Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0a36b38b-9bd1-4014-823d-9204a303350e.roa
File:                     0a36b38b-9bd1-4014-823d-9204a303350e.roa (raw, json)
Hash identifier:          q8knwjgCM7Lf39MqbjRELFAFQhDmWq/wKBFFn8HJwqc=
Subject key identifier:   89:85:17:D6:E9:58:4F:CB:B0:2C:7F:4D:F8:20:8E:9B:CD:31:5C:CE
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       0C21876BF01B52730B0D33D03111F37762A5DEBA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0a36b38b-9bd1-4014-823d-9204a303350e.roa
Signing time:             Mon 14 Jul 2025 15:40:08 +0000
ROA not before:           Mon 14 Jul 2025 15:40:08 +0000
ROA not after:            Mon 18 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.21.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:21:87:6b:f0:1b:52:73:0b:0d:33:d0:31:11:f3:77:62:a5:de:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 14 15:40:08 2025 GMT
            Not After : Aug 18 23:59:59 2025 GMT
        Subject: serialNumber=4a26cfa2d1219e50b3572967317165b78f03aa2d2d76b9472f03218aadbd0855, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:27:60:e0:a8:a5:95:cd:15:a1:2d:09:55:13:
                    46:ab:1f:98:97:34:ff:5e:3a:09:cd:0d:ea:5f:b6:
                    91:62:50:21:2e:c8:de:75:41:69:2d:3e:9f:d9:b5:
                    1c:61:24:24:ba:63:c4:99:1f:6b:35:31:b1:49:91:
                    90:c7:ca:04:71:f9:0c:7c:59:9e:83:6b:43:6d:d3:
                    6d:64:0c:7f:08:2f:4e:d2:b3:56:4a:09:f8:36:b3:
                    ca:bc:93:23:41:34:2a:2c:76:35:24:64:33:d8:03:
                    79:5a:a1:eb:b0:5f:2a:2c:10:95:85:43:e3:a3:e5:
                    f7:3c:94:b7:9b:4e:f0:8b:62:79:86:61:56:ad:c0:
                    49:75:54:38:15:6b:a6:0e:87:2a:e6:fe:3c:c8:4b:
                    b3:27:07:9b:62:c6:8a:8f:08:8d:fe:7d:50:27:88:
                    7d:09:3b:56:9b:55:23:15:f3:10:7b:10:d6:3c:22:
                    43:9e:ca:8a:3b:32:46:a8:8f:4c:60:64:05:01:a5:
                    c2:3f:51:01:1b:8c:00:d5:b8:f8:c4:d1:0a:75:b6:
                    4b:3d:27:1f:3d:25:ff:3b:f1:f7:62:82:4c:01:15:
                    02:e0:e0:4f:5b:3b:3f:07:35:61:a6:3f:41:01:ac:
                    49:58:9c:8e:bc:ee:77:65:67:04:d4:b6:f7:80:ee:
                    bf:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:85:17:D6:E9:58:4F:CB:B0:2C:7F:4D:F8:20:8E:9B:CD:31:5C:CE
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/0a36b38b-9bd1-4014-823d-9204a303350e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.21.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:d7:c3:48:30:43:8f:a0:db:c4:ee:94:b7:73:b3:34:00:f8:
         72:89:42:54:c8:93:ee:f0:54:d5:a7:5c:6c:8e:8f:27:6a:7d:
         3d:2b:f1:36:ef:20:41:72:67:06:66:02:b2:21:cf:30:79:2a:
         8c:06:90:c4:39:6b:7a:b3:f4:af:02:f4:d4:fb:4a:13:35:9e:
         5c:3e:e8:b8:85:18:2b:1b:eb:f4:be:e5:3b:bd:de:5e:32:78:
         70:84:ca:d4:ad:b4:ff:15:1e:de:3b:e0:2a:eb:f3:dc:a9:46:
         90:ae:7c:09:91:fe:49:39:0b:53:75:29:af:fa:7a:d9:95:84:
         8d:f2:0a:be:72:3a:66:fb:6a:1a:76:cc:ab:a9:a6:fc:75:31:
         e6:ba:d6:92:93:f3:1c:f7:6d:20:f8:5d:95:63:01:5c:67:37:
         f9:0f:f5:3e:16:7a:93:79:a7:b4:28:d9:cd:ca:2b:34:41:a2:
         cf:40:ce:d3:39:73:1a:db:34:af:69:fd:40:45:89:d1:30:2c:
         3c:97:bb:38:4a:7b:13:16:d6:34:85:78:1f:2b:61:a7:f9:7f:
         5b:13:4d:11:03:59:23:6a:64:f7:f7:f7:5e:5e:ac:08:77:38:
         a7:a6:8c:92:a2:15:92:7f:64:de:b9:c3:bb:c1:30:c6:74:33:
         ce:64:51:e0
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUDCGHa/AbUnMLDTPQMRHzd2Kl3rowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTQxNTQwMDhaFw0yNTA4MTgyMzU5NTlaMHoxSTBHBgNV
BAUTQDRhMjZjZmEyZDEyMTllNTBiMzU3Mjk2NzMxNzE2NWI3OGYwM2FhMmQyZDc2
Yjk0NzJmMDMyMThhYWRiZDA4NTUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJInYOCopZXNFaEtCVUTRqsfmJc0/146Cc0N6l+2kWJQIS7I3nVBaS0+n9m1
HGEkJLpjxJkfazUxsUmRkMfKBHH5DHxZnoNrQ23TbWQMfwgvTtKzVkoJ+DazyryT
I0E0Kix2NSRkM9gDeVqh67BfKiwQlYVD46Pl9zyUt5tO8ItieYZhVq3ASXVUOBVr
pg6HKub+PMhLsycHm2LGio8Ijf59UCeIfQk7VptVIxXzEHsQ1jwiQ57KijsyRqiP
TGBkBQGlwj9RARuMANW4+MTRCnW2Sz0nHz0l/zvx92KCTAEVAuDgT1s7Pwc1YaY/
QQGsSVicjrzud2VnBNS294Duv+kCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSJhRfW
6VhPy7Asf034II6bzTFczjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MGEzNmIzOGItOWJkMS00MDE0LTgyM2QtOTIwNGEzMDMzNTBlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADMVtzAN
BgkqhkiG9w0BAQsFAAOCAQEAUtfDSDBDj6DbxO6Ut3OzNAD4colCVMiT7vBU1adc
bI6PJ2p9PSvxNu8gQXJnBmYCsiHPMHkqjAaQxDlrerP0rwL01PtKEzWeXD7ouIUY
Kxvr9L7lO73eXjJ4cITK1K20/xUe3jvgKuvz3KlGkK58CZH+STkLU3Upr/p62ZWE
jfIKvnI6ZvtqGnbMq6mm/HUx5rrWkpPzHPdtIPhdlWMBXGc3+Q/1PhZ6k3mntCjZ
zcorNEGiz0DO0zlzGts0r2n9QEWJ0TAsPJe7OEp7ExbWNIV4Hythp/l/WxNNEQNZ
I2pk9/f3Xl6sCHc4p6aMkqIVkn9k3rnDu8EwxnQzzmRR4A==
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:37:29 2025 by rpki-client