Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2fc6a253-dc60-4611-8bc0-f4b11851ccf1.roa
File:                     2fc6a253-dc60-4611-8bc0-f4b11851ccf1.roa (raw, json)
Hash identifier:          knq6AtB0ZYyXso7c1Tn43P/GgHMR31JRZ1ks6BOGUxo=
Subject key identifier:   C1:09:FB:40:12:FC:05:AF:B8:DE:27:46:9E:5D:C4:42:38:82:47:D3
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       3542B1AC4F3964F65DDA5B902196F89116EFFECC
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2fc6a253-dc60-4611-8bc0-f4b11851ccf1.roa
Signing time:             Fri 11 Jul 2025 21:00:06 +0000
ROA not before:           Fri 11 Jul 2025 21:00:06 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.127.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:42:b1:ac:4f:39:64:f6:5d:da:5b:90:21:96:f8:91:16:ef:fe:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 11 21:00:06 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=27729d22abe6e87c02b49711033d036dc21e745af74d8fd969892df8949197ee, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:cb:9c:0c:05:f7:6f:70:e7:24:ae:cf:93:54:
                    81:17:8e:cc:10:28:80:92:de:82:74:46:74:e6:d5:
                    90:37:1f:0e:52:ce:b6:40:96:c4:fd:1e:6c:8c:84:
                    31:7f:c5:07:26:cc:a4:72:c3:bc:82:53:8f:12:55:
                    c7:57:48:cb:29:14:f5:84:8a:3d:f6:f7:c8:02:85:
                    ce:0a:33:6a:1b:b8:d4:a1:94:ec:12:5e:09:b4:75:
                    1a:6f:fc:5b:06:ab:6c:6a:75:86:15:bb:c7:73:f8:
                    aa:8a:f0:58:74:9a:c3:34:a3:04:d1:db:ea:8e:da:
                    ee:51:56:b0:23:c0:17:59:d2:f1:6f:60:6b:ac:1c:
                    39:85:c9:6c:01:5a:eb:06:4c:75:14:f4:98:2a:82:
                    d4:03:1a:39:36:7b:60:8b:79:f8:c1:31:17:d5:4f:
                    2d:7d:80:65:b3:cb:d8:c5:1f:c9:64:79:80:f1:f4:
                    44:6a:9b:d3:f5:de:59:c0:96:81:72:54:ed:7c:86:
                    e3:11:4f:65:28:ab:2c:2b:34:c1:17:1f:65:45:76:
                    7d:c8:68:e6:83:42:d9:49:57:cc:d6:71:91:c1:a9:
                    4e:4d:df:eb:70:7e:bc:70:a3:e9:4b:f4:10:6f:84:
                    59:62:c8:43:e2:df:15:d8:22:00:dd:34:9c:a9:3e:
                    b5:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:09:FB:40:12:FC:05:AF:B8:DE:27:46:9E:5D:C4:42:38:82:47:D3
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2fc6a253-dc60-4611-8bc0-f4b11851ccf1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.127.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ae:23:fc:e2:ac:15:3d:af:cc:d8:3c:95:c6:98:ed:6b:25:c5:
         02:ee:a7:48:6b:ac:42:85:86:86:5a:17:47:54:62:98:38:58:
         33:71:9f:b4:24:4c:dd:6f:8c:ff:ec:78:6d:47:68:98:92:28:
         a7:b8:19:de:73:3d:d2:e0:5f:2c:76:65:c6:98:10:f8:91:b7:
         0b:97:96:98:2c:5f:46:8f:24:fd:20:1e:1d:98:82:2e:97:5f:
         66:39:7e:79:e1:66:37:d5:1f:e5:63:d2:98:a5:57:a7:31:8a:
         e3:98:69:23:ec:bd:7b:2e:4a:17:e9:94:77:14:ae:b6:61:26:
         25:d9:69:70:28:1c:14:3c:49:e6:93:7b:0b:06:c3:f5:97:21:
         82:97:ec:d1:25:74:58:c8:aa:ba:52:6f:09:61:12:50:82:32:
         be:1a:62:3c:97:d4:2c:bd:66:91:cf:b4:19:41:8b:0f:e7:72:
         fc:f9:19:fa:68:b0:30:c4:8e:69:1c:0d:3d:2d:c5:c3:9e:ae:
         03:7f:ab:a2:2b:3b:57:0e:43:44:e7:e0:13:22:19:80:55:71:
         12:61:f7:d6:1f:c2:93:f4:cf:81:26:0f:a4:a5:6d:cc:0b:32:
         1d:da:a4:3c:12:fb:53:7f:1c:16:0f:9c:06:42:d5:76:0a:f1:
         00:1e:0a:70
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUNUKxrE85ZPZd2luQIZb4kRbv/swwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMTAwMDZaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDI3NzI5ZDIyYWJlNmU4N2MwMmI0OTcxMTAzM2QwMzZkYzIxZTc0NWFmNzRk
OGZkOTY5ODkyZGY4OTQ5MTk3ZWUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMbLnAwF929w5ySuz5NUgReOzBAogJLegnRGdObVkDcfDlLOtkCWxP0ebIyE
MX/FBybMpHLDvIJTjxJVx1dIyykU9YSKPfb3yAKFzgozahu41KGU7BJeCbR1Gm/8
WwarbGp1hhW7x3P4qorwWHSawzSjBNHb6o7a7lFWsCPAF1nS8W9ga6wcOYXJbAFa
6wZMdRT0mCqC1AMaOTZ7YIt5+MExF9VPLX2AZbPL2MUfyWR5gPH0RGqb0/XeWcCW
gXJU7XyG4xFPZSirLCs0wRcfZUV2fcho5oNC2UlXzNZxkcGpTk3f63B+vHCj6Uv0
EG+EWWLIQ+LfFdgiAN00nKk+tbkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTBCftA
EvwFr7jeJ0aeXcRCOIJH0zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MmZjNmEyNTMtZGM2MC00NjExLThiYzAtZjRiMTE4NTFjY2YxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADN/MA0G
CSqGSIb3DQEBCwUAA4IBAQCuI/zirBU9r8zYPJXGmO1rJcUC7qdIa6xChYaGWhdH
VGKYOFgzcZ+0JEzdb4z/7HhtR2iYkiinuBnecz3S4F8sdmXGmBD4kbcLl5aYLF9G
jyT9IB4dmIIul19mOX554WY31R/lY9KYpVenMYrjmGkj7L17LkoX6ZR3FK62YSYl
2WlwKBwUPEnmk3sLBsP1lyGCl+zRJXRYyKq6Um8JYRJQgjK+GmI8l9QsvWaRz7QZ
QYsP53L8+Rn6aLAwxI5pHA09LcXDnq4Df6uiKztXDkNE5+ATIhmAVXESYffWH8KT
9M+BJg+kpW3MCzId2qQ8EvtTfxwWD5wGQtV2CvEAHgpw
-----END CERTIFICATE-----
Generated at Mon Aug 4 22:26:34 2025 by rpki-client