHIDZ0Q0BOQGxj4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMDYxODEwMzNaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDYyODkwYzliMTM1YWJhMmZiMTI1ZDY2MWM1NjFlNzlkZmY2ZTI1ZDNiNGUw
YzUzNjZmNGFmZjkwN2M1MmMwMzIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANMwvgP/AA33uFaaaK95iT3Y7zsOzQ5n3ZCkd1uYEhKip7Qcz20tCTlbzJh/
ie+CNFz2zZQkJEpTRr643awgUWZ0jv+fvQ7MUaVnTGTuo6nZXOzTy6GsM3R+aIr7
h9JBo8Jyxt8LMYFDbk3i28pGdyqjWy9mu2zbEpS3dzIjxsDGPZsdvdRxBZV9cndj
Kb11AKI4Z6sRHHayJiiKAbqOAou9sQ/k65WNCyHHa2zslZVCxKVQ6BsI0TsI4kre
tvPdhDp1vDEwssG2LF6EBHKydynklijGJ1dyqIpLQB7lipXDVkNG9HN5TINRWH3h
8qbHGP+tWZI52x1wXdahMU1lXbUCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBRfpJbH
IMlyqiIsbi3sGYWtVqp0czAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODFiZDI2NDktYWQ2MC00YzZhLWJkZjktN2I3NzVlM2QwNjBlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoBBXgw
DQYJKoZIhvcNAQELBQADggEBALG+0cHojLVhB5W+pqowF+WMT5yaT8WRv/gmIpHz
7x4hkY2tK/d5rAQ53NnMrVzpMHKxHdQtbNf08BgtxIzDdLdfusZDbFZLNHt8k/iz
LzfLcf/ISLjxISjJsp00zQsdpbGVW/Pz6VNPPF/JsLK+xfblZSPI5eQjXVjfTMOV
l9ionqE2YAIK+JyxotPmnU9Gys+uMT58V+brCWUARdbnTs3iFoixXbaNfy9uvLrJ
hxhn4lj5e7RMgx6FWZeG3OLRiD1beNX3HxuaSuLo/nhmNQFpbpIk4ZuDSTnELKtl
z7nLXBI6WGaIN8Kz8BSYh8aTzclg43TGILSVV0h0k0TKqmo=
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:53:28 2025 by rpki-client