Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/83a3dbd5-059a-4f95-b55b-26c786f91e3b.roa
File:                     83a3dbd5-059a-4f95-b55b-26c786f91e3b.roa (raw, json)
Hash identifier:          z0ffVzjR+WPGGSp60W+9XC8uBnCgpPJYuaATFk/wL0s=
Subject key identifier:   83:AF:AE:E2:B3:DD:66:04:91:75:64:CA:9B:CA:61:E6:5A:4B:90:00
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       184B587AA3C3D0CF26E2C0916E38E0191E075096
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/83a3dbd5-059a-4f95-b55b-26c786f91e3b.roa
Signing time:             Fri 11 Jul 2025 20:50:08 +0000
ROA not before:           Fri 11 Jul 2025 20:50:08 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        213.72.0.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:4b:58:7a:a3:c3:d0:cf:26:e2:c0:91:6e:38:e0:19:1e:07:50:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 11 20:50:08 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=8a3c7be78271fee04eac07be8e6e3db372251be879fb5835d63164fdfe63281f, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:fe:32:b3:25:dc:20:d8:97:d6:8e:c9:e8:47:
                    1e:8b:50:ed:ad:54:2e:00:25:36:45:dd:3e:63:44:
                    a9:87:52:0d:19:37:0c:66:29:11:1f:5b:59:3c:e5:
                    d2:b1:27:10:ab:b2:3f:18:69:0b:0f:0b:fe:64:41:
                    61:99:e7:02:52:76:7f:87:31:8d:a2:c2:63:68:6a:
                    d0:c5:c4:50:c5:a9:c7:54:6b:b0:ec:85:17:42:29:
                    ac:2c:51:68:7f:06:89:3d:d0:13:96:38:d6:6b:7b:
                    47:94:0b:8e:2f:df:b5:3c:fe:45:0f:a9:57:01:ab:
                    1b:ec:a7:cf:a5:2b:40:cf:03:e2:26:66:49:a7:ad:
                    ea:7e:fe:b8:60:a6:fb:d2:2c:e6:f3:83:44:3a:94:
                    93:2d:36:df:b7:6a:04:62:c7:2d:dd:0d:73:fe:b6:
                    00:52:67:bd:e8:f4:67:cf:62:79:76:d9:b8:b1:ca:
                    da:47:0d:f0:32:a9:b8:81:70:83:9b:b1:99:eb:f1:
                    1f:d6:17:16:47:e9:18:62:85:f4:cf:ba:82:60:a4:
                    bb:3e:b2:af:7b:d5:93:2d:63:3f:3e:fe:ad:21:9e:
                    15:18:dd:bd:11:92:37:7f:a4:26:05:43:95:25:ee:
                    6e:c9:40:94:52:82:c5:6c:af:ef:2a:da:f1:44:97:
                    3b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:AF:AE:E2:B3:DD:66:04:91:75:64:CA:9B:CA:61:E6:5A:4B:90:00
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/83a3dbd5-059a-4f95-b55b-26c786f91e3b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.72.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         36:b4:0d:2d:f6:05:c5:9b:2c:b6:43:18:d6:63:fd:21:30:f8:
         00:5f:5a:72:47:d0:c8:34:e9:4e:9f:2a:22:70:25:c3:c8:93:
         bc:5d:4c:9e:71:c8:01:cd:b4:da:b9:02:ac:9d:75:6a:e6:ab:
         ea:7a:41:5a:5e:b6:dc:c8:9c:48:f7:1f:f0:20:d4:06:22:8c:
         2b:88:51:ca:e0:64:3d:46:44:d6:33:f8:84:24:d1:e1:13:67:
         69:96:92:0b:92:f5:fd:dc:97:0c:63:04:af:6c:0e:30:ec:55:
         85:29:be:05:17:2c:a7:d3:36:1b:b4:26:fc:ff:3b:be:89:62:
         79:87:9e:b9:35:7d:d5:1e:8c:61:04:60:ef:df:24:a6:ea:84:
         6a:40:c7:03:8c:7d:fd:d1:25:c9:e5:a8:70:25:07:aa:a6:37:
         06:80:cf:5f:9f:2a:44:65:50:fb:6b:3b:23:3c:d8:7a:15:0c:
         34:27:ad:ff:3c:61:71:d6:e3:75:13:bd:7f:a8:8e:05:b6:ce:
         84:02:89:7b:0b:e4:29:97:24:37:f7:39:94:c7:fd:cd:c6:1a:
         7d:d0:77:d6:aa:a9:c8:27:71:a5:ac:2f:f7:fc:24:26:64:19:
         cb:5a:fd:ad:f9:23:a4:bd:b3:25:f3:b1:a0:8f:8d:3e:c2:9e:
         ea:60:1a:fe
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUGEtYeqPD0M8m4sCRbjjgGR4HUJYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMDUwMDhaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDhhM2M3YmU3ODI3MWZlZTA0ZWFjMDdiZThlNmUzZGIzNzIyNTFiZTg3OWZi
NTgzNWQ2MzE2NGZkZmU2MzI4MWYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANH+MrMl3CDYl9aOyehHHotQ7a1ULgAlNkXdPmNEqYdSDRk3DGYpER9bWTzl
0rEnEKuyPxhpCw8L/mRBYZnnAlJ2f4cxjaLCY2hq0MXEUMWpx1RrsOyFF0IprCxR
aH8GiT3QE5Y41mt7R5QLji/ftTz+RQ+pVwGrG+ynz6UrQM8D4iZmSaet6n7+uGCm
+9Is5vODRDqUky0237dqBGLHLd0Nc/62AFJnvej0Z89ieXbZuLHK2kcN8DKpuIFw
g5uxmevxH9YXFkfpGGKF9M+6gmCkuz6yr3vVky1jPz7+rSGeFRjdvRGSN3+kJgVD
lSXubslAlFKCxWyv7yra8USXO60CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSDr67i
s91mBJF1ZMqbymHmWkuQADAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODNhM2RiZDUtMDU5YS00Zjk1LWI1NWItMjZjNzg2ZjkxZTNiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB9VIADAN
BgkqhkiG9w0BAQsFAAOCAQEANrQNLfYFxZsstkMY1mP9ITD4AF9ackfQyDTpTp8q
InAlw8iTvF1MnnHIAc202rkCrJ11auar6npBWl623MicSPcf8CDUBiKMK4hRyuBk
PUZE1jP4hCTR4RNnaZaSC5L1/dyXDGMEr2wOMOxVhSm+BRcsp9M2G7Qm/P87voli
eYeeuTV91R6MYQRg798kpuqEakDHA4x9/dElyeWocCUHqqY3BoDPX58qRGVQ+2s7
IzzYehUMNCet/zxhcdbjdRO9f6iOBbbOhAKJewvkKZckN/c5lMf9zcYafdB31qqp
yCdxpawv9/wkJmQZy1r9rfkjpL2zJfOxoI+NPsKe6mAa/g==
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:38:37 2025 by rpki-client