Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2dbc9912-b766-4000-9f7c-cb9e37916980.roa
File:                     2dbc9912-b766-4000-9f7c-cb9e37916980.roa (raw, json)
Hash identifier:          rWwlo5TgQg4fOff/67tK0bOyFTWWQqDqK9ku6j8EQ7E=
Subject key identifier:   2F:08:85:05:7D:3F:1C:F2:09:FE:72:63:C2:13:58:6C:FB:89:4A:ED
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       21FFAF29BF419E3841849F49410021E616073EA1
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2dbc9912-b766-4000-9f7c-cb9e37916980.roa
Signing time:             Tue 03 Jun 2025 16:30:13 +0000
ROA not before:           Tue 03 Jun 2025 16:30:13 +0000
ROA not after:            Tue 08 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        83.119.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:ff:af:29:bf:41:9e:38:41:84:9f:49:41:00:21:e6:16:07:3e:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun  3 16:30:13 2025 GMT
            Not After : Jul  8 23:59:59 2025 GMT
        Subject: serialNumber=72eba5ab398f7532936bf6a006882a1950f6ef3882e0ad73ffc873550cf0a889, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7b:86:c2:31:75:bd:e3:09:95:75:a6:dd:85:
                    cf:20:04:2b:09:b2:a9:58:bb:83:e0:d0:a8:3f:01:
                    c8:20:00:92:e5:f5:e1:06:35:6c:41:e4:04:c6:6b:
                    32:0e:3c:74:8b:12:db:40:f5:10:17:76:ba:f2:34:
                    ab:11:bb:1c:d2:c8:4b:84:ee:4c:1e:f7:f5:24:13:
                    ca:5b:1e:85:ca:b3:d0:65:53:5c:71:e8:ad:1c:f9:
                    da:7e:80:38:e2:d3:28:c8:68:36:87:45:c3:1d:76:
                    54:29:50:cc:67:61:f1:2c:fb:88:18:fe:70:ba:72:
                    a4:a7:9c:50:3f:03:8c:96:88:46:35:b4:9d:30:47:
                    70:cb:a6:43:92:83:cd:1a:73:b0:73:ce:0a:bc:63:
                    5f:a6:1c:e1:27:4e:c8:c6:1f:a0:71:a2:d4:8c:07:
                    81:3a:17:bd:3b:6f:8c:37:c0:da:13:a8:bf:f9:2b:
                    e5:31:07:02:10:f7:86:bc:2f:89:bd:1c:47:fa:b1:
                    cf:83:05:0e:ae:f2:f7:05:a3:c7:6d:d8:a1:2f:a1:
                    c0:f1:02:29:b9:2c:f3:ab:2b:de:a1:3a:43:43:67:
                    b8:ed:f7:f1:d5:0f:36:0f:8f:50:f6:d3:55:84:41:
                    73:e1:95:33:69:7b:b1:a7:d9:97:d3:1c:1a:6c:05:
                    ec:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:08:85:05:7D:3F:1C:F2:09:FE:72:63:C2:13:58:6C:FB:89:4A:ED
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2dbc9912-b766-4000-9f7c-cb9e37916980.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.119.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         35:8b:61:19:0c:32:62:8f:fb:6f:37:e4:36:4e:ea:40:a9:82:
         c4:07:b9:ca:ad:c4:fd:aa:2c:fc:f9:4b:c4:7a:32:22:e5:f2:
         a1:5f:37:bb:9d:21:ff:ed:60:1a:61:99:70:94:5a:15:69:52:
         ba:d0:f3:67:ad:4a:98:74:b9:a5:9b:40:77:67:83:21:ae:9f:
         e1:da:ab:d5:4d:24:ef:3f:f2:fc:f0:97:7b:3d:7c:b4:17:d6:
         bc:8d:3d:5b:27:c7:a9:3f:db:ad:8b:45:fb:f9:0d:13:54:4f:
         66:1e:eb:83:17:34:1d:f1:d3:91:0e:73:12:03:59:81:f2:e8:
         65:03:1d:69:ac:18:a4:a6:9b:c5:5a:cd:d3:fd:79:41:b5:74:
         7c:27:0b:16:7b:27:28:f0:00:7f:23:42:b9:6f:db:3b:6a:99:
         0e:2a:13:62:f4:5c:d3:c5:02:53:1f:b9:a6:67:18:6b:b7:34:
         e9:54:39:64:03:52:4c:90:4e:7e:a0:ad:c1:24:c3:a7:a8:b0:
         99:16:f1:a2:49:f3:cc:cc:73:94:5b:d0:ea:28:dd:f4:82:5d:
         fa:22:b2:de:8b:b5:67:5f:19:45:8a:ec:ea:23:d1:66:d4:5f:
         2e:24:46:1f:76:57:a8:4e:be:a8:f6:a0:33:a6:eb:66:55:3b:
         6e:b1:90:6a
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUIf+vKb9BnjhBhJ9JQQAh5hYHPqEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA2MDMxNjMwMTNaFw0yNTA3MDgyMzU5NTlaMHoxSTBHBgNV
BAUTQDcyZWJhNWFiMzk4Zjc1MzI5MzZiZjZhMDA2ODgyYTE5NTBmNmVmMzg4MmUw
YWQ3M2ZmYzg3MzU1MGNmMGE4ODkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALp7hsIxdb3jCZV1pt2FzyAEKwmyqVi7g+DQqD8ByCAAkuX14QY1bEHkBMZr
Mg48dIsS20D1EBd2uvI0qxG7HNLIS4TuTB739SQTylsehcqz0GVTXHHorRz52n6A
OOLTKMhoNodFwx12VClQzGdh8Sz7iBj+cLpypKecUD8DjJaIRjW0nTBHcMumQ5KD
zRpzsHPOCrxjX6Yc4SdOyMYfoHGi1IwHgToXvTtvjDfA2hOov/kr5TEHAhD3hrwv
ib0cR/qxz4MFDq7y9wWjx23YoS+hwPECKbks86sr3qE6Q0NnuO338dUPNg+PUPbT
VYRBc+GVM2l7safZl9McGmwF7C0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQvCIUF
fT8c8gn+cmPCE1hs+4lK7TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MmRiYzk5MTItYjc2Ni00MDAwLTlmN2MtY2I5ZTM3OTE2OTgwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBlN3gDAN
BgkqhkiG9w0BAQsFAAOCAQEANYthGQwyYo/7bzfkNk7qQKmCxAe5yq3E/aos/PlL
xHoyIuXyoV83u50h/+1gGmGZcJRaFWlSutDzZ61KmHS5pZtAd2eDIa6f4dqr1U0k
7z/y/PCXez18tBfWvI09WyfHqT/brYtF+/kNE1RPZh7rgxc0HfHTkQ5zEgNZgfLo
ZQMdaawYpKabxVrN0/15QbV0fCcLFnsnKPAAfyNCuW/bO2qZDioTYvRc08UCUx+5
pmcYa7c06VQ5ZANSTJBOfqCtwSTDp6iwmRbxoknzzMxzlFvQ6ijd9IJd+iKy3ou1
Z18ZRYrs6iPRZtRfLiRGH3ZXqE6+qPagM6brZlU7brGQag==
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:56:02 2025 by rpki-client