Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f060e190-89f7-4009-9831-b2d429343b80.roa
File:                     f060e190-89f7-4009-9831-b2d429343b80.roa (raw, json)
Hash identifier:          xHrPM88lUyh4i03/ZvBO+enx5uupAQTVSXF9V5mEzZU=
Subject key identifier:   81:8C:F4:69:13:37:A7:B9:3D:10:19:EA:06:30:D0:A5:AC:FE:78:A2
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       12FE0A0262D80D56F489B4F9DCDC3B238DB65EB0
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f060e190-89f7-4009-9831-b2d429343b80.roa
Signing time:             Mon 29 Sep 2025 15:40:06 +0000
ROA not before:           Mon 29 Sep 2025 15:40:06 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.16.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:fe:0a:02:62:d8:0d:56:f4:89:b4:f9:dc:dc:3b:23:8d:b6:5e:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 29 15:40:06 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=a2c942acb50064b333cac14efb99acb2c0dee0d2b0a62a8f06c5710fb5963187, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:00:3b:f4:47:fd:e2:84:b8:a1:7b:bc:c6:9a:
                    f6:52:af:c0:84:19:bc:97:96:12:d8:f4:27:ae:47:
                    e8:df:e8:c1:7b:88:84:2e:09:53:27:d9:87:77:37:
                    d0:97:ae:8d:e9:69:41:39:e7:25:ec:5a:62:cb:6c:
                    31:ad:9d:fe:b3:cd:20:a7:e4:c1:4b:99:69:58:d6:
                    b8:35:7d:00:82:3f:aa:7e:db:28:22:5a:e6:99:80:
                    66:13:25:c3:50:79:52:64:cd:4e:fb:9e:0d:4b:f9:
                    35:aa:b2:1d:5c:0e:9b:d5:b9:29:e4:14:7c:52:29:
                    32:c5:be:51:e6:7b:ca:21:cf:64:53:99:93:13:2d:
                    8a:37:c4:94:9a:e7:b7:3e:95:ba:f1:3a:b2:af:6f:
                    da:6f:0f:6d:f2:2c:68:c9:01:d6:ee:a2:43:5b:20:
                    d8:a8:c7:7c:e6:6b:0f:18:a5:43:96:46:c2:14:14:
                    07:26:25:34:9a:ca:a4:9b:76:b5:6c:93:c2:cd:64:
                    97:91:85:0d:86:3a:64:ee:42:69:f3:4d:02:14:41:
                    94:93:cd:77:62:9f:e9:df:7f:86:0a:9f:77:23:03:
                    24:5e:dc:61:e3:d4:03:c7:c8:27:2f:6d:3e:e9:f7:
                    cc:f3:ed:30:04:82:cd:0e:22:9a:b8:1f:c9:81:61:
                    f4:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:8C:F4:69:13:37:A7:B9:3D:10:19:EA:06:30:D0:A5:AC:FE:78:A2
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f060e190-89f7-4009-9831-b2d429343b80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.16.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         8b:64:8a:1d:a5:26:d2:d7:5c:77:c8:21:c7:0e:e2:cc:30:a4:
         92:d9:68:1d:08:b1:01:4a:e5:b8:82:89:f7:17:2a:2c:91:58:
         33:5c:2c:14:1d:f9:13:13:49:78:55:d6:19:ce:3b:f1:de:f3:
         0a:96:3f:53:5b:4e:0d:84:92:1e:8f:69:8a:eb:7d:1b:25:ac:
         a1:07:6b:55:0f:18:fa:f5:90:a0:d7:01:ab:f4:4b:55:eb:35:
         e6:1d:1d:10:ea:89:bc:e0:2f:26:e8:8a:c9:a5:b0:c8:8c:ac:
         c1:77:0b:60:d8:70:d2:6c:fd:a0:fa:32:23:c5:55:f0:5c:c1:
         9f:da:ff:2d:b9:a4:a2:f3:c1:5d:63:dd:29:03:bd:77:18:3d:
         6c:27:51:6f:c8:65:36:88:27:00:65:11:4c:1a:b9:cb:58:64:
         99:49:0a:1b:01:aa:dd:bd:7e:78:ab:a7:d7:4b:b6:0c:31:d5:
         47:b2:ea:92:fa:49:e5:bd:33:96:cc:fa:38:ad:0b:0c:b8:3e:
         bd:b1:ba:3e:db:0c:db:f3:17:a8:da:57:00:c9:ac:81:70:68:
         53:53:7a:ad:b1:b3:c3:77:f4:cd:e5:31:59:77:46:4e:12:61:
         09:1d:61:2e:aa:62:66:62:80:81:2f:46:a0:8f:d7:b3:bd:10:
         29:fb:0f:02
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUEv4KAmLYDVb0ibT53Nw7I422XrAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjkxNTQwMDZaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGEyYzk0MmFjYjUwMDY0YjMzM2NhYzE0ZWZiOTlhY2IyYzBkZWUwZDJiMGE2
MmE4ZjA2YzU3MTBmYjU5NjMxODcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMoAO/RH/eKEuKF7vMaa9lKvwIQZvJeWEtj0J65H6N/owXuIhC4JUyfZh3c3
0JeujelpQTnnJexaYstsMa2d/rPNIKfkwUuZaVjWuDV9AII/qn7bKCJa5pmAZhMl
w1B5UmTNTvueDUv5NaqyHVwOm9W5KeQUfFIpMsW+UeZ7yiHPZFOZkxMtijfElJrn
tz6VuvE6sq9v2m8PbfIsaMkB1u6iQ1sg2KjHfOZrDxilQ5ZGwhQUByYlNJrKpJt2
tWyTws1kl5GFDYY6ZO5CafNNAhRBlJPNd2Kf6d9/hgqfdyMDJF7cYePUA8fIJy9t
Pun3zPPtMASCzQ4imrgfyYFh9LECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSBjPRp
EzenuT0QGeoGMNClrP54ojAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZjA2MGUxOTAtODlmNy00MDA5LTk4MzEtYjJkNDI5MzQzYjgwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATMQMA0G
CSqGSIb3DQEBCwUAA4IBAQCLZIodpSbS11x3yCHHDuLMMKSS2WgdCLEBSuW4gon3
FyoskVgzXCwUHfkTE0l4VdYZzjvx3vMKlj9TW04NhJIej2mK630bJayhB2tVDxj6
9ZCg1wGr9EtV6zXmHR0Q6om84C8m6IrJpbDIjKzBdwtg2HDSbP2g+jIjxVXwXMGf
2v8tuaSi88FdY90pA713GD1sJ1FvyGU2iCcAZRFMGrnLWGSZSQobAardvX54q6fX
S7YMMdVHsuqS+knlvTOWzPo4rQsMuD69sbo+2wzb8xeo2lcAyayBcGhTU3qtsbPD
d/TN5TFZd0ZOEmEJHWEuqmJmYoCBL0agj9ezvRAp+w8C
-----END CERTIFICATE-----
Generated at Mon Oct 20 10:07:04 2025 by rpki-client