Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/87cbc454-e777-437d-a43a-911995d2a7ce.roa
File:                     87cbc454-e777-437d-a43a-911995d2a7ce.roa (raw, json)
Hash identifier:          hVGbbtYr9KHbjZw7qPyILM3XHsoHBiU/5dUGn0m0GKQ=
Subject key identifier:   81:36:77:86:F0:3F:99:F0:51:87:0F:60:28:FC:21:AC:BB:BE:67:A6
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6B1DD67E5E7ACB95C0178194C7BDCBC5E51C0DEE
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/87cbc454-e777-437d-a43a-911995d2a7ce.roa
Signing time:             Mon 29 Sep 2025 15:40:08 +0000
ROA not before:           Mon 29 Sep 2025 15:40:08 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.21.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:1d:d6:7e:5e:7a:cb:95:c0:17:81:94:c7:bd:cb:c5:e5:1c:0d:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 29 15:40:08 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=3f4a573a3ac52c59a5cb8e4035bca406e65dd985456f0cc6d82e6c378db3ea94, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:31:44:8f:dd:5a:cd:cb:02:55:b1:9d:c9:79:
                    01:90:8a:72:ce:2d:dc:2b:98:64:63:c7:86:e8:2e:
                    39:30:98:a7:d8:57:9a:f0:12:1b:d3:38:76:db:11:
                    90:4e:ee:db:f4:be:a0:d7:ca:3e:b5:2a:63:46:d2:
                    78:b2:22:90:3b:98:72:84:02:fe:f3:85:c2:59:42:
                    82:14:02:92:7b:34:f0:62:ad:75:1a:bb:d4:09:bd:
                    28:f6:b4:ea:45:4b:e2:3e:2f:25:16:a8:d8:8a:ec:
                    5f:ad:ce:16:90:7f:e4:6f:0c:ca:c3:57:c0:9e:39:
                    3e:83:d5:bb:ce:af:05:ee:01:53:1b:80:e0:64:b2:
                    2a:14:68:27:a8:a1:c2:90:9a:00:59:98:ae:86:24:
                    71:20:51:cd:fa:1a:90:a8:09:5c:73:28:2c:a3:b5:
                    b3:20:81:b5:b5:8c:30:43:89:18:85:96:72:60:8c:
                    89:ea:58:81:9d:b6:f8:1b:d8:fd:48:ea:70:9d:9d:
                    b2:c4:c9:4c:41:d7:6e:b0:ce:5c:33:c5:4b:98:2c:
                    de:52:68:87:af:5a:da:51:ca:d8:a9:ab:de:37:9e:
                    e4:4e:6d:ac:3b:26:cc:fd:86:f6:df:c7:99:ea:12:
                    9f:c9:97:78:cf:5f:62:72:af:09:04:77:29:de:00:
                    f9:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:36:77:86:F0:3F:99:F0:51:87:0F:60:28:FC:21:AC:BB:BE:67:A6
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/87cbc454-e777-437d-a43a-911995d2a7ce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.21.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c8:59:b0:7e:f2:82:f7:98:bc:7e:c9:a5:75:21:7b:ab:36:7f:
         0c:27:22:f3:9e:09:fc:c5:f5:2b:c3:7c:01:9b:a6:f7:9f:a0:
         9b:10:5f:11:db:34:8d:6e:2a:2b:c7:61:61:fc:0e:6d:45:f3:
         19:d8:d7:83:53:02:d4:fd:c4:c7:22:68:b2:59:ff:f2:55:c7:
         ee:13:52:ac:2a:9f:0c:10:ef:80:a1:70:4b:53:5f:8c:a9:fb:
         67:f7:f9:53:e9:41:8d:07:07:6c:37:82:df:14:2b:93:c6:6e:
         22:c8:8f:81:1f:9a:3b:44:a1:cf:2d:4b:5a:63:b2:31:6a:7b:
         4a:6f:01:d6:bb:a1:c8:49:cc:34:b5:73:c8:f6:d1:d8:39:aa:
         fe:03:69:a1:eb:9b:d3:53:52:76:f7:9a:9f:1a:ac:c7:35:be:
         5a:02:aa:fc:ef:7e:00:56:10:33:81:40:45:50:93:bc:6e:60:
         df:5b:23:10:10:74:17:2d:86:ca:9f:70:d0:12:e8:f5:ec:39:
         05:c7:6c:55:e2:2b:36:6d:00:3c:ce:06:33:eb:ef:33:2f:21:
         79:13:86:9d:d6:99:1a:12:ee:d7:ff:05:03:7b:3d:2d:1f:b9:
         2f:96:ea:00:d3:b1:ca:a6:69:14:ea:86:c7:1e:5e:8c:23:5f:
         e1:5d:1d:81
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUax3Wfl56y5XAF4GUx73LxeUcDe4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjkxNTQwMDhaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDNmNGE1NzNhM2FjNTJjNTlhNWNiOGU0MDM1YmNhNDA2ZTY1ZGQ5ODU0NTZm
MGNjNmQ4MmU2YzM3OGRiM2VhOTQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKMxRI/dWs3LAlWxncl5AZCKcs4t3CuYZGPHhuguOTCYp9hXmvASG9M4dtsR
kE7u2/S+oNfKPrUqY0bSeLIikDuYcoQC/vOFwllCghQCkns08GKtdRq71Am9KPa0
6kVL4j4vJRao2IrsX63OFpB/5G8MysNXwJ45PoPVu86vBe4BUxuA4GSyKhRoJ6ih
wpCaAFmYroYkcSBRzfoakKgJXHMoLKO1syCBtbWMMEOJGIWWcmCMiepYgZ22+BvY
/UjqcJ2dssTJTEHXbrDOXDPFS5gs3lJoh69a2lHK2Kmr3jee5E5trDsmzP2G9t/H
meoSn8mXeM9fYnKvCQR3Kd4A+VUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSBNneG
8D+Z8FGHD2Ao/CGsu75npjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODdjYmM0NTQtZTc3Ny00MzdkLWE0M2EtOTExOTk1ZDJhN2NlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMVMA0G
CSqGSIb3DQEBCwUAA4IBAQDIWbB+8oL3mLx+yaV1IXurNn8MJyLzngn8xfUrw3wB
m6b3n6CbEF8R2zSNbiorx2Fh/A5tRfMZ2NeDUwLU/cTHImiyWf/yVcfuE1KsKp8M
EO+AoXBLU1+Mqftn9/lT6UGNBwdsN4LfFCuTxm4iyI+BH5o7RKHPLUtaY7IxantK
bwHWu6HIScw0tXPI9tHYOar+A2mh65vTU1J295qfGqzHNb5aAqr8734AVhAzgUBF
UJO8bmDfWyMQEHQXLYbKn3DQEuj17DkFx2xV4is2bQA8zgYz6+8zLyF5E4ad1pka
Eu7X/wUDez0tH7kvluoA07HKpmkU6obHHl6MI1/hXR2B
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:54:37 2025 by rpki-client