Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/09ec97ca-044e-4785-bdd4-fcf9e8d514ca.roa
File:                     09ec97ca-044e-4785-bdd4-fcf9e8d514ca.roa (raw, json)
Hash identifier:          gBBma7vubyNpbeeGP2zfRXVtQ1gWOntNm6QnerdG0kI=
Subject key identifier:   A2:02:0E:A7:1E:CE:21:95:13:B6:52:3E:14:61:66:7B:67:BE:D9:82
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       0452E06A661BF3FDAFF4E7ABF80A5E7A7954C35E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/09ec97ca-044e-4785-bdd4-fcf9e8d514ca.roa
Signing time:             Fri 11 Jul 2025 20:50:17 +0000
ROA not before:           Fri 11 Jul 2025 20:50:17 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.122.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:52:e0:6a:66:1b:f3:fd:af:f4:e7:ab:f8:0a:5e:7a:79:54:c3:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 11 20:50:17 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=51766e580f7b458542cac79c397301fe885813a21fc2560451fedc5b6c966f49, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:5a:97:8d:9e:57:97:cb:3c:42:44:3f:59:c5:
                    b2:2e:18:a4:6d:86:00:d7:2b:06:24:2c:ab:7c:91:
                    37:9f:94:01:c7:b1:16:62:48:8d:1a:e7:92:0c:f1:
                    35:a4:eb:8d:18:12:7a:4f:7a:be:c0:78:e8:c8:8a:
                    58:a2:79:eb:53:fc:9e:4d:5f:b4:df:05:dc:fb:ca:
                    8b:7c:86:0c:57:74:ca:5f:a4:7a:c9:d0:35:28:58:
                    4b:6c:9c:c6:e3:15:25:9e:79:b0:3b:e4:04:d1:79:
                    b6:d1:06:b1:34:43:c0:42:f4:b4:f0:1d:83:a3:43:
                    fa:46:44:0e:2c:e1:f0:84:03:1b:d5:21:c7:3e:91:
                    b9:de:92:f2:ea:9e:77:ab:13:4e:f5:ee:28:30:cb:
                    92:6a:b8:2e:17:a5:d0:3a:81:ac:a1:bf:c9:38:5e:
                    84:4a:8c:9b:87:4c:8b:00:8d:a5:56:4b:e2:5a:61:
                    01:db:6d:e8:b7:56:67:ee:e3:ff:3a:3d:04:f0:56:
                    ee:10:fd:14:ba:47:44:2d:f2:ab:b9:7c:f2:9e:c8:
                    7c:09:ee:0f:1f:e2:e8:2f:de:a9:4a:f1:e6:c7:ca:
                    73:43:15:53:5f:2c:60:6f:10:68:2a:67:d9:d1:45:
                    9f:25:ed:aa:ed:d1:d9:15:f4:b1:61:02:31:f2:7f:
                    0d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:02:0E:A7:1E:CE:21:95:13:B6:52:3E:14:61:66:7B:67:BE:D9:82
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/09ec97ca-044e-4785-bdd4-fcf9e8d514ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.122.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         4f:dc:95:6e:cb:77:3c:f9:a7:11:09:1c:91:bd:af:10:a0:02:
         1e:af:ef:81:85:0d:e0:96:f7:fd:e2:a5:14:14:f2:c3:e2:e5:
         5d:89:2a:4f:60:b0:03:f9:56:c3:22:8d:5b:8e:a2:34:37:01:
         a9:ab:87:6b:ce:12:3b:2c:dc:81:08:79:a5:e1:eb:13:ff:a6:
         72:87:69:db:ac:3b:2f:2a:0b:58:ba:cc:45:9b:6b:f1:f3:74:
         a1:5e:22:73:9b:9e:b4:56:57:e8:2e:8b:f4:29:f0:9b:94:8f:
         41:53:7f:13:2c:f0:81:ba:42:c9:12:06:f0:e5:5a:1f:8c:b1:
         d4:e4:45:30:ee:31:cc:29:ac:f5:ca:ed:e1:75:b2:a6:8e:f3:
         d8:c7:7a:7e:e7:87:5d:20:55:32:09:e6:e7:d6:40:b8:0c:bb:
         c5:2c:93:70:70:0b:5f:c6:b4:13:aa:94:6c:30:ac:05:68:51:
         56:2e:8d:5d:49:ae:39:23:9e:0e:f0:5a:d0:04:24:fc:c0:4c:
         c3:0f:9b:ef:90:ad:e1:d2:35:9b:f5:41:7f:e8:dc:10:2d:7c:
         c5:10:23:84:80:74:ff:d2:ba:2d:09:63:30:52:3b:1b:1e:f5:
         4b:9d:c5:e8:ca:bd:69:57:d2:36:33:36:2c:2d:bc:b6:ba:58:
         23:ab:ee:5c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUBFLgamYb8/2v9Oer+ApeenlUw14wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMDUwMTdaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDUxNzY2ZTU4MGY3YjQ1ODU0MmNhYzc5YzM5NzMwMWZlODg1ODEzYTIxZmMy
NTYwNDUxZmVkYzViNmM5NjZmNDkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMVal42eV5fLPEJEP1nFsi4YpG2GANcrBiQsq3yRN5+UAcexFmJIjRrnkgzx
NaTrjRgSek96vsB46MiKWKJ561P8nk1ftN8F3PvKi3yGDFd0yl+kesnQNShYS2yc
xuMVJZ55sDvkBNF5ttEGsTRDwEL0tPAdg6ND+kZEDizh8IQDG9Uhxz6Rud6S8uqe
d6sTTvXuKDDLkmq4Lhel0DqBrKG/yThehEqMm4dMiwCNpVZL4lphAdtt6LdWZ+7j
/zo9BPBW7hD9FLpHRC3yq7l88p7IfAnuDx/i6C/eqUrx5sfKc0MVU18sYG8QaCpn
2dFFnyXtqu3R2RX0sWECMfJ/DTkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSiAg6n
Hs4hlRO2Uj4UYWZ7Z77ZgjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MDllYzk3Y2EtMDQ0ZS00Nzg1LWJkZDQtZmNmOWU4ZDUxNGNhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATN6MA0G
CSqGSIb3DQEBCwUAA4IBAQBP3JVuy3c8+acRCRyRva8QoAIer++BhQ3glvf94qUU
FPLD4uVdiSpPYLAD+VbDIo1bjqI0NwGpq4drzhI7LNyBCHml4esT/6Zyh2nbrDsv
KgtYusxFm2vx83ShXiJzm560VlfoLov0KfCblI9BU38TLPCBukLJEgbw5VofjLHU
5EUw7jHMKaz1yu3hdbKmjvPYx3p+54ddIFUyCebn1kC4DLvFLJNwcAtfxrQTqpRs
MKwFaFFWLo1dSa45I54O8FrQBCT8wEzDD5vvkK3h0jWb9UF/6NwQLXzFECOEgHT/
0rotCWMwUjsbHvVLncXoyr1pV9I2MzYsLby2ulgjq+5c
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:44:18 2025 by rpki-client