Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/39032a05-08aa-42f2-98fc-8aa6aeee1dc2.roa
File:                     39032a05-08aa-42f2-98fc-8aa6aeee1dc2.roa (raw, json)
Hash identifier:          RifvfmkdBDGZoiNEN22G/wq6eeQ43HAZRTirugLpTS8=
Subject key identifier:   52:E2:09:32:0F:1C:AF:9F:44:F8:EE:EE:EB:90:F9:16:4F:F2:AE:F6
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       1D12C3EF1912D5AC342FE6164F154FB8BD62CB56
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/39032a05-08aa-42f2-98fc-8aa6aeee1dc2.roa
Signing time:             Mon 14 Jul 2025 15:30:44 +0000
ROA not before:           Mon 14 Jul 2025 15:30:44 +0000
ROA not after:            Mon 18 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.0.80.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:12:c3:ef:19:12:d5:ac:34:2f:e6:16:4f:15:4f:b8:bd:62:cb:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 14 15:30:44 2025 GMT
            Not After : Aug 18 23:59:59 2025 GMT
        Subject: serialNumber=293a4fabc86969cfff129180bdd00b199a0b57712a7e0245d89c3604a343cc4a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5d:88:a0:d8:6d:6c:99:01:a7:78:68:4e:cd:
                    bc:2a:02:23:26:69:f8:20:4a:1a:2e:87:43:14:24:
                    0c:9e:73:51:ab:13:df:d4:9b:03:c4:f3:fa:29:6c:
                    37:47:36:fe:9f:24:da:2e:4d:52:5d:da:3b:8c:eb:
                    7e:df:c1:2e:ec:9b:8e:93:a8:83:08:d6:10:6d:93:
                    69:ce:59:86:50:30:6b:f3:e3:46:87:f2:4d:3d:cd:
                    b7:4c:dc:1e:0f:7b:ca:38:b6:bf:58:26:64:67:d4:
                    22:3e:a4:ec:24:11:ea:4e:b5:5f:87:e1:80:32:8f:
                    ad:d5:b4:70:ae:18:62:08:7f:25:3d:bb:96:b3:37:
                    40:42:40:02:91:39:19:95:cc:31:da:94:60:fa:f6:
                    35:36:10:5b:eb:85:0e:58:2f:9a:4d:0f:74:05:a8:
                    e5:e7:8a:b9:09:db:92:10:72:31:15:41:49:74:26:
                    b7:61:1b:3c:3d:b2:c8:93:76:f6:14:45:72:39:68:
                    14:3c:aa:0b:d6:5d:fc:ca:9f:2b:80:a7:c5:b3:f9:
                    96:67:66:9c:48:86:dd:72:2a:c7:2b:6b:0d:ba:25:
                    24:e8:a9:0c:bc:ec:d1:84:3c:a7:b7:d0:e5:f1:ac:
                    be:74:8e:89:44:50:e6:c2:42:03:67:77:58:db:2c:
                    e7:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:E2:09:32:0F:1C:AF:9F:44:F8:EE:EE:EB:90:F9:16:4F:F2:AE:F6
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/39032a05-08aa-42f2-98fc-8aa6aeee1dc2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.0.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2a:6f:ad:d6:83:33:65:06:c8:1b:96:b4:5a:80:7b:02:eb:44:
         54:c6:ce:4f:91:4b:e9:bc:e1:be:60:35:3a:7f:9f:87:6d:6d:
         66:1c:49:2a:49:3d:8d:1f:8d:05:6b:25:58:6d:aa:e6:93:ce:
         33:e8:88:c7:5b:cc:30:34:07:e3:bb:8a:0d:a0:dd:0a:c3:ed:
         4e:15:a9:0a:d5:3e:ea:ef:cd:81:44:25:e0:bd:e5:4f:df:eb:
         ae:fb:f6:94:52:fc:8f:41:3b:c9:7d:37:ec:fa:e8:60:2b:ef:
         06:77:25:cf:85:d6:9d:36:98:4b:35:8f:09:60:07:5b:d1:a2:
         37:32:f3:0c:3e:a9:fe:d0:c6:34:16:3c:31:98:9d:5b:f9:0a:
         56:17:19:98:83:e4:ab:02:7c:27:da:e0:f0:60:c1:e2:d1:4b:
         d8:8d:ed:10:cd:75:7f:65:42:6e:8e:a2:18:b6:0e:cf:2d:4d:
         79:69:0e:1e:4e:63:b1:41:11:82:82:8c:34:03:af:4e:da:b4:
         b5:ef:6d:2f:72:a9:3e:cc:4e:cb:e5:6d:2c:99:e7:ec:7d:a1:
         61:14:4d:15:ae:da:17:06:a5:72:cc:c2:9e:aa:97:64:5d:df:
         11:b0:53:26:8d:13:df:30:f1:5c:50:95:05:8d:23:3d:f1:4a:
         d1:cb:5c:fd
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUHRLD7xkS1aw0L+YWTxVPuL1iy1YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTQxNTMwNDRaFw0yNTA4MTgyMzU5NTlaMHoxSTBHBgNV
BAUTQDI5M2E0ZmFiYzg2OTY5Y2ZmZjEyOTE4MGJkZDAwYjE5OWEwYjU3NzEyYTdl
MDI0NWQ4OWMzNjA0YTM0M2NjNGExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL5diKDYbWyZAad4aE7NvCoCIyZp+CBKGi6HQxQkDJ5zUasT39SbA8Tz+ils
N0c2/p8k2i5NUl3aO4zrft/BLuybjpOogwjWEG2Tac5ZhlAwa/PjRofyTT3Nt0zc
Hg97yji2v1gmZGfUIj6k7CQR6k61X4fhgDKPrdW0cK4YYgh/JT27lrM3QEJAApE5
GZXMMdqUYPr2NTYQW+uFDlgvmk0PdAWo5eeKuQnbkhByMRVBSXQmt2EbPD2yyJN2
9hRFcjloFDyqC9Zd/MqfK4CnxbP5lmdmnEiG3XIqxytrDbolJOipDLzs0YQ8p7fQ
5fGsvnSOiURQ5sJCA2d3WNss54kCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRS4gky
Dxyvn0T47u7rkPkWT/Ku9jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzkwMzJhMDUtMDhhYS00MmYyLTk4ZmMtOGFhNmFlZWUxZGMyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAUDAN
BgkqhkiG9w0BAQsFAAOCAQEAKm+t1oMzZQbIG5a0WoB7AutEVMbOT5FL6bzhvmA1
On+fh21tZhxJKkk9jR+NBWslWG2q5pPOM+iIx1vMMDQH47uKDaDdCsPtThWpCtU+
6u/NgUQl4L3lT9/rrvv2lFL8j0E7yX037ProYCvvBnclz4XWnTaYSzWPCWAHW9Gi
NzLzDD6p/tDGNBY8MZidW/kKVhcZmIPkqwJ8J9rg8GDB4tFL2I3tEM11f2VCbo6i
GLYOzy1NeWkOHk5jsUERgoKMNAOvTtq0te9tL3KpPsxOy+VtLJnn7H2hYRRNFa7a
FwalcszCnqqXZF3fEbBTJo0T3zDxXFCVBY0jPfFK0ctc/Q==
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:38:19 2025 by rpki-client