Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f0b62efe-867d-4733-9b0c-8354a04195f8.roa
File:                     f0b62efe-867d-4733-9b0c-8354a04195f8.roa (raw, json)
Hash identifier:          YOVoR7XVZRSf9AnX5HF/buLvA+uzRH8GF27G/VLMqBo=
Subject key identifier:   18:28:04:57:D8:25:AF:27:5E:8C:5D:62:27:3C:AB:06:39:37:06:6B
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       0E4DAE0600A113C2372B3DB9DC8F74296843FEB5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f0b62efe-867d-4733-9b0c-8354a04195f8.roa
Signing time:             Fri 26 Sep 2025 20:20:05 +0000
ROA not before:           Fri 26 Sep 2025 20:20:05 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.128.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:4d:ae:06:00:a1:13:c2:37:2b:3d:b9:dc:8f:74:29:68:43:fe:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 26 20:20:05 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=8533fe0b172e4eb588013f4964433c5bbfc5bb2af1c7d3a4a73b4543b332f131, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:53:2a:5b:e5:2c:d8:9b:ba:ed:62:d0:8f:9d:
                    1c:0f:8c:36:25:ce:55:6b:a9:6c:a3:7e:af:44:56:
                    2e:80:53:03:53:b5:12:0a:43:13:b6:e1:d0:26:14:
                    68:86:74:38:11:0f:4f:34:30:3e:64:41:a3:11:1f:
                    7d:42:9a:10:37:9c:6c:86:a3:c9:2f:10:c1:2b:26:
                    a1:bf:da:30:b6:63:1a:5a:b5:24:76:de:a3:fd:57:
                    88:d5:7a:06:e8:9b:0d:29:10:f4:1a:ec:65:c0:5a:
                    70:90:2c:b2:ab:14:c4:03:a2:4a:0d:29:a9:bc:dd:
                    77:0f:8d:c0:3a:69:f5:45:9c:5f:9c:a7:fc:ee:45:
                    d7:d2:ce:66:de:8f:05:ab:3a:4e:86:23:43:b4:0a:
                    3a:a9:25:22:43:2f:c9:23:19:0d:9a:4c:98:87:df:
                    ce:af:3b:bb:23:5e:74:2a:32:b9:c4:36:69:b9:b2:
                    65:67:b7:08:5d:9e:89:d6:63:f7:7a:79:5a:fa:3c:
                    12:c6:08:a9:e3:d1:7f:37:c4:a9:57:d3:c7:69:40:
                    89:fe:ff:71:9c:f6:62:77:49:c5:ed:be:e8:5f:3b:
                    29:c8:d8:42:86:2a:ba:0a:f6:49:df:88:d5:9f:f6:
                    d7:f6:d9:c4:62:1b:7a:19:e9:3c:ed:18:3d:42:e4:
                    8b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:28:04:57:D8:25:AF:27:5E:8C:5D:62:27:3C:AB:06:39:37:06:6B
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f0b62efe-867d-4733-9b0c-8354a04195f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.128.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0e:aa:93:d1:90:3a:58:77:4e:8c:b4:9a:11:94:73:2f:f7:66:
         f4:b7:e4:5e:75:a6:ad:79:3f:69:9a:f7:7f:3b:f3:c6:94:8c:
         19:2f:5b:cc:67:a0:6e:1c:64:29:c2:0d:d3:24:d9:78:e0:16:
         4b:e4:22:62:87:d5:3b:4f:10:f5:c7:c7:19:a8:37:93:a9:34:
         17:33:69:a0:92:8b:8f:f8:ac:e2:56:6f:c9:5d:9a:88:2b:01:
         f5:d2:6d:5a:3c:09:40:fc:11:c7:17:cd:65:52:8a:55:0d:86:
         4b:c3:fa:50:5c:3e:66:56:71:44:27:8f:3c:0b:51:d0:82:bc:
         2b:d5:f4:0d:21:2a:01:70:73:fb:67:48:e3:ef:76:62:88:ec:
         7a:8f:93:17:94:f3:3e:59:f7:9e:35:12:14:a9:2e:84:a6:d9:
         11:43:d6:72:e6:1c:dc:67:59:b5:7f:d6:54:4e:a4:38:a8:2d:
         45:fd:51:b1:e4:9f:32:57:8c:11:96:7c:1f:47:51:5d:51:7e:
         7c:fd:7a:d4:d3:38:b8:21:42:6a:ac:1a:ca:d1:90:6f:7d:92:
         d2:53:8f:c2:e4:55:79:5a:e4:a2:63:55:e8:13:0a:43:54:7a:
         fe:0e:20:e5:d1:97:65:26:11:a6:16:ba:e3:66:0e:93:d1:4f:
         15:14:a1:f7
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUDk2uBgChE8I3Kz253I90KWhD/rUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjYyMDIwMDVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDg1MzNmZTBiMTcyZTRlYjU4ODAxM2Y0OTY0NDMzYzViYmZjNWJiMmFmMWM3
ZDNhNGE3M2I0NTQzYjMzMmYxMzExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN5TKlvlLNibuu1i0I+dHA+MNiXOVWupbKN+r0RWLoBTA1O1EgpDE7bh0CYU
aIZ0OBEPTzQwPmRBoxEffUKaEDecbIajyS8QwSsmob/aMLZjGlq1JHbeo/1XiNV6
BuibDSkQ9BrsZcBacJAssqsUxAOiSg0pqbzddw+NwDpp9UWcX5yn/O5F19LOZt6P
Bas6ToYjQ7QKOqklIkMvySMZDZpMmIffzq87uyNedCoyucQ2abmyZWe3CF2eidZj
93p5Wvo8EsYIqePRfzfEqVfTx2lAif7/cZz2YndJxe2+6F87KcjYQoYqugr2Sd+I
1Z/21/bZxGIbehnpPO0YPULki1ECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQYKARX
2CWvJ16MXWInPKsGOTcGazAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZjBiNjJlZmUtODY3ZC00NzMzLTliMGMtODM1NGEwNDE5NWY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOAMA0G
CSqGSIb3DQEBCwUAA4IBAQAOqpPRkDpYd06MtJoRlHMv92b0t+RedaateT9pmvd/
O/PGlIwZL1vMZ6BuHGQpwg3TJNl44BZL5CJih9U7TxD1x8cZqDeTqTQXM2mgkouP
+KziVm/JXZqIKwH10m1aPAlA/BHHF81lUopVDYZLw/pQXD5mVnFEJ488C1HQgrwr
1fQNISoBcHP7Z0jj73ZiiOx6j5MXlPM+WfeeNRIUqS6EptkRQ9Zy5hzcZ1m1f9ZU
TqQ4qC1F/VGx5J8yV4wRlnwfR1FdUX58/XrU0zi4IUJqrBrK0ZBvfZLSU4/C5FV5
WuSiY1XoEwpDVHr+DiDl0ZdlJhGmFrrjZg6T0U8VFKH3
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:53:33 2025 by rpki-client