Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b41fa9b7-d736-4d41-9fc2-9feda5a87248.roa
File:                     b41fa9b7-d736-4d41-9fc2-9feda5a87248.roa (raw, json)
Hash identifier:          LM6GjJ3VvpKcNR+mgpeCK0fArPtTF6IcbPkrDmSehts=
Subject key identifier:   22:3D:DB:CE:B9:C8:F7:32:69:B2:16:31:03:E9:30:CA:18:44:01:51
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       4B2BEE82D7AFC793D5DB1867F2D72FDF4C118120
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b41fa9b7-d736-4d41-9fc2-9feda5a87248.roa
Signing time:             Sat 27 Sep 2025 00:52:45 +0000
ROA not before:           Sat 27 Sep 2025 00:52:45 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.16.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:2b:ee:82:d7:af:c7:93:d5:db:18:67:f2:d7:2f:df:4c:11:81:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 27 00:52:45 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=3ccf9b58daa762cdcba76d3f42b02739fe71b1f49ca583a8761b037f39605e22, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:fa:f8:49:6e:13:3c:d9:a3:64:60:e4:a3:66:
                    ee:29:6a:1a:28:cb:41:fc:2d:95:2b:2f:65:7a:2e:
                    3a:3d:80:84:ab:2a:88:79:98:c6:06:dd:93:98:03:
                    f0:48:07:ac:dc:71:c0:e1:e5:2a:e4:8f:41:71:db:
                    12:7e:54:6a:f9:67:71:93:09:67:d0:5f:6a:26:c2:
                    c6:79:c4:44:88:8e:4d:1b:43:bf:dc:00:42:9b:6f:
                    54:92:9e:02:72:ad:78:f8:04:e6:e1:8e:19:88:54:
                    e2:0a:e4:cc:52:b6:16:c3:76:4f:9c:dc:66:5f:31:
                    09:cb:9b:4d:9b:c4:02:f1:11:65:a5:69:bb:83:cb:
                    3f:fe:58:06:f0:70:1a:f1:a1:40:44:7d:23:55:91:
                    bb:ad:04:7b:37:72:2f:50:b1:96:0f:47:fb:24:3e:
                    6a:37:03:47:ec:16:49:1f:69:59:bf:a9:9d:33:41:
                    5d:e4:8d:f7:74:7e:5b:a7:0c:d0:97:7b:39:2e:a5:
                    f7:63:4a:78:12:f7:df:d8:eb:5d:86:e0:a3:a9:b9:
                    55:53:ef:eb:51:69:d1:3d:fd:53:67:31:3f:c3:00:
                    02:d1:c5:7a:2a:8d:8d:e8:0e:97:dd:36:d4:f6:8f:
                    d5:46:29:6f:d9:df:ea:3c:8f:0c:2e:35:24:00:c5:
                    b8:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:3D:DB:CE:B9:C8:F7:32:69:B2:16:31:03:E9:30:CA:18:44:01:51
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b41fa9b7-d736-4d41-9fc2-9feda5a87248.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.16.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:b2:3f:de:06:e0:93:a6:76:28:4f:58:c0:2a:2a:f1:9a:c9:
         d6:a0:a5:0e:b5:2b:f3:ab:0e:86:d2:49:1e:37:e8:cb:c0:9d:
         8f:61:09:82:a9:de:a5:6e:3f:5d:63:c3:6e:00:01:4b:0d:6c:
         e0:12:f1:89:9b:80:99:70:e6:c9:75:88:d5:8d:6d:7d:68:65:
         88:47:90:96:9f:6c:1f:44:55:05:ad:a9:e8:b8:1d:95:e9:91:
         8a:eb:f1:c3:bb:ba:8a:cf:fd:da:5e:14:80:c8:a4:da:91:57:
         5b:e1:c1:0c:94:84:00:d7:14:db:41:5a:01:d0:10:53:75:48:
         e5:48:5a:a9:4f:44:27:4e:cd:cb:8e:0c:45:be:d6:60:aa:06:
         17:b0:e1:ca:bc:45:1d:65:dd:11:cd:b5:2f:b1:a2:4f:ff:22:
         ff:f2:cd:30:ba:a6:7b:bc:30:6f:ee:8a:8e:78:18:60:bd:69:
         42:ba:7b:7d:77:a9:a0:1e:0d:c0:ab:c3:00:25:91:a5:7b:f7:
         35:70:8b:6d:fc:3d:6a:61:b4:68:45:0a:d4:77:70:90:80:48:
         0a:d9:a6:75:08:a4:2f:72:8b:1b:53:c9:f3:47:2f:00:ba:b4:
         a6:ec:d0:93:8c:f5:60:8d:17:b8:e9:a3:7a:02:29:7d:35:4f:
         8b:03:b3:09
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUSyvugtevx5PV2xhn8tcv30wRgSAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjcwMDUyNDVaFw0yNTExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQDNjY2Y5YjU4ZGFhNzYyY2RjYmE3NmQzZjQyYjAyNzM5ZmU3MWIxZjQ5Y2E1
ODNhODc2MWIwMzdmMzk2MDVlMjIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPT6+EluEzzZo2Rg5KNm7ilqGijLQfwtlSsvZXouOj2AhKsqiHmYxgbdk5gD
8EgHrNxxwOHlKuSPQXHbEn5UavlncZMJZ9BfaibCxnnERIiOTRtDv9wAQptvVJKe
AnKtePgE5uGOGYhU4grkzFK2FsN2T5zcZl8xCcubTZvEAvERZaVpu4PLP/5YBvBw
GvGhQER9I1WRu60EezdyL1Cxlg9H+yQ+ajcDR+wWSR9pWb+pnTNBXeSN93R+W6cM
0Jd7OS6l92NKeBL339jrXYbgo6m5VVPv61Fp0T39U2cxP8MAAtHFeiqNjegOl902
1PaP1UYpb9nf6jyPDC41JADFuGUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQiPdvO
ucj3MmmyFjED6TDKGEQBUTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YjQxZmE5YjctZDczNi00ZDQxLTlmYzItOWZlZGE1YTg3MjQ4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADMQ/zAN
BgkqhkiG9w0BAQsFAAOCAQEANrI/3gbgk6Z2KE9YwCoq8ZrJ1qClDrUr86sOhtJJ
Hjfoy8Cdj2EJgqnepW4/XWPDbgABSw1s4BLxiZuAmXDmyXWI1Y1tfWhliEeQlp9s
H0RVBa2p6LgdlemRiuvxw7u6is/92l4UgMik2pFXW+HBDJSEANcU20FaAdAQU3VI
5UhaqU9EJ07Ny44MRb7WYKoGF7DhyrxFHWXdEc21L7GiT/8i//LNMLqme7wwb+6K
jngYYL1pQrp7fXepoB4NwKvDACWRpXv3NXCLbfw9amG0aEUK1HdwkIBICtmmdQik
L3KLG1PJ80cvALq0puzQk4z1YI0XuOmjegIpfTVPiwOzCQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:54:03 2025 by rpki-client