Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/277d74fd-3101-4a9b-8f2a-9bfd9dc55230.roa
File:                     277d74fd-3101-4a9b-8f2a-9bfd9dc55230.roa (raw, json)
Hash identifier:          O7CvMaBTY4ZbRVAI98v4dobtMDW6I8x3J/sAZgqgnjE=
Subject key identifier:   36:1E:E9:29:E9:F7:F8:6A:33:FC:2F:8C:E8:6B:9C:5C:2C:4C:69:72
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       4AA056DAEC5D20AB717B5381CAF85A867BA4E7E5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/277d74fd-3101-4a9b-8f2a-9bfd9dc55230.roa
Signing time:             Mon 28 Jul 2025 16:10:02 +0000
ROA not before:           Mon 28 Jul 2025 16:10:02 +0000
ROA not after:            Mon 01 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.118.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:46:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:a0:56:da:ec:5d:20:ab:71:7b:53:81:ca:f8:5a:86:7b:a4:e7:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 28 16:10:02 2025 GMT
            Not After : Sep  1 23:59:59 2025 GMT
        Subject: serialNumber=f6e94e84fe7f5edb9aa40b2e2404acd0c58580708de1350423ed2136f78e1ef6, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:1a:e0:43:8e:1d:21:4b:99:43:5d:9c:f4:cc:
                    1d:9d:db:bf:0b:50:ef:5a:63:51:10:e2:9c:e2:24:
                    b5:4a:e8:f5:dd:bd:0b:39:e1:f4:a8:a0:8c:80:ac:
                    a4:32:16:77:ff:26:3e:35:c6:51:fb:a9:c3:a1:c7:
                    15:9d:3b:83:bb:ee:e0:cf:27:f0:9f:cb:48:42:01:
                    46:a5:fe:d8:55:a9:df:f1:06:fb:a0:b6:82:26:16:
                    fc:61:d7:e6:f7:0d:15:f5:6f:1e:41:f5:48:0c:9a:
                    82:cb:b8:ea:32:00:f7:1a:c1:f7:27:51:ef:e2:c1:
                    c9:d0:49:0e:d0:f5:95:e6:e0:66:1b:4a:11:12:e1:
                    97:e4:22:cf:70:63:3c:90:6b:4b:d2:03:e1:80:20:
                    b6:44:cd:d6:a9:70:16:60:ce:c8:b0:68:45:ac:f1:
                    33:fc:6e:bc:ec:2a:96:29:38:9c:3f:8f:30:81:e5:
                    c7:70:a6:87:24:e5:dd:55:ec:7c:e5:70:60:fe:ba:
                    c9:f9:d5:db:f2:97:86:f4:70:8a:df:dd:53:0d:76:
                    08:09:02:4c:8a:97:98:29:94:07:aa:7d:55:df:19:
                    76:f8:e8:39:48:3b:a6:c0:28:96:b1:7d:9a:25:d6:
                    84:e5:7e:3b:0e:14:ff:e3:61:2e:5a:a1:a9:53:24:
                    5a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:1E:E9:29:E9:F7:F8:6A:33:FC:2F:8C:E8:6B:9C:5C:2C:4C:69:72
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/277d74fd-3101-4a9b-8f2a-9bfd9dc55230.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.118.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8e:4e:7a:51:f0:20:c3:cd:8c:ce:34:b1:74:36:7b:dd:0c:83:
         e0:92:ee:db:f2:68:61:60:26:34:e2:80:74:72:32:6d:c8:79:
         91:dd:35:c7:cc:c5:6d:99:23:27:c0:5f:17:3f:2b:6b:cc:34:
         a8:6a:3e:85:fd:ed:62:3b:9f:e9:0c:d9:9d:f0:0b:c2:1b:bf:
         1c:3f:41:29:7a:9c:33:60:c6:a3:e6:2c:f6:d5:3c:c7:3e:cf:
         e5:89:d4:64:6f:37:ef:c7:8b:0b:ec:25:bd:74:d3:0e:c1:9a:
         22:52:0f:ea:df:4b:99:67:1c:67:7d:b3:83:d5:fb:2f:77:9f:
         78:bd:55:c5:92:d3:e0:f8:5c:5e:f0:54:6c:1f:01:e2:84:5c:
         63:17:a8:21:6f:a2:47:51:28:db:66:34:fd:79:a0:ce:f3:31:
         29:ad:c0:0a:01:8e:9d:4d:4b:d4:10:05:9b:e6:25:7d:82:94:
         46:6f:8a:3a:15:92:99:c3:2a:20:ed:21:91:0a:2f:5e:c4:fe:
         0c:8a:fd:20:1a:6c:18:32:7b:3c:f7:18:3c:71:99:4e:0e:a8:
         0a:58:8e:7b:c1:7c:4d:1d:23:b1:72:93:6a:ae:30:c0:63:9c:
         5e:12:74:33:a8:61:b2:af:74:ff:1f:3f:17:c9:17:ba:f5:27:
         24:2a:3e:59
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUSqBW2uxdIKtxe1OByvhahnuk5+UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MjgxNjEwMDJaFw0yNTA5MDEyMzU5NTlaMHoxSTBHBgNV
BAUTQGY2ZTk0ZTg0ZmU3ZjVlZGI5YWE0MGIyZTI0MDRhY2QwYzU4NTgwNzA4ZGUx
MzUwNDIzZWQyMTM2Zjc4ZTFlZjYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANga4EOOHSFLmUNdnPTMHZ3bvwtQ71pjURDinOIktUro9d29Cznh9KigjICs
pDIWd/8mPjXGUfupw6HHFZ07g7vu4M8n8J/LSEIBRqX+2FWp3/EG+6C2giYW/GHX
5vcNFfVvHkH1SAyagsu46jIA9xrB9ydR7+LBydBJDtD1lebgZhtKERLhl+Qiz3Bj
PJBrS9ID4YAgtkTN1qlwFmDOyLBoRazxM/xuvOwqlik4nD+PMIHlx3CmhyTl3VXs
fOVwYP66yfnV2/KXhvRwit/dUw12CAkCTIqXmCmUB6p9Vd8ZdvjoOUg7psAolrF9
miXWhOV+Ow4U/+NhLlqhqVMkWv8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ2Hukp
6ff4ajP8L4zoa5xcLExpcjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Mjc3ZDc0ZmQtMzEwMS00YTliLThmMmEtOWJmZDlkYzU1MjMwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADN2MA0G
CSqGSIb3DQEBCwUAA4IBAQCOTnpR8CDDzYzONLF0NnvdDIPgku7b8mhhYCY04oB0
cjJtyHmR3TXHzMVtmSMnwF8XPytrzDSoaj6F/e1iO5/pDNmd8AvCG78cP0Epepwz
YMaj5iz21TzHPs/lidRkbzfvx4sL7CW9dNMOwZoiUg/q30uZZxxnfbOD1fsvd594
vVXFktPg+Fxe8FRsHwHihFxjF6ghb6JHUSjbZjT9eaDO8zEprcAKAY6dTUvUEAWb
5iV9gpRGb4o6FZKZwyog7SGRCi9exP4Miv0gGmwYMns89xg8cZlODqgKWI57wXxN
HSOxcpNqrjDAY5xeEnQzqGGyr3T/Hz8XyRe69SckKj5Z
-----END CERTIFICATE-----
Generated at Tue Aug 5 08:17:20 2025 by rpki-client