Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d411eca7-95af-41dd-a2fc-fdaa162ad2e7.roa
File:                     d411eca7-95af-41dd-a2fc-fdaa162ad2e7.roa (raw, json)
Hash identifier:          m9s2ailLv1LfFZyIzvDVN6TIoACh1fJepUtH3nvw67g=
Subject key identifier:   6A:A6:0F:57:E8:F9:82:17:D5:B6:BD:18:01:2B:8B:AA:B6:5B:70:4E
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       534C71FEDAA667C4A147AEAB49D730739AE1F9B8
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d411eca7-95af-41dd-a2fc-fdaa162ad2e7.roa
Signing time:             Mon 29 Sep 2025 15:40:27 +0000
ROA not before:           Mon 29 Sep 2025 15:40:27 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        83.118.240.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:4c:71:fe:da:a6:67:c4:a1:47:ae:ab:49:d7:30:73:9a:e1:f9:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 29 15:40:27 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=d9ea002b47a343bdb6d951fa9b1696fcd1bd9f07ab0e2c8278c42fb077d33d48, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:20:f0:af:e9:9f:49:c2:be:16:d8:98:09:6f:
                    e0:6b:44:44:ca:5e:a2:69:0f:a3:69:1a:db:ca:9a:
                    0a:2a:9f:5a:3d:d6:5d:cd:16:13:9f:98:d6:66:ba:
                    dc:2b:15:d0:15:09:8d:f9:ad:ec:c3:91:36:2c:8e:
                    22:28:7a:ea:18:57:c8:ec:52:ae:b3:ff:39:bd:01:
                    69:b8:f2:1b:61:42:18:7d:b8:c0:52:6f:a1:80:24:
                    ec:95:8c:b7:4a:aa:97:d6:b5:3f:36:02:05:af:a8:
                    10:06:f0:27:17:14:8f:c7:7f:37:7b:9f:4b:cf:6d:
                    cf:7f:f4:25:d8:af:d7:48:6d:92:f5:2b:68:de:2c:
                    a8:ff:53:00:44:60:62:ea:d0:38:a6:18:7b:82:9d:
                    88:fb:18:c3:ad:c9:d7:c5:94:5e:64:1b:57:05:68:
                    5c:ba:b9:48:42:a1:7b:af:a1:21:d1:6e:ae:73:07:
                    28:f3:77:7e:99:af:61:47:9a:35:f4:54:1e:65:60:
                    15:ea:74:0c:5c:43:03:b3:9f:3c:2a:d0:56:f5:4c:
                    c6:50:17:65:72:88:cd:f9:83:61:84:ad:45:1d:78:
                    4c:3b:52:fa:e6:63:72:ca:e5:23:bb:be:e8:51:cf:
                    f4:c5:6f:75:0a:39:99:f6:ab:3a:3d:da:de:f2:8a:
                    07:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:A6:0F:57:E8:F9:82:17:D5:B6:BD:18:01:2B:8B:AA:B6:5B:70:4E
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d411eca7-95af-41dd-a2fc-fdaa162ad2e7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.118.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         01:b3:2b:00:18:41:1a:59:e1:a3:63:23:4f:37:2e:45:ae:17:
         9d:74:bd:f3:a8:54:0a:3d:a9:d2:4e:0b:78:3f:95:65:3f:e4:
         9b:e0:2c:a9:ca:25:e8:0b:ed:28:ce:47:ef:79:9f:30:61:2e:
         da:50:a8:1a:d3:63:28:47:96:81:1f:b6:e8:89:5c:54:24:cb:
         d8:76:2b:2d:3a:12:cb:49:e4:37:62:50:03:24:ee:d8:be:7e:
         53:80:b4:af:79:b2:25:f6:60:0b:43:a5:a2:8a:9a:9d:0e:c6:
         fa:90:ed:2b:38:d6:0a:40:b7:99:c9:54:2c:28:7e:43:d0:a0:
         54:1a:cb:c7:19:4f:8d:18:ad:37:0f:70:71:02:d7:e8:10:cb:
         50:af:c7:00:fb:bf:4f:43:70:02:58:68:b0:28:6d:ee:67:e8:
         a3:79:0b:53:6b:82:dc:5b:0c:b8:fd:5f:d5:35:cd:3a:b7:2b:
         fb:d4:35:5d:67:6b:f7:59:87:c4:a8:b2:a4:ae:1f:3e:af:eb:
         af:36:7c:26:1c:34:fa:14:9d:e7:65:4e:4f:50:4c:f0:ec:cd:
         35:93:d5:ed:62:cd:8f:f1:7d:b4:31:11:09:e7:b5:34:c7:8c:
         4b:ad:18:a0:11:c9:c4:90:a5:b4:39:47:8c:73:3d:dc:80:06:
         5f:9c:ad:8c
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUU0xx/tqmZ8ShR66rSdcwc5rh+bgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjkxNTQwMjdaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ5ZWEwMDJiNDdhMzQzYmRiNmQ5NTFmYTliMTY5NmZjZDFiZDlmMDdhYjBl
MmM4Mjc4YzQyZmIwNzdkMzNkNDgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK0g8K/pn0nCvhbYmAlv4GtERMpeomkPo2ka28qaCiqfWj3WXc0WE5+Y1ma6
3CsV0BUJjfmt7MORNiyOIih66hhXyOxSrrP/Ob0BabjyG2FCGH24wFJvoYAk7JWM
t0qql9a1PzYCBa+oEAbwJxcUj8d/N3ufS89tz3/0Jdiv10htkvUraN4sqP9TAERg
YurQOKYYe4KdiPsYw63J18WUXmQbVwVoXLq5SEKhe6+hIdFurnMHKPN3fpmvYUea
NfRUHmVgFep0DFxDA7OfPCrQVvVMxlAXZXKIzfmDYYStRR14TDtS+uZjcsrlI7u+
6FHP9MVvdQo5mfarOj3a3vKKB6UCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRqpg9X
6PmCF9W2vRgBK4uqtltwTjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDQxMWVjYTctOTVhZi00MWRkLWEyZmMtZmRhYTE2MmFkMmU3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBFN28DAN
BgkqhkiG9w0BAQsFAAOCAQEAAbMrABhBGlnho2MjTzcuRa4XnXS986hUCj2p0k4L
eD+VZT/km+Asqcol6AvtKM5H73mfMGEu2lCoGtNjKEeWgR+26IlcVCTL2HYrLToS
y0nkN2JQAyTu2L5+U4C0r3myJfZgC0OlooqanQ7G+pDtKzjWCkC3mclULCh+Q9Cg
VBrLxxlPjRitNw9wcQLX6BDLUK/HAPu/T0NwAlhosCht7mfoo3kLU2uC3FsMuP1f
1TXNOrcr+9Q1XWdr91mHxKiypK4fPq/rrzZ8Jhw0+hSd52VOT1BM8OzNNZPV7WLN
j/F9tDERCee1NMeMS60YoBHJxJCltDlHjHM93IAGX5ytjA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:00:07 2025 by rpki-client