Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/15288dfc-bb6b-43a2-9ec3-7275954dae14.roa
File:                     15288dfc-bb6b-43a2-9ec3-7275954dae14.roa (raw, json)
Hash identifier:          3H+AFK0f87zc47lVuWm4yugL3szH9mb/qxQxbiKL6rE=
Subject key identifier:   8E:7B:3E:14:F0:04:B2:DE:B3:70:C9:E6:83:3B:18:6B:B8:5E:45:25
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       22CF29F0B4F6589E2AD8033EAF2AB3128F72A0FB
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/15288dfc-bb6b-43a2-9ec3-7275954dae14.roa
Signing time:             Tue 03 Jun 2025 16:30:11 +0000
ROA not before:           Tue 03 Jun 2025 16:30:11 +0000
ROA not after:            Tue 08 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        83.119.160.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:cf:29:f0:b4:f6:58:9e:2a:d8:03:3e:af:2a:b3:12:8f:72:a0:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun  3 16:30:11 2025 GMT
            Not After : Jul  8 23:59:59 2025 GMT
        Subject: serialNumber=8084ec49bf5ec6a8472f65b9da5f7697d87bcf20f23b8740c8374d07cf368ccc, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:68:6d:df:13:5e:8d:67:dc:2c:00:91:4d:cd:
                    5a:e9:4c:46:6e:31:95:b8:b3:4d:05:4b:a3:82:6d:
                    e4:7e:ff:04:d8:7c:b4:53:c7:0f:e3:66:d1:40:ee:
                    8f:b8:7f:96:15:47:99:ef:01:49:17:e1:8e:96:2e:
                    59:16:d2:02:87:0b:f6:d8:34:a0:60:76:9e:13:8f:
                    f8:3e:ff:33:da:62:fa:d7:82:8f:29:7f:9c:50:01:
                    d5:45:4f:46:f2:0b:39:e5:b5:28:43:8d:f4:4d:8a:
                    37:d0:39:f0:2a:1c:bc:6a:f9:6d:c7:e6:6d:fd:c3:
                    24:ed:ea:3a:fd:3c:74:ce:34:c9:14:4e:67:90:0b:
                    b4:81:e1:ed:41:85:a8:b1:40:40:00:a6:78:0c:04:
                    b5:ee:2f:47:a1:bb:d3:84:98:77:1f:7c:49:9b:83:
                    b7:9d:4c:c3:4c:c6:c5:a4:d4:5e:6a:42:37:8f:4a:
                    df:68:41:e2:9c:98:20:fe:16:b1:32:10:b4:9a:8e:
                    28:d4:af:1c:cb:9f:e0:69:d2:c3:96:aa:28:a0:34:
                    5a:c7:d4:ef:a2:06:ad:34:91:90:f7:d4:cf:ba:98:
                    5d:80:a1:fd:93:78:5c:ef:2c:1a:57:7d:e9:a1:84:
                    28:a9:46:8d:1f:5c:45:1f:9d:64:5c:ed:d7:3c:36:
                    1e:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:7B:3E:14:F0:04:B2:DE:B3:70:C9:E6:83:3B:18:6B:B8:5E:45:25
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/15288dfc-bb6b-43a2-9ec3-7275954dae14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.119.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2e:1a:96:47:1f:23:6a:5a:ce:7e:51:21:33:a5:17:a5:fe:95:
         a5:70:82:ef:f5:13:02:ee:64:64:15:37:0d:ed:df:4b:24:e7:
         67:9e:a6:0b:78:c2:a8:53:d3:e3:5f:ba:10:f3:e4:a1:77:5d:
         fd:ad:15:7f:1e:92:fb:53:00:e7:d5:ed:e9:d7:67:da:88:ee:
         4f:c8:6d:fa:9b:62:8d:05:7d:91:eb:f9:e5:ca:aa:42:16:36:
         bb:98:ad:8a:f3:1e:ad:bc:2c:5f:f0:85:0a:e3:5b:f7:10:e3:
         89:ab:04:ac:d7:03:ff:54:15:c5:96:08:67:f2:6e:9e:7b:56:
         44:69:77:e7:42:20:69:6d:b6:7b:e6:28:6d:78:8d:52:5a:59:
         2c:09:9b:9e:b1:a9:4f:d7:a6:6a:b9:ee:a1:12:29:a4:5b:33:
         b1:8b:a1:16:1a:c5:1c:e1:4d:53:77:17:1e:70:2a:2b:2b:d1:
         5f:ef:b8:48:94:ca:a6:a4:0d:e9:5c:ab:a0:81:6e:42:1a:67:
         d1:f7:ee:6a:c4:e8:4d:2c:db:3e:38:f8:cf:ed:85:33:5d:e9:
         35:32:37:49:67:ce:56:54:d9:c7:81:b6:0a:20:e3:e1:29:2f:
         5f:c9:bb:01:2f:c7:50:94:7a:6e:74:66:33:10:ab:3e:58:d0:
         11:d5:79:b5
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUIs8p8LT2WJ4q2AM+ryqzEo9yoPswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA2MDMxNjMwMTFaFw0yNTA3MDgyMzU5NTlaMHoxSTBHBgNV
BAUTQDgwODRlYzQ5YmY1ZWM2YTg0NzJmNjViOWRhNWY3Njk3ZDg3YmNmMjBmMjNi
ODc0MGM4Mzc0ZDA3Y2YzNjhjY2MxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJNobd8TXo1n3CwAkU3NWulMRm4xlbizTQVLo4Jt5H7/BNh8tFPHD+Nm0UDu
j7h/lhVHme8BSRfhjpYuWRbSAocL9tg0oGB2nhOP+D7/M9pi+teCjyl/nFAB1UVP
RvILOeW1KEON9E2KN9A58CocvGr5bcfmbf3DJO3qOv08dM40yRROZ5ALtIHh7UGF
qLFAQACmeAwEte4vR6G704SYdx98SZuDt51Mw0zGxaTUXmpCN49K32hB4pyYIP4W
sTIQtJqOKNSvHMuf4GnSw5aqKKA0WsfU76IGrTSRkPfUz7qYXYCh/ZN4XO8sGld9
6aGEKKlGjR9cRR+dZFzt1zw2HkMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSOez4U
8ASy3rNwyeaDOxhruF5FJTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MTUyODhkZmMtYmI2Yi00M2EyLTllYzMtNzI3NTk1NGRhZTE0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBVN3oDAN
BgkqhkiG9w0BAQsFAAOCAQEALhqWRx8jalrOflEhM6UXpf6VpXCC7/UTAu5kZBU3
De3fSyTnZ56mC3jCqFPT41+6EPPkoXdd/a0Vfx6S+1MA59Xt6ddn2ojuT8ht+pti
jQV9kev55cqqQhY2u5itivMerbwsX/CFCuNb9xDjiasErNcD/1QVxZYIZ/JunntW
RGl350IgaW22e+YobXiNUlpZLAmbnrGpT9emarnuoRIppFszsYuhFhrFHOFNU3cX
HnAqKyvRX++4SJTKpqQN6VyroIFuQhpn0ffuasToTSzbPjj4z+2FM13pNTI3SWfO
VlTZx4G2CiDj4SkvX8m7AS/HUJR6bnRmMxCrPljQEdV5tQ==
-----END CERTIFICATE-----
Generated at Sat Jun 14 23:17:40 2025 by rpki-client