Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6252e9a3-4fdc-4c43-b91b-deb58ca2dd7c.roa
File:                     6252e9a3-4fdc-4c43-b91b-deb58ca2dd7c.roa (raw, json)
Hash identifier:          twP4fQLEOqO20dLaa1Wotr8NC4/AlT3aJj1lZ11ZFt4=
Subject key identifier:   31:57:DA:98:5E:8D:7D:AF:61:CF:E3:EB:54:69:34:50:FE:09:85:91
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       53F1AEB2D63CDB734D11D5382754089A7B7E310A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6252e9a3-4fdc-4c43-b91b-deb58ca2dd7c.roa
Signing time:             Mon 14 Jul 2025 15:40:17 +0000
ROA not before:           Mon 14 Jul 2025 15:40:17 +0000
ROA not after:            Mon 18 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.46.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:f1:ae:b2:d6:3c:db:73:4d:11:d5:38:27:54:08:9a:7b:7e:31:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 14 15:40:17 2025 GMT
            Not After : Aug 18 23:59:59 2025 GMT
        Subject: serialNumber=c9908bfd930b8cc9db1dbc0ff671541d0e4dabea11b4d6ec7ba16d00c7657a42, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:40:b6:f0:00:7b:1a:1b:c6:f3:15:fc:89:40:
                    c4:9f:c2:7f:bd:93:4b:95:33:f2:80:ac:11:c0:47:
                    98:d4:6c:ae:8a:32:7c:46:a7:fb:03:d7:64:f9:8c:
                    8e:29:09:d6:1f:d2:9d:61:7e:de:ab:5e:69:25:3c:
                    83:35:f4:02:ca:f6:94:f6:bb:e8:57:7c:de:dd:29:
                    40:7d:70:ac:07:98:6a:c4:d3:55:36:a9:a0:7e:b3:
                    97:2c:f2:c7:28:69:0c:6e:9f:96:e0:6e:e1:05:49:
                    6e:fa:b0:74:2a:8b:c0:56:69:88:44:44:38:07:22:
                    dd:e3:a9:31:73:95:ef:4f:d7:01:2f:9a:bc:d1:ec:
                    e5:55:ba:43:c7:6a:d6:95:f4:f5:4b:9d:62:c7:bf:
                    c7:48:3d:9d:b9:22:e4:ee:e3:ee:18:17:43:3a:8e:
                    13:37:c8:a3:aa:5e:22:30:fe:25:49:49:6c:0b:cb:
                    9c:03:9e:3a:eb:24:8c:fd:c1:47:24:3d:75:ef:1c:
                    7f:c3:b7:52:11:5d:f8:19:cf:15:c1:ed:40:a2:f9:
                    8f:14:0e:9f:1f:3c:0d:3b:dc:4e:12:35:2e:dc:7e:
                    43:83:b8:bf:36:79:59:8d:39:8d:36:df:d5:c1:12:
                    6c:e3:21:ba:cb:c3:34:ba:6e:dd:a1:fa:19:5a:be:
                    bd:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:57:DA:98:5E:8D:7D:AF:61:CF:E3:EB:54:69:34:50:FE:09:85:91
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6252e9a3-4fdc-4c43-b91b-deb58ca2dd7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.46.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         8c:97:6f:c2:40:9d:51:94:3f:60:57:f1:e5:1e:4c:bd:14:6c:
         49:e0:c4:88:01:84:cd:94:c2:69:25:1f:3e:ad:2f:f8:3c:f5:
         bf:23:64:97:35:34:f7:14:45:7e:04:fe:43:38:f4:17:21:67:
         1c:e0:45:68:70:81:47:2b:05:48:0b:79:b3:a6:ee:06:e2:d9:
         e8:5e:ec:8d:62:3f:98:29:f5:59:7e:40:d7:a0:45:95:3d:89:
         c3:4b:55:0e:3e:f7:73:48:a6:af:ac:35:4f:af:ae:bf:5d:13:
         2c:3f:53:f7:84:c0:93:0f:c6:d3:28:d3:12:34:dd:d6:f2:a4:
         09:4a:3f:3b:fe:42:45:e6:15:88:42:7d:0e:9f:f5:2a:f8:ac:
         3c:56:66:7c:50:00:c1:4e:f9:99:dc:fe:3c:36:43:7c:e7:88:
         fd:96:1e:d5:1d:17:87:83:22:45:38:c6:7d:cd:29:8f:a2:18:
         c3:f3:cc:d8:a7:24:88:a3:76:89:4a:ab:ef:94:89:34:56:1c:
         6e:56:8e:1b:b5:17:0e:00:c1:14:72:ff:51:dd:24:92:1b:c1:
         89:f5:99:2e:2e:a7:d7:96:c4:cc:a0:93:48:ae:fa:c3:e5:8e:
         60:b1:ab:38:fd:66:37:fc:70:46:d7:fd:45:a3:ae:6a:a4:af:
         d8:04:f4:78
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUU/GustY823NNEdU4J1QImnt+MQowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTQxNTQwMTdaFw0yNTA4MTgyMzU5NTlaMHoxSTBHBgNV
BAUTQGM5OTA4YmZkOTMwYjhjYzlkYjFkYmMwZmY2NzE1NDFkMGU0ZGFiZWExMWI0
ZDZlYzdiYTE2ZDAwYzc2NTdhNDIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMRAtvAAexobxvMV/IlAxJ/Cf72TS5Uz8oCsEcBHmNRsrooyfEan+wPXZPmM
jikJ1h/SnWF+3qteaSU8gzX0Asr2lPa76Fd83t0pQH1wrAeYasTTVTapoH6zlyzy
xyhpDG6fluBu4QVJbvqwdCqLwFZpiEREOAci3eOpMXOV70/XAS+avNHs5VW6Q8dq
1pX09UudYse/x0g9nbki5O7j7hgXQzqOEzfIo6peIjD+JUlJbAvLnAOeOuskjP3B
RyQ9de8cf8O3UhFd+BnPFcHtQKL5jxQOnx88DTvcThI1Ltx+Q4O4vzZ5WY05jTbf
1cESbOMhusvDNLpu3aH6GVq+vWsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQxV9qY
Xo19r2HP4+tUaTRQ/gmFkTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjI1MmU5YTMtNGZkYy00YzQzLWI5MWItZGViNThjYTJkZDdjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATMuMA0G
CSqGSIb3DQEBCwUAA4IBAQCMl2/CQJ1RlD9gV/HlHky9FGxJ4MSIAYTNlMJpJR8+
rS/4PPW/I2SXNTT3FEV+BP5DOPQXIWcc4EVocIFHKwVIC3mzpu4G4tnoXuyNYj+Y
KfVZfkDXoEWVPYnDS1UOPvdzSKavrDVPr66/XRMsP1P3hMCTD8bTKNMSNN3W8qQJ
Sj87/kJF5hWIQn0On/Uq+Kw8VmZ8UADBTvmZ3P48NkN854j9lh7VHReHgyJFOMZ9
zSmPohjD88zYpySIo3aJSqvvlIk0VhxuVo4btRcOAMEUcv9R3SSSG8GJ9ZkuLqfX
lsTMoJNIrvrD5Y5gsas4/WY3/HBG1/1Fo65qpK/YBPR4
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:38:39 2025 by rpki-client