Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/575d6f80-6d4b-4183-8b86-cc4106bedd78.roa
File:                     575d6f80-6d4b-4183-8b86-cc4106bedd78.roa (raw, json)
Hash identifier:          BoemOch96saHFSm1xfWogcsS6JCClzLwoSo/jgMsTAo=
Subject key identifier:   4A:9F:9F:A6:55:54:02:CD:02:C5:72:E1:32:22:5C:DF:D5:0B:AD:F0
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       28E4272DAE52A1DF3518FFDF11AB1F1A75E645F5
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/575d6f80-6d4b-4183-8b86-cc4106bedd78.roa
Signing time:             Mon 21 Jul 2025 17:00:41 +0000
ROA not before:           Mon 21 Jul 2025 17:00:41 +0000
ROA not after:            Mon 25 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        195.119.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:e4:27:2d:ae:52:a1:df:35:18:ff:df:11:ab:1f:1a:75:e6:45:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 21 17:00:41 2025 GMT
            Not After : Aug 25 23:59:59 2025 GMT
        Subject: serialNumber=72d9c071c20a4042c43bd5ed6ad07e7c6f19497354b34810031753fb9d9e3d9e, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:cd:f9:62:a3:d0:32:1b:fa:6f:87:aa:91:a7:
                    00:0d:80:0f:d7:5c:57:3a:57:d7:f1:b5:ba:de:fa:
                    d9:c7:aa:4c:eb:0c:72:b3:3e:d7:c6:54:68:26:ee:
                    2d:6e:c9:f9:10:bb:d0:ab:ab:41:ea:11:61:fe:62:
                    49:3e:ec:1c:ac:bc:eb:7f:19:19:a7:a0:4e:c5:68:
                    91:3a:85:cf:c8:1b:a9:6a:7f:a2:62:58:25:f2:c1:
                    90:37:7e:99:62:5e:2e:04:bc:76:87:95:87:a1:37:
                    9b:f0:aa:47:52:af:c6:cf:55:69:c4:13:77:7a:ba:
                    45:6f:78:e2:93:83:ed:23:73:b6:55:30:9b:ba:7a:
                    ce:9d:71:80:21:dc:1a:04:62:cc:58:ff:2f:eb:8d:
                    30:03:15:ff:a2:83:40:3f:8e:62:71:ad:9f:64:87:
                    d1:fa:e4:56:f0:1d:d5:30:dc:8d:b4:cc:31:6e:5c:
                    a3:1e:51:bd:31:b5:0d:8a:eb:ae:dd:4c:12:3b:ec:
                    c1:b7:55:03:91:d2:4e:e7:0f:cf:37:b0:fc:91:38:
                    15:54:ac:9c:80:da:90:f2:6b:c9:c1:be:82:1b:9c:
                    d6:2e:85:07:6e:2e:9c:8b:33:10:3a:de:ed:bb:36:
                    5a:b4:a8:19:1b:91:7d:a2:d7:42:c7:f3:ae:42:4d:
                    a2:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:9F:9F:A6:55:54:02:CD:02:C5:72:E1:32:22:5C:DF:D5:0B:AD:F0
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/575d6f80-6d4b-4183-8b86-cc4106bedd78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.119.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         af:4c:54:dc:36:bf:80:ae:c2:a2:cd:90:b7:f3:1b:db:7b:67:
         df:5f:54:0a:51:e0:07:8b:0d:08:db:08:09:72:fb:66:5a:08:
         98:a4:fa:68:c2:9c:d9:af:93:c4:35:93:a3:a7:39:1e:7e:fa:
         8b:6b:09:66:31:2f:61:0e:28:35:80:f7:04:b4:57:40:88:52:
         ec:b7:58:83:34:9c:65:d4:aa:46:c3:dd:29:49:f0:2b:3d:2d:
         a1:d9:e2:31:6f:ac:68:d7:df:d6:84:fa:22:e8:6f:75:fb:e2:
         ff:c9:71:32:d8:12:60:bb:3d:01:00:13:3b:b5:47:d4:c0:f0:
         76:33:03:a2:95:47:64:03:ff:a2:e3:48:e0:05:e0:bf:7a:3d:
         26:97:07:3a:2c:e8:54:97:ff:21:8c:82:99:b0:73:93:8c:34:
         da:45:cc:bf:99:c0:27:33:73:a7:42:54:be:a2:4b:a9:cf:6e:
         09:ed:6c:65:68:bf:61:50:f4:77:0f:b0:f9:bd:29:2a:3e:ba:
         cd:95:54:34:54:49:4a:d1:1f:80:ef:1f:57:0a:5a:06:1e:ba:
         d2:00:65:bc:9d:a9:aa:fa:40:2e:04:0e:ff:bd:d3:36:d7:d6:
         b4:fa:89:4a:d6:10:cd:27:f5:1f:33:5e:02:3e:5c:f7:88:61:
         28:d7:3c:66
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUKOQnLa5Sod81GP/fEasfGnXmRfUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MjExNzAwNDFaFw0yNTA4MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDcyZDljMDcxYzIwYTQwNDJjNDNiZDVlZDZhZDA3ZTdjNmYxOTQ5NzM1NGIz
NDgxMDAzMTc1M2ZiOWQ5ZTNkOWUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ7N+WKj0DIb+m+HqpGnAA2AD9dcVzpX1/G1ut762ceqTOsMcrM+18ZUaCbu
LW7J+RC70KurQeoRYf5iST7sHKy8638ZGaegTsVokTqFz8gbqWp/omJYJfLBkDd+
mWJeLgS8doeVh6E3m/CqR1Kvxs9VacQTd3q6RW944pOD7SNztlUwm7p6zp1xgCHc
GgRizFj/L+uNMAMV/6KDQD+OYnGtn2SH0frkVvAd1TDcjbTMMW5cox5RvTG1DYrr
rt1MEjvswbdVA5HSTucPzzew/JE4FVSsnIDakPJrycG+ghuc1i6FB24unIszEDre
7bs2WrSoGRuRfaLXQsfzrkJNooMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRKn5+m
VVQCzQLFcuEyIlzf1Qut8DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NTc1ZDZmODAtNmQ0Yi00MTgzLThiODYtY2M0MTA2YmVkZDc4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMN3MA0G
CSqGSIb3DQEBCwUAA4IBAQCvTFTcNr+ArsKizZC38xvbe2ffX1QKUeAHiw0I2wgJ
cvtmWgiYpPpowpzZr5PENZOjpzkefvqLawlmMS9hDig1gPcEtFdAiFLst1iDNJxl
1KpGw90pSfArPS2h2eIxb6xo19/WhPoi6G91++L/yXEy2BJguz0BABM7tUfUwPB2
MwOilUdkA/+i40jgBeC/ej0mlwc6LOhUl/8hjIKZsHOTjDTaRcy/mcAnM3OnQlS+
okupz24J7WxlaL9hUPR3D7D5vSkqPrrNlVQ0VElK0R+A7x9XCloGHrrSAGW8namq
+kAuBA7/vdM219a0+olK1hDNJ/UfM14CPlz3iGEo1zxm
-----END CERTIFICATE-----
Generated at Mon Aug 4 22:10:34 2025 by rpki-client