Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/16337db0-8420-40f0-982b-9d50c20f4e08.roa
File:                     16337db0-8420-40f0-982b-9d50c20f4e08.roa (raw, json)
Hash identifier:          S1aKnBsPMkDgtGpVh1KyFssofk5B6G8d8cGF+5hGR0I=
Subject key identifier:   62:DE:28:71:AC:6D:2D:C8:B3:3E:7F:5F:56:45:A9:0D:F1:76:03:3B
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       0B2621C5D5ED1C195BDEE1ADCB951AAF3B112A8C
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/16337db0-8420-40f0-982b-9d50c20f4e08.roa
Signing time:             Fri 11 Jul 2025 20:51:00 +0000
ROA not before:           Fri 11 Jul 2025 20:51:00 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        193.57.254.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:26:21:c5:d5:ed:1c:19:5b:de:e1:ad:cb:95:1a:af:3b:11:2a:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 11 20:51:00 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=3bf51a5e5812aa5ec520a861903826db794d628d55f065885a3b93b0a1643934, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e1:a4:c7:76:89:b4:d8:ab:51:e4:03:65:26:
                    51:6b:d8:54:11:6e:c4:bb:c2:3c:54:11:1f:2a:d0:
                    03:26:7e:3f:2b:ee:0b:53:13:03:0d:55:81:9b:e4:
                    4f:4e:fe:b8:a5:e6:51:ab:12:a8:67:75:b6:11:ff:
                    7a:93:6c:9a:35:4d:a3:9d:fa:fa:94:f3:09:8b:65:
                    70:0d:fd:5b:c3:28:b0:1e:e5:f3:f3:21:72:e1:71:
                    a3:27:85:4a:48:d8:38:9e:2b:1b:bf:5d:de:1d:b3:
                    64:71:c4:21:80:62:28:71:9e:b2:2c:f1:3e:9d:fc:
                    ba:92:05:bc:79:bf:53:9a:33:da:28:80:8a:7f:93:
                    f1:04:32:e4:0d:a2:e3:3c:08:f7:a8:e9:43:fe:4f:
                    76:6d:49:2b:0c:7e:5c:3c:17:68:1e:90:ad:c8:81:
                    ee:ae:c8:5d:e1:98:f2:36:34:a4:b8:c7:d9:81:ee:
                    89:c5:ff:31:dc:a1:1b:c0:12:fe:85:0f:7d:c9:27:
                    ab:48:85:de:20:72:9f:43:73:a0:c9:e1:5b:6b:08:
                    5a:87:60:ce:74:da:41:c9:e8:78:d8:26:8b:64:6a:
                    e7:73:5b:77:fe:55:6d:94:4a:52:26:75:d9:fb:77:
                    9c:61:d2:c6:81:3f:73:0e:9c:46:85:c3:2c:9d:59:
                    af:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:DE:28:71:AC:6D:2D:C8:B3:3E:7F:5F:56:45:A9:0D:F1:76:03:3B
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/16337db0-8420-40f0-982b-9d50c20f4e08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:7a:36:47:f7:d7:99:0e:46:ab:46:52:de:33:81:59:34:1a:
         cc:e1:ae:83:c9:25:7d:60:c1:5e:37:dd:cb:3a:97:c0:e9:72:
         aa:63:5d:bc:dd:0d:76:f8:0b:ce:51:ca:85:71:df:88:1d:b2:
         60:e9:8a:48:3e:01:3f:74:f4:68:c5:88:48:8e:9b:b9:9f:b6:
         9a:1e:10:8f:6d:a0:92:6a:14:26:7f:54:d9:cc:cb:4f:cf:44:
         a5:ce:4f:0e:17:00:b1:92:b4:0a:68:3e:74:a7:7e:ea:2f:0a:
         44:3b:c2:5b:0e:f9:9a:c6:1d:5b:95:6d:0b:b1:46:56:46:c9:
         82:57:eb:0e:6b:fe:51:be:6f:04:1f:a1:fe:30:e8:9e:55:6d:
         81:97:da:43:4f:1c:1a:5f:87:ac:a9:7c:18:2c:b2:c4:9a:0b:
         c0:95:b2:e2:c2:7d:39:8b:e0:03:ef:77:da:87:bd:50:14:36:
         c2:50:e2:82:2c:2f:1a:72:64:34:95:e5:25:38:6d:2d:ee:c8:
         74:4e:26:99:0e:e1:28:04:f1:ef:f9:ab:00:10:c2:ec:44:d4:
         11:99:19:9c:01:40:82:02:bf:dc:f1:72:b0:5b:ae:93:0c:c1:
         20:fb:11:10:01:16:e0:58:7a:d6:33:6d:dc:a1:08:8d:07:d8:
         9a:46:16:fa
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUCyYhxdXtHBlb3uGty5UarzsRKowwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMDUxMDBaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDNiZjUxYTVlNTgxMmFhNWVjNTIwYTg2MTkwMzgyNmRiNzk0ZDYyOGQ1NWYw
NjU4ODVhM2I5M2IwYTE2NDM5MzQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJvhpMd2ibTYq1HkA2UmUWvYVBFuxLvCPFQRHyrQAyZ+PyvuC1MTAw1VgZvk
T07+uKXmUasSqGd1thH/epNsmjVNo536+pTzCYtlcA39W8MosB7l8/MhcuFxoyeF
SkjYOJ4rG79d3h2zZHHEIYBiKHGesizxPp38upIFvHm/U5oz2iiAin+T8QQy5A2i
4zwI96jpQ/5Pdm1JKwx+XDwXaB6QrciB7q7IXeGY8jY0pLjH2YHuicX/MdyhG8AS
/oUPfcknq0iF3iByn0NzoMnhW2sIWodgznTaQcnoeNgmi2Rq53Nbd/5VbZRKUiZ1
2ft3nGHSxoE/cw6cRoXDLJ1Zr1ECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRi3ihx
rG0tyLM+f19WRakN8XYDOzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MTYzMzdkYjAtODQyMC00MGYwLTk4MmItOWQ1MGMyMGY0ZTA4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcE5/jAN
BgkqhkiG9w0BAQsFAAOCAQEAGHo2R/fXmQ5Gq0ZS3jOBWTQazOGug8klfWDBXjfd
yzqXwOlyqmNdvN0NdvgLzlHKhXHfiB2yYOmKSD4BP3T0aMWISI6buZ+2mh4Qj22g
kmoUJn9U2czLT89Epc5PDhcAsZK0Cmg+dKd+6i8KRDvCWw75msYdW5VtC7FGVkbJ
glfrDmv+Ub5vBB+h/jDonlVtgZfaQ08cGl+HrKl8GCyyxJoLwJWy4sJ9OYvgA+93
2oe9UBQ2wlDigiwvGnJkNJXlJThtLe7IdE4mmQ7hKATx7/mrABDC7ETUEZkZnAFA
ggK/3PFysFuukwzBIPsREAEW4Fh61jNt3KEIjQfYmkYW+g==
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:38:50 2025 by rpki-client