Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fe4e6b1e-120a-454b-8ea2-2504e0f34b7e.roa
File:                     fe4e6b1e-120a-454b-8ea2-2504e0f34b7e.roa (raw, json)
Hash identifier:          TW2ktZLePX3inY9EZir0CjYjsuzhiXvbMg1Wvd4GJ54=
Subject key identifier:   9D:4D:4B:49:00:12:D3:1D:02:09:EA:92:93:2F:2D:7E:05:D3:24:C8
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       160C7936B99073BD06C56A014F0D9514C9DEA540
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fe4e6b1e-120a-454b-8ea2-2504e0f34b7e.roa
Signing time:             Mon 29 Sep 2025 15:40:13 +0000
ROA not before:           Mon 29 Sep 2025 15:40:13 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.85.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:0c:79:36:b9:90:73:bd:06:c5:6a:01:4f:0d:95:14:c9:de:a5:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Sep 29 15:40:13 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=18205804c09a0616cdd9fd0c9a0bbc22b390da689ebf18834185016f79e44853, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:8a:db:33:2f:4e:be:8b:6a:e2:0d:03:3d:24:
                    5a:32:cd:73:22:28:a1:a0:e9:b0:d4:27:37:57:7b:
                    0d:e4:1c:21:07:5b:21:b6:32:2b:13:b7:9e:93:16:
                    7b:09:ec:e2:57:f3:11:dc:cf:c1:f4:88:a9:e0:50:
                    8e:bd:7b:ad:37:75:39:33:e0:32:d3:84:c8:31:64:
                    85:49:11:d4:09:a8:18:36:13:42:40:87:6e:08:b7:
                    bf:4b:32:6b:e2:b0:95:c2:19:44:76:ea:ec:05:8a:
                    17:2c:34:7f:28:4b:92:af:0b:61:3d:32:1d:5b:4e:
                    02:a6:99:da:d1:f7:b3:d6:c0:3a:39:1d:5b:b9:c6:
                    78:af:e2:50:a7:ce:b6:d6:41:6b:16:4e:2a:b7:f6:
                    c5:a1:a8:f8:75:11:8e:b1:7b:e3:fc:d2:dc:41:17:
                    d6:8c:ac:7d:35:a9:95:de:e8:a7:df:0c:1b:a3:7e:
                    35:3f:21:45:b8:43:75:f6:47:31:6f:b2:19:f1:0f:
                    52:a9:de:e0:19:8a:76:60:ce:0f:3d:66:ab:4d:bc:
                    63:5f:01:f7:21:21:af:59:e8:ef:f0:5f:88:cf:54:
                    95:93:98:1a:c5:34:23:42:36:5e:7d:85:11:d6:99:
                    12:29:e6:15:88:45:29:30:17:53:b7:af:fd:47:d5:
                    17:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:4D:4B:49:00:12:D3:1D:02:09:EA:92:93:2F:2D:7E:05:D3:24:C8
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fe4e6b1e-120a-454b-8ea2-2504e0f34b7e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.85.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2f:0e:fd:61:25:b5:e8:96:a5:2e:79:ea:96:4f:be:b2:a1:d1:
         49:cf:44:eb:7f:64:76:fd:76:47:1a:d4:f5:24:50:22:08:62:
         33:d6:bd:06:83:e6:b2:f6:69:30:99:9b:58:cd:a8:15:1e:55:
         a7:43:a3:95:a9:44:99:5b:bc:2f:4a:b4:9f:96:e0:42:4d:76:
         67:d5:36:ec:65:54:0c:be:45:6e:c3:64:a8:90:1f:a0:ad:93:
         ca:15:04:e9:e5:6a:a2:ed:a6:e0:4e:2b:ba:46:24:6b:c2:4f:
         fe:cc:cf:d4:3f:b4:b8:d5:f6:a3:1c:da:e3:f3:f0:a4:fb:e5:
         d6:79:e4:7a:fd:0a:a4:30:9e:c6:f2:89:45:08:45:23:04:7f:
         f0:ab:a8:09:4a:d6:05:64:cd:87:fd:38:22:10:13:f9:62:a4:
         cd:d5:da:8a:2b:c4:45:f8:74:d6:de:f8:ae:6f:3d:49:dd:0c:
         c6:1c:e2:d6:11:18:29:7d:51:b0:92:e0:28:d5:cc:9c:c9:ba:
         df:c6:a7:e6:ce:36:c8:d2:ed:08:fc:c2:d3:2b:a2:00:96:53:
         b0:75:3a:66:4d:69:3c:a2:6b:52:a5:0b:0b:c4:bf:db:84:e7:
         3a:a0:eb:b2:bb:80:c6:61:12:45:b2:5a:a2:19:25:6b:de:e2:
         10:d4:3d:5b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUFgx5NrmQc70GxWoBTw2VFMnepUAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjkxNTQwMTNaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDE4MjA1ODA0YzA5YTA2MTZjZGQ5ZmQwYzlhMGJiYzIyYjM5MGRhNjg5ZWJm
MTg4MzQxODUwMTZmNzllNDQ4NTMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANOK2zMvTr6LauINAz0kWjLNcyIooaDpsNQnN1d7DeQcIQdbIbYyKxO3npMW
ewns4lfzEdzPwfSIqeBQjr17rTd1OTPgMtOEyDFkhUkR1AmoGDYTQkCHbgi3v0sy
a+KwlcIZRHbq7AWKFyw0fyhLkq8LYT0yHVtOAqaZ2tH3s9bAOjkdW7nGeK/iUKfO
ttZBaxZOKrf2xaGo+HURjrF74/zS3EEX1oysfTWpld7op98MG6N+NT8hRbhDdfZH
MW+yGfEPUqne4BmKdmDODz1mq028Y18B9yEhr1no7/BfiM9UlZOYGsU0I0I2Xn2F
EdaZEinmFYhFKTAXU7ev/UfVF2kCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSdTUtJ
ABLTHQIJ6pKTLy1+BdMkyDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmU0ZTZiMWUtMTIwYS00NTRiLThlYTItMjUwNGUwZjM0YjdlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNVMA0G
CSqGSIb3DQEBCwUAA4IBAQAvDv1hJbXolqUueeqWT76yodFJz0Trf2R2/XZHGtT1
JFAiCGIz1r0Gg+ay9mkwmZtYzagVHlWnQ6OVqUSZW7wvSrSfluBCTXZn1TbsZVQM
vkVuw2SokB+grZPKFQTp5Wqi7abgTiu6RiRrwk/+zM/UP7S41fajHNrj8/Ck++XW
eeR6/QqkMJ7G8olFCEUjBH/wq6gJStYFZM2H/TgiEBP5YqTN1dqKK8RF+HTW3viu
bz1J3QzGHOLWERgpfVGwkuAo1cycybrfxqfmzjbI0u0I/MLTK6IAllOwdTpmTWk8
omtSpQsLxL/bhOc6oOuyu4DGYRJFslqiGSVr3uIQ1D1b
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:53:36 2025 by rpki-client