Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/05d2e6e0-648a-472a-b287-1b954eae646d.roa
File:                     05d2e6e0-648a-472a-b287-1b954eae646d.roa (raw, json)
Hash identifier:          5I0q7iyoUGhmC4m2u3/wcwNp0Cg3u88k6M+Bf/a0XbU=
Subject key identifier:   EF:D4:CB:C9:3C:07:96:6E:AB:7F:45:9D:E7:C9:28:95:31:6C:B9:C9
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       01A2E9C363A162F68CB5B1A58A0C0E070DC651FE
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/05d2e6e0-648a-472a-b287-1b954eae646d.roa
Signing time:             Mon 21 Jul 2025 17:00:06 +0000
ROA not before:           Mon 21 Jul 2025 17:00:06 +0000
ROA not after:            Mon 25 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        83.118.234.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:a2:e9:c3:63:a1:62:f6:8c:b5:b1:a5:8a:0c:0e:07:0d:c6:51:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 21 17:00:06 2025 GMT
            Not After : Aug 25 23:59:59 2025 GMT
        Subject: serialNumber=771c1950069ccc686f91aab0adb567db45ae811fb0579f3fc627d218dcf4f2e1, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:11:7a:38:06:78:98:37:d9:f0:84:f5:eb:80:
                    2c:75:27:15:48:73:5b:0e:2d:51:3d:6c:3d:d7:7c:
                    33:23:2c:54:a1:37:f4:9c:43:c6:ed:a3:61:c4:d7:
                    8a:ef:57:ec:cc:9b:80:be:4a:a0:37:a4:d6:e0:e0:
                    1f:01:0a:b8:bd:50:88:9e:30:b8:c2:af:30:66:0a:
                    c8:87:4a:f2:9c:b0:76:72:7d:ee:fc:98:8e:a0:db:
                    a6:a0:50:8e:27:d9:5f:6d:18:92:94:f0:0f:ed:8d:
                    6f:5c:07:e6:b9:6b:22:85:70:55:31:0c:14:83:ac:
                    57:c9:9f:60:99:e1:06:4a:a4:c6:72:ec:06:fc:e4:
                    fb:6f:d4:ee:3b:41:a0:cb:67:d7:db:b0:85:ca:23:
                    94:3d:70:ba:5c:de:bb:0f:65:c7:7c:57:c5:b3:f6:
                    6c:d7:ee:9e:93:47:2f:ed:98:17:85:19:eb:f5:1f:
                    ec:8c:79:33:c9:25:44:1f:5b:f8:eb:93:cd:fd:55:
                    2d:25:d8:71:12:8f:da:1f:6c:eb:db:21:16:bb:52:
                    76:f3:4e:39:7b:41:62:d0:07:04:80:14:85:89:46:
                    6b:06:ea:d7:aa:0c:ba:1d:27:93:c5:90:5f:8f:81:
                    6e:23:ba:74:85:6b:e7:c2:45:77:3b:78:9e:55:67:
                    41:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:D4:CB:C9:3C:07:96:6E:AB:7F:45:9D:E7:C9:28:95:31:6C:B9:C9
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/05d2e6e0-648a-472a-b287-1b954eae646d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.118.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:17:d9:f7:95:bc:49:dc:da:1a:c4:7f:af:83:b1:6f:82:ae:
         6e:7e:b1:3c:9b:9e:41:d4:af:f4:3f:ea:1e:86:58:d4:a1:39:
         da:64:f5:32:13:13:71:05:18:a4:90:af:1b:3e:79:fe:f0:b7:
         f2:ba:15:46:c9:c8:1d:9c:b0:4a:55:99:33:49:03:dd:a9:8a:
         23:b4:61:d1:d7:64:23:fc:08:07:3c:68:96:b3:44:1a:b8:e3:
         f7:34:60:3c:0d:9a:64:99:30:af:5f:ff:8c:cd:06:ad:62:3c:
         c6:c3:92:1e:45:9d:36:67:55:80:ee:7c:a6:7a:7f:a0:53:07:
         6e:07:72:0e:5a:2d:38:ad:cb:c5:5c:bb:3e:e9:15:eb:94:ca:
         d9:72:ea:8e:11:29:9b:8c:a1:fd:53:ba:14:1a:6f:a8:3e:57:
         27:54:e8:d7:4b:33:22:f7:54:db:87:08:bd:9b:64:38:57:5a:
         b3:12:35:7d:84:38:60:90:3b:3b:a9:21:c2:c9:99:cf:1d:49:
         9c:6d:02:b2:12:e3:d8:d9:06:9a:82:37:99:05:ed:b5:6b:4d:
         8f:6e:c2:53:83:7a:c2:d6:34:f3:25:3c:e5:7b:a5:17:a0:c5:
         5c:52:f6:bd:ae:9b:8f:e3:c4:af:5d:b1:3a:db:de:80:53:d0:
         b9:d9:15:cf
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUAaLpw2OhYvaMtbGligwOBw3GUf4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MjExNzAwMDZaFw0yNTA4MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc3MWMxOTUwMDY5Y2NjNjg2ZjkxYWFiMGFkYjU2N2RiNDVhZTgxMWZiMDU3
OWYzZmM2MjdkMjE4ZGNmNGYyZTExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJoRejgGeJg32fCE9euALHUnFUhzWw4tUT1sPdd8MyMsVKE39JxDxu2jYcTX
iu9X7MybgL5KoDek1uDgHwEKuL1QiJ4wuMKvMGYKyIdK8pywdnJ97vyYjqDbpqBQ
jifZX20YkpTwD+2Nb1wH5rlrIoVwVTEMFIOsV8mfYJnhBkqkxnLsBvzk+2/U7jtB
oMtn19uwhcojlD1wulzeuw9lx3xXxbP2bNfunpNHL+2YF4UZ6/Uf7Ix5M8klRB9b
+OuTzf1VLSXYcRKP2h9s69shFrtSdvNOOXtBYtAHBIAUhYlGawbq16oMuh0nk8WQ
X4+BbiO6dIVr58JFdzt4nlVnQcUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTv1MvJ
PAeWbqt/RZ3nySiVMWy5yTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MDVkMmU2ZTAtNjQ4YS00NzJhLWIyODctMWI5NTRlYWU2NDZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVN26jAN
BgkqhkiG9w0BAQsFAAOCAQEAQRfZ95W8SdzaGsR/r4Oxb4Kubn6xPJueQdSv9D/q
HoZY1KE52mT1MhMTcQUYpJCvGz55/vC38roVRsnIHZywSlWZM0kD3amKI7Rh0ddk
I/wIBzxolrNEGrjj9zRgPA2aZJkwr1//jM0GrWI8xsOSHkWdNmdVgO58pnp/oFMH
bgdyDlotOK3LxVy7PukV65TK2XLqjhEpm4yh/VO6FBpvqD5XJ1To10szIvdU24cI
vZtkOFdasxI1fYQ4YJA7O6khwsmZzx1JnG0CshLj2NkGmoI3mQXttWtNj27CU4N6
wtY08yU85XulF6DFXFL2va6bj+PEr12xOtvegFPQudkVzw==
-----END CERTIFICATE-----
Generated at Mon Aug 4 22:11:01 2025 by rpki-client