Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f9c2130f-6f88-42ac-853e-f39d188adb6d.roa
File:                     f9c2130f-6f88-42ac-853e-f39d188adb6d.roa (raw, json)
Hash identifier:          uVUG9PM3HxGdi15SA1vbQbgsfGD9S1v68OsFwXfbS/o=
Subject key identifier:   C0:1D:5C:25:13:E9:8D:5A:1B:CB:B9:39:57:AB:24:D4:FF:73:5A:58
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       1BEE555796E3FA8C8DD60D3BFDE72302BCBBF20E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f9c2130f-6f88-42ac-853e-f39d188adb6d.roa
Signing time:             Mon 06 Oct 2025 18:10:35 +0000
ROA not before:           Mon 06 Oct 2025 18:10:35 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.232.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:ee:55:57:96:e3:fa:8c:8d:d6:0d:3b:fd:e7:23:02:bc:bb:f2:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Oct  6 18:10:35 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=1502b3955962788e5447f6d6c13e89918bff66229cc22588f66fea2e6addc9c8, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:bc:e2:22:42:76:a9:f9:c0:81:91:ea:f9:18:
                    c8:ba:d6:c8:f3:7f:f4:ab:87:61:51:8a:44:c4:31:
                    74:9e:19:8d:62:9e:88:42:23:b7:52:f4:57:5e:96:
                    06:83:7e:72:f4:fe:26:cf:93:79:c9:fb:10:6f:3c:
                    20:8d:ab:ae:0c:b1:be:70:ac:43:99:02:b5:d1:d9:
                    63:09:d1:b1:e9:07:e1:2f:a7:3a:1a:b2:bd:0c:6f:
                    60:77:81:c9:4b:f7:b0:38:0d:7a:d2:25:2e:16:68:
                    be:12:53:0c:73:41:4a:e5:da:da:72:8e:95:de:b9:
                    4e:7f:de:d9:aa:99:7e:0e:14:5f:18:6b:b8:ee:9f:
                    57:2b:8e:b3:3f:f1:dc:af:6d:e0:78:84:00:0e:73:
                    18:39:14:f9:30:cd:aa:03:66:08:ac:ab:f8:ca:4a:
                    a6:1f:8c:63:4c:5d:c9:1e:99:67:4d:94:c2:b9:56:
                    bd:c2:38:47:7e:7e:99:76:e3:69:c0:55:3e:9e:99:
                    ba:2b:a3:38:2a:02:d2:39:24:ff:ae:bf:53:da:51:
                    19:f6:94:de:fa:fd:ce:5d:fd:34:67:f8:1e:fe:39:
                    f0:ee:b2:e2:e0:43:85:9a:69:f4:51:e2:80:46:be:
                    c6:70:ef:96:ea:0a:b7:24:ed:95:84:58:7c:6a:51:
                    dd:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:1D:5C:25:13:E9:8D:5A:1B:CB:B9:39:57:AB:24:D4:FF:73:5A:58
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f9c2130f-6f88-42ac-853e-f39d188adb6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.232.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         48:d2:7f:34:93:91:e6:54:c1:30:9f:08:fc:54:67:b4:b5:7f:
         ee:5f:f9:e7:06:c9:e2:ee:86:4d:fa:06:76:b9:31:17:c9:b0:
         90:48:fe:2c:8d:b5:a1:3e:1f:11:a9:d8:10:54:c9:a0:ab:8c:
         63:de:f9:98:a2:59:c8:1f:ea:16:ca:7c:14:65:85:51:38:c7:
         d1:e6:ba:f0:ba:4c:26:c3:0d:7c:f5:a3:41:b3:47:27:fb:58:
         c8:a3:88:3c:0b:7a:59:a7:49:ed:d3:6f:d2:be:78:a4:6e:d1:
         3a:ee:d5:3c:4b:6e:97:f0:49:80:5a:0d:9d:a0:c4:c4:9b:46:
         3f:e3:80:ed:a3:f9:d7:59:b8:6a:68:64:09:6a:d0:3c:ae:db:
         0d:03:2d:fb:1d:b4:b1:75:75:7c:12:82:be:5f:45:9e:75:22:
         b9:91:f6:f1:81:1c:12:46:7f:c4:7a:3e:cc:0e:15:29:8a:90:
         43:c3:07:f3:1c:23:4e:04:6a:fa:77:e5:7c:ce:2f:ff:34:6d:
         79:25:59:b1:47:c6:25:0b:14:95:7c:33:c1:28:5b:d6:d8:4a:
         d1:cb:0c:6e:ed:fd:bf:c2:80:bb:52:21:fb:b0:08:0e:98:a4:
         99:d7:85:67:2d:71:a0:c2:8c:0f:b2:75:88:b0:0b:a9:52:f9:
         c7:8c:50:b4
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUG+5VV5bj+oyN1g07/ecjAry78g4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMDYxODEwMzVaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDE1MDJiMzk1NTk2Mjc4OGU1NDQ3ZjZkNmMxM2U4OTkxOGJmZjY2MjI5Y2My
MjU4OGY2NmZlYTJlNmFkZGM5YzgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN+84iJCdqn5wIGR6vkYyLrWyPN/9KuHYVGKRMQxdJ4ZjWKeiEIjt1L0V16W
BoN+cvT+Js+Tecn7EG88II2rrgyxvnCsQ5kCtdHZYwnRsekH4S+nOhqyvQxvYHeB
yUv3sDgNetIlLhZovhJTDHNBSuXa2nKOld65Tn/e2aqZfg4UXxhruO6fVyuOsz/x
3K9t4HiEAA5zGDkU+TDNqgNmCKyr+MpKph+MY0xdyR6ZZ02UwrlWvcI4R35+mXbj
acBVPp6ZuiujOCoC0jkk/66/U9pRGfaU3vr9zl39NGf4Hv458O6y4uBDhZpp9FHi
gEa+xnDvluoKtyTtlYRYfGpR3f0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTAHVwl
E+mNWhvLuTlXqyTU/3NaWDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZjljMjEzMGYtNmY4OC00MmFjLTg1M2UtZjM5ZDE4OGFkYjZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPoMA0G
CSqGSIb3DQEBCwUAA4IBAQBI0n80k5HmVMEwnwj8VGe0tX/uX/nnBsni7oZN+gZ2
uTEXybCQSP4sjbWhPh8RqdgQVMmgq4xj3vmYolnIH+oWynwUZYVROMfR5rrwukwm
ww189aNBs0cn+1jIo4g8C3pZp0nt02/SvnikbtE67tU8S26X8EmAWg2doMTEm0Y/
44Dto/nXWbhqaGQJatA8rtsNAy37HbSxdXV8EoK+X0WedSK5kfbxgRwSRn/Eej7M
DhUpipBDwwfzHCNOBGr6d+V8zi//NG15JVmxR8YlCxSVfDPBKFvW2ErRywxu7f2/
woC7UiH7sAgOmKSZ14VnLXGgwowPsnWIsAupUvnHjFC0
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:34:34 2025 by rpki-client