Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/18d9a632-05fe-446e-aca9-1adb271dcda8.roa
File:                     18d9a632-05fe-446e-aca9-1adb271dcda8.roa (raw, json)
Hash identifier:          bmKm4rUHJluvpewORWuKxfOECdj9kMFTa/Qahb0NB/8=
Subject key identifier:   C5:2B:F9:30:24:A8:40:37:43:1A:7F:FA:2E:A6:1C:66:CB:C6:F1:AB
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       28D73845F94243DACBA63F04D9AE42E182F11CC8
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/18d9a632-05fe-446e-aca9-1adb271dcda8.roa
Signing time:             Fri 11 Jul 2025 21:01:00 +0000
ROA not before:           Fri 11 Jul 2025 21:01:00 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.196.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:d7:38:45:f9:42:43:da:cb:a6:3f:04:d9:ae:42:e1:82:f1:1c:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 11 21:01:00 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=745bd63582909719d43e093e0453fdf7190aa5c5775e773a2711dedd2fddfac0, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:0a:6a:22:60:4a:11:a3:76:9d:9d:17:d9:4f:
                    6e:50:9e:9b:b6:30:19:c7:40:a8:84:5b:94:e4:4c:
                    b5:05:1f:6f:96:5d:8c:39:cc:23:61:b1:85:1a:c8:
                    76:47:df:00:11:1d:4d:dd:06:90:53:b8:fc:d7:13:
                    ba:09:e6:8c:25:a2:61:3d:19:d5:93:8d:64:cd:35:
                    5e:09:b7:e0:de:02:95:72:43:c3:4a:6c:ed:a1:7b:
                    ec:5b:fd:08:06:f2:4b:93:0a:33:61:c1:d6:e2:c8:
                    1e:2d:7d:5a:68:22:f6:0f:19:04:e2:42:2a:7f:70:
                    3b:e6:48:39:92:7f:1e:67:b6:1c:f9:87:53:db:7b:
                    be:fa:2f:39:5f:49:c2:1a:bb:57:01:68:6c:3e:68:
                    21:d9:f1:c3:44:4a:ad:b9:34:35:d7:80:46:bb:f9:
                    85:de:79:56:f5:be:c1:e3:83:2a:55:56:b2:80:6f:
                    23:5a:62:9a:fd:08:bf:1c:1f:c0:b1:3f:43:19:6e:
                    42:ec:38:65:89:80:ef:87:2a:bc:6a:45:74:30:1b:
                    01:49:92:11:3f:15:e7:11:f3:07:42:21:3a:a9:96:
                    80:4a:00:0e:ae:02:c7:7b:fe:43:1c:e1:df:a1:ae:
                    a4:3a:42:a4:a2:30:fe:76:0f:d6:97:7f:52:14:9f:
                    49:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:2B:F9:30:24:A8:40:37:43:1A:7F:FA:2E:A6:1C:66:CB:C6:F1:AB
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/18d9a632-05fe-446e-aca9-1adb271dcda8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.196.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         8e:97:9e:f6:94:01:2a:68:31:8a:29:24:93:b8:05:2b:b3:dd:
         2e:ee:03:b9:2f:e0:a1:21:17:1f:0b:58:ed:af:da:38:f9:c9:
         eb:72:eb:c8:a2:77:e1:30:e8:61:98:f6:36:dd:1a:2e:7f:e4:
         71:cc:3e:ba:e4:fc:63:0a:33:61:5f:b3:4d:d1:f5:a5:52:83:
         d8:20:7a:5a:bf:dc:53:f2:9e:e1:fe:e7:98:f7:ca:98:94:3e:
         59:fd:c2:b0:0e:4b:0c:8f:70:5a:78:06:41:a7:80:f6:61:21:
         82:24:ce:e5:7b:89:bd:7c:f6:17:75:d0:75:e5:6f:fe:a7:07:
         8a:b4:f7:e1:59:f7:0f:46:36:61:f9:49:65:43:e8:37:a0:f6:
         87:21:f3:b6:0d:d4:2d:84:f1:eb:59:ca:98:e8:7e:5d:35:99:
         27:5f:91:ed:14:b7:a9:e9:26:26:f0:e0:4a:67:90:61:03:8b:
         23:d4:7c:3c:02:ac:a1:55:77:be:46:b7:9b:b9:4a:33:d9:b4:
         61:3c:8b:80:12:55:51:49:54:48:a9:73:79:3b:a4:7c:6b:6c:
         07:58:b6:07:80:65:57:5a:b2:a1:8b:bb:09:cf:c7:2c:52:c1:
         5a:7c:66:6e:68:a4:e4:37:e5:9d:ab:21:49:1c:7d:53:83:d5:
         9b:26:41:21
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUKNc4RflCQ9rLpj8E2a5C4YLxHMgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMTAxMDBaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc0NWJkNjM1ODI5MDk3MTlkNDNlMDkzZTA0NTNmZGY3MTkwYWE1YzU3NzVl
NzczYTI3MTFkZWRkMmZkZGZhYzAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANgKaiJgShGjdp2dF9lPblCem7YwGcdAqIRblORMtQUfb5ZdjDnMI2GxhRrI
dkffABEdTd0GkFO4/NcTugnmjCWiYT0Z1ZONZM01Xgm34N4ClXJDw0ps7aF77Fv9
CAbyS5MKM2HB1uLIHi19Wmgi9g8ZBOJCKn9wO+ZIOZJ/Hme2HPmHU9t7vvovOV9J
whq7VwFobD5oIdnxw0RKrbk0NdeARrv5hd55VvW+weODKlVWsoBvI1pimv0Ivxwf
wLE/QxluQuw4ZYmA74cqvGpFdDAbAUmSET8V5xHzB0IhOqmWgEoADq4Cx3v+Qxzh
36GupDpCpKIw/nYP1pd/UhSfSesCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTFK/kw
JKhAN0Maf/ouphxmy8bxqzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MThkOWE2MzItMDVmZS00NDZlLWFjYTktMWFkYjI3MWRjZGE4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPEMA0G
CSqGSIb3DQEBCwUAA4IBAQCOl572lAEqaDGKKSSTuAUrs90u7gO5L+ChIRcfC1jt
r9o4+cnrcuvIonfhMOhhmPY23Rouf+RxzD665PxjCjNhX7NN0fWlUoPYIHpav9xT
8p7h/ueY98qYlD5Z/cKwDksMj3BaeAZBp4D2YSGCJM7le4m9fPYXddB15W/+pweK
tPfhWfcPRjZh+UllQ+g3oPaHIfO2DdQthPHrWcqY6H5dNZknX5HtFLep6SYm8OBK
Z5BhA4sj1Hw8AqyhVXe+RrebuUoz2bRhPIuAElVRSVRIqXN5O6R8a2wHWLYHgGVX
WrKhi7sJz8csUsFafGZuaKTkN+WdqyFJHH1Tg9WbJkEh
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:38:17 2025 by rpki-client