Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e6379fd6-eaa8-4348-8280-afb9b8552668.roa
File:                     e6379fd6-eaa8-4348-8280-afb9b8552668.roa (raw, json)
Hash identifier:          etoE8fRA+ywbjNU3ggy9S4GxaY03kv3CujoJC0LT39c=
Subject key identifier:   BE:6A:CE:64:77:B5:EA:3D:7D:79:0A:F1:34:47:D3:EB:D5:D4:B8:50
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       29F00E48F0BC0D33E070719551261BEEE13CC140
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e6379fd6-eaa8-4348-8280-afb9b8552668.roa
Signing time:             Mon 29 Sep 2025 15:40:26 +0000
ROA not before:           Mon 29 Sep 2025 15:40:26 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        83.118.228.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:f0:0e:48:f0:bc:0d:33:e0:70:71:95:51:26:1b:ee:e1:3c:c1:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 29 15:40:26 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=f4bbcdd419dc65b862676b777431b6a8e87f1bfcfff63c787de48cd03007cef1, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4d:d3:d0:e5:96:db:48:5b:1f:b7:63:8b:e4:
                    9b:dd:73:49:40:28:f2:48:55:97:12:ed:ed:b4:a2:
                    b6:a3:95:07:e4:be:b8:8a:b8:a1:2c:41:57:81:dd:
                    dd:f3:85:36:b6:72:12:69:0a:19:f4:37:13:3b:40:
                    d4:88:bc:4a:18:94:c6:c0:b8:c6:ec:8c:bd:a3:85:
                    11:9b:34:77:d1:8c:08:f7:fd:2a:75:04:ca:2c:2c:
                    27:77:ee:d9:a5:51:96:7a:16:55:2e:40:5c:2a:5c:
                    5a:12:63:15:dc:63:1f:ea:9e:7d:0e:62:36:7a:73:
                    f7:e5:c8:16:5d:56:c7:78:45:85:ad:38:b3:12:aa:
                    67:46:03:33:4c:d9:c0:c5:6d:20:4a:cc:0f:75:66:
                    5f:df:a9:cd:b1:a1:89:06:24:b7:14:fd:a5:63:d5:
                    f7:5c:9a:18:3e:92:4b:22:89:2d:35:46:60:f9:90:
                    70:9c:db:7d:20:8b:64:73:3c:14:09:28:f5:c5:51:
                    04:0b:b0:f0:ee:83:63:71:55:64:0d:0a:05:4e:aa:
                    97:bd:cb:fc:56:de:7d:47:a1:c3:9a:09:17:9f:0a:
                    4c:fb:83:a2:26:ca:2c:7b:a5:e4:67:dc:10:e7:89:
                    6c:1e:c0:55:60:cb:17:a5:1c:8b:7e:93:49:e0:9d:
                    9b:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:6A:CE:64:77:B5:EA:3D:7D:79:0A:F1:34:47:D3:EB:D5:D4:B8:50
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e6379fd6-eaa8-4348-8280-afb9b8552668.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.118.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bb:5d:6e:7d:e1:db:07:05:c3:b6:ca:18:7f:e4:22:e1:44:d7:
         a5:82:2a:1e:0b:fe:99:83:67:ad:9a:54:4f:b7:b3:92:d5:ac:
         cd:8b:0e:10:85:64:af:a9:d2:c8:0b:20:e2:7a:7e:27:31:cc:
         e7:6a:0f:a9:23:6b:cc:a5:54:0b:35:2f:41:71:8a:6b:0f:f5:
         8a:29:d3:5d:c9:c1:1a:79:4f:59:cd:a9:2a:7c:5a:88:c2:ef:
         68:9f:7e:cf:b2:7b:80:cb:d6:78:4d:6b:70:49:77:11:19:53:
         11:13:b7:1f:f5:0e:fa:4b:0c:ce:c1:5e:b6:3f:40:4c:e4:a0:
         50:3a:76:a8:dc:08:d9:4e:dc:2b:3b:c0:25:ba:29:94:fa:08:
         b5:cf:95:cc:8b:2b:a3:04:f8:ab:ee:06:ea:fb:27:ac:dc:27:
         5f:de:95:76:1a:da:6c:12:b8:8e:f7:09:f7:10:a5:13:b1:3b:
         95:02:71:78:f2:dd:7b:d7:24:c5:33:0e:05:d9:0f:ec:14:48:
         eb:31:5c:d3:5c:1d:23:41:15:4d:63:0f:9e:d1:bb:a7:d8:31:
         36:f6:32:f7:f4:8f:f9:3d:94:19:5f:4a:8c:ff:e2:96:e4:84:
         36:c7:d9:41:02:62:9a:6f:8d:81:e7:e9:28:68:e5:a2:99:1a:
         4e:ae:ae:73
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUKfAOSPC8DTPgcHGVUSYb7uE8wUAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjkxNTQwMjZaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGY0YmJjZGQ0MTlkYzY1Yjg2MjY3NmI3Nzc0MzFiNmE4ZTg3ZjFiZmNmZmY2
M2M3ODdkZTQ4Y2QwMzAwN2NlZjExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALhN09DllttIWx+3Y4vkm91zSUAo8khVlxLt7bSitqOVB+S+uIq4oSxBV4Hd
3fOFNrZyEmkKGfQ3EztA1Ii8ShiUxsC4xuyMvaOFEZs0d9GMCPf9KnUEyiwsJ3fu
2aVRlnoWVS5AXCpcWhJjFdxjH+qefQ5iNnpz9+XIFl1Wx3hFha04sxKqZ0YDM0zZ
wMVtIErMD3VmX9+pzbGhiQYktxT9pWPV91yaGD6SSyKJLTVGYPmQcJzbfSCLZHM8
FAko9cVRBAuw8O6DY3FVZA0KBU6ql73L/FbefUehw5oJF58KTPuDoibKLHul5Gfc
EOeJbB7AVWDLF6Uci36TSeCdm28CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBS+as5k
d7XqPX15CvE0R9Pr1dS4UDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZTYzNzlmZDYtZWFhOC00MzQ4LTgyODAtYWZiOWI4NTUyNjY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlN25DAN
BgkqhkiG9w0BAQsFAAOCAQEAu11ufeHbBwXDtsoYf+Qi4UTXpYIqHgv+mYNnrZpU
T7ezktWszYsOEIVkr6nSyAsg4np+JzHM52oPqSNrzKVUCzUvQXGKaw/1iinTXcnB
GnlPWc2pKnxaiMLvaJ9+z7J7gMvWeE1rcEl3ERlTERO3H/UO+ksMzsFetj9ATOSg
UDp2qNwI2U7cKzvAJboplPoItc+VzIsrowT4q+4G6vsnrNwnX96VdhrabBK4jvcJ
9xClE7E7lQJxePLde9ckxTMOBdkP7BRI6zFc01wdI0EVTWMPntG7p9gxNvYy9/SP
+T2UGV9KjP/iluSENsfZQQJimm+NgefpKGjlopkaTq6ucw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:40:02 2025 by rpki-client