Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/97585122-fbed-4029-849a-162097054103.roa
File:                     97585122-fbed-4029-849a-162097054103.roa (raw, json)
Hash identifier:          xFKLbOitczw2dGXj+DqCqnEZFFb+DkG03Ath7gOKPJs=
Subject key identifier:   9E:F9:15:BA:9A:3B:00:E5:03:4D:6A:28:C9:8D:18:E6:CA:0C:3E:6D
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       035B727D14B4671A1FDE1C3CFC3A6AA69FA7E417
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/97585122-fbed-4029-849a-162097054103.roa
Signing time:             Mon 06 Oct 2025 18:10:37 +0000
ROA not before:           Mon 06 Oct 2025 18:10:37 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.72.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:5b:72:7d:14:b4:67:1a:1f:de:1c:3c:fc:3a:6a:a6:9f:a7:e4:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Oct  6 18:10:37 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=a9c3aa3307cc89b887e62455631cfc0b8e246ea2392b6f9112ccc893959cec85, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:fb:4a:75:20:df:55:87:db:1c:15:da:51:b3:
                    c9:c4:ea:1d:a0:f5:30:2b:24:73:8d:d4:fb:e4:d4:
                    f6:76:96:61:e7:8a:b1:be:09:b0:26:82:d9:77:b7:
                    b7:78:53:a7:50:6d:60:cc:a3:71:9b:c9:20:0f:c8:
                    d2:13:43:5e:07:b7:10:38:d3:b6:f9:ce:94:52:8b:
                    dc:f1:db:49:32:6a:5b:a6:29:d6:a3:20:7f:aa:cc:
                    cc:36:a5:d0:e6:3d:a1:1f:9b:b5:a8:6f:aa:88:a3:
                    b9:d3:f8:bc:ae:43:38:dd:0b:75:9a:5d:46:f6:04:
                    78:34:84:ef:4c:0a:fe:5e:d8:77:3c:81:7a:7c:d9:
                    bf:12:20:66:93:bd:c7:11:f4:06:72:ed:15:71:dc:
                    cd:05:87:10:87:cb:95:03:f1:7c:88:35:83:2f:99:
                    a9:8c:50:f6:a5:84:d2:8e:b8:b4:c0:95:f4:cc:60:
                    0a:25:e8:23:89:b1:f5:cf:74:49:42:13:87:31:27:
                    5f:a8:71:5c:10:18:16:c2:9b:45:bc:8c:f8:84:e4:
                    bd:65:86:8c:bc:5b:3a:9f:89:16:aa:4c:03:51:f9:
                    b2:fe:68:f1:ee:6a:57:15:1a:93:1c:b9:80:d8:1b:
                    eb:70:8d:59:ef:4b:f4:cd:99:0c:15:c6:69:0f:ec:
                    26:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:F9:15:BA:9A:3B:00:E5:03:4D:6A:28:C9:8D:18:E6:CA:0C:3E:6D
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/97585122-fbed-4029-849a-162097054103.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.72.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         a7:3a:5f:b8:c7:20:df:4d:f4:e6:17:b2:40:34:d9:71:04:d7:
         ba:30:20:c4:36:e9:c4:cd:f4:dc:f8:b0:4e:ff:98:b4:93:b0:
         4d:bb:77:53:de:bd:2a:9e:5a:73:87:a2:4c:58:94:be:a9:e2:
         52:54:13:e1:20:e1:46:53:e5:bf:90:e8:48:57:48:79:d5:61:
         42:94:91:c7:bf:74:1e:92:5e:c8:69:03:d5:d9:c6:5b:1e:89:
         49:9e:12:23:d9:72:75:59:9a:b2:45:62:6c:c1:97:af:83:c6:
         bb:f8:18:53:82:1c:97:64:f7:26:61:bc:f1:84:9e:e6:ed:45:
         02:a6:6d:33:53:bc:a1:57:b4:59:97:36:c3:85:b2:90:66:8d:
         ea:ed:aa:5c:ba:47:8e:ef:42:e5:19:f1:0d:d5:5b:e7:99:fd:
         88:41:82:1e:88:bc:35:f6:40:93:11:1a:c5:32:70:fb:7f:97:
         9f:b9:11:19:75:d2:a0:2c:b9:8d:78:de:56:5f:a2:e4:5b:6c:
         c1:a3:af:65:35:52:76:c2:93:a2:b5:0f:47:26:9a:ed:f9:c7:
         ee:f3:04:e1:63:ad:ce:ef:c5:18:bb:7c:2e:3b:bf:8a:1c:9c:
         cf:19:e9:bf:73:06:58:76:5b:c5:93:af:31:0d:e4:9f:5c:f5:
         8a:31:94:cc
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUA1tyfRS0Zxof3hw8/Dpqpp+n5BcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMDYxODEwMzdaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGE5YzNhYTMzMDdjYzg5Yjg4N2U2MjQ1NTYzMWNmYzBiOGUyNDZlYTIzOTJi
NmY5MTEyY2NjODkzOTU5Y2VjODUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL/7SnUg31WH2xwV2lGzycTqHaD1MCskc43U++TU9naWYeeKsb4JsCaC2Xe3
t3hTp1BtYMyjcZvJIA/I0hNDXge3EDjTtvnOlFKL3PHbSTJqW6Yp1qMgf6rMzDal
0OY9oR+btahvqoijudP4vK5DON0LdZpdRvYEeDSE70wK/l7YdzyBenzZvxIgZpO9
xxH0BnLtFXHczQWHEIfLlQPxfIg1gy+ZqYxQ9qWE0o64tMCV9MxgCiXoI4mx9c90
SUIThzEnX6hxXBAYFsKbRbyM+ITkvWWGjLxbOp+JFqpMA1H5sv5o8e5qVxUakxy5
gNgb63CNWe9L9M2ZDBXGaQ/sJgcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSe+RW6
mjsA5QNNaijJjRjmygw+bTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTc1ODUxMjItZmJlZC00MDI5LTg0OWEtMTYyMDk3MDU0MTAzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNIMA0G
CSqGSIb3DQEBCwUAA4IBAQCnOl+4xyDfTfTmF7JANNlxBNe6MCDENunEzfTc+LBO
/5i0k7BNu3dT3r0qnlpzh6JMWJS+qeJSVBPhIOFGU+W/kOhIV0h51WFClJHHv3Qe
kl7IaQPV2cZbHolJnhIj2XJ1WZqyRWJswZevg8a7+BhTghyXZPcmYbzxhJ7m7UUC
pm0zU7yhV7RZlzbDhbKQZo3q7apcukeO70LlGfEN1Vvnmf2IQYIeiLw19kCTERrF
MnD7f5efuREZddKgLLmNeN5WX6LkW2zBo69lNVJ2wpOitQ9HJprt+cfu8wThY63O
78UYu3wuO7+KHJzPGem/cwZYdlvFk68xDeSfXPWKMZTM
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:06:49 2025 by rpki-client