Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/8d2d588e-ac05-4633-acba-4d5705f7071e.roa
File:                     8d2d588e-ac05-4633-acba-4d5705f7071e.roa (raw, json)
Hash identifier:          51OeqeRUjnl2Q7CUQ5hk0fhhLGrKMLbXhZ0ynlSpZ7Q=
Subject key identifier:   05:AD:3F:AD:F7:31:CB:0E:92:17:98:F7:E3:2B:27:19:D3:62:6A:91
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       558EBC6D938E4B52BE068803EA74CDCF28E143EE
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/8d2d588e-ac05-4633-acba-4d5705f7071e.roa
Signing time:             Fri 11 Jul 2025 21:00:21 +0000
ROA not before:           Fri 11 Jul 2025 21:00:21 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.180.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:8e:bc:6d:93:8e:4b:52:be:06:88:03:ea:74:cd:cf:28:e1:43:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 11 21:00:21 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=9158207b344a20c347a52663b20ff7ee4e88771c05656733cdd8e2dc3c9ba3bc, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:89:37:2a:a2:1e:0c:2f:c9:2b:ab:f4:11:92:
                    07:ff:e4:ea:01:08:cc:c6:a0:fe:71:60:9c:05:59:
                    1d:72:95:c4:ce:67:31:55:24:a2:ce:ba:bb:95:26:
                    40:c7:3d:ae:58:a2:1b:03:24:16:09:5b:aa:e0:09:
                    91:59:45:4c:7a:2a:8a:c0:75:3c:87:a1:bc:ee:af:
                    04:37:84:41:6b:ab:14:a8:0c:b8:d5:71:ce:c7:d7:
                    cb:b0:bc:c9:75:cd:74:f6:ca:dd:17:a8:4e:93:a3:
                    2e:10:0f:4a:84:16:48:b9:4a:29:ce:ad:fc:1b:45:
                    a2:58:12:ef:c8:2b:04:d4:d2:b9:31:a1:16:cd:e5:
                    17:ae:57:bd:ca:47:f7:02:86:18:58:fe:0f:ea:ab:
                    c4:ac:89:44:3c:3e:51:3a:9e:e1:c0:b4:7c:14:22:
                    8f:86:ff:28:13:27:a4:8f:88:25:72:22:3f:4f:43:
                    e6:60:79:35:da:61:c0:0a:f1:53:68:98:a1:3b:4c:
                    ad:d3:6c:8e:b7:fc:dc:6c:64:11:f4:63:29:3a:29:
                    b8:90:f2:6c:4e:28:bd:61:22:bf:d0:d5:f1:25:df:
                    3f:e7:8f:7f:59:94:d7:7d:87:cc:5f:72:ee:26:6b:
                    c0:85:5d:0b:9e:21:95:85:7e:81:a6:26:66:61:fe:
                    e1:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:AD:3F:AD:F7:31:CB:0E:92:17:98:F7:E3:2B:27:19:D3:62:6A:91
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/8d2d588e-ac05-4633-acba-4d5705f7071e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.180.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         c5:1e:3e:e9:e6:c0:b2:69:47:c3:42:83:ce:62:99:10:c6:ca:
         0d:37:1f:1d:bb:32:56:3c:a4:e9:72:4c:9d:e3:0a:3d:a7:5c:
         59:57:16:86:82:54:ed:3d:20:ce:b1:50:c2:59:54:d4:13:7e:
         05:3b:32:e6:a1:4f:4c:a0:58:1f:c1:11:08:85:2d:5c:24:1e:
         06:f7:33:37:b1:f6:32:62:57:bd:ec:a0:21:68:bc:42:7f:86:
         99:8c:e6:b7:8a:0d:63:d7:7e:d4:9d:f5:14:76:28:61:c2:23:
         94:4d:28:bd:e4:0f:42:3e:a7:72:62:5c:30:7b:29:8b:49:03:
         d5:9a:c1:fe:9d:01:24:a5:95:0a:09:8a:26:ee:c3:df:27:39:
         b1:3f:c2:08:a2:c3:8b:b3:af:d1:5b:f5:f4:ab:aa:21:bd:d6:
         d3:aa:93:9b:af:40:8e:c5:d5:f9:37:cb:73:cd:df:7c:7f:d7:
         58:92:a8:46:02:13:41:42:b3:29:e6:1a:0c:05:99:f4:ea:82:
         76:9b:b3:9a:ae:2f:6f:af:4c:bb:87:cd:e6:5f:76:73:a8:51:
         8e:5d:c6:d0:8d:f7:d2:25:b9:21:55:13:bf:8b:7d:10:02:34:
         cb:8a:c1:3f:75:52:4f:67:a1:ba:6b:57:11:f4:6f:92:80:7a:
         8d:93:56:88
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUVY68bZOOS1K+BogD6nTNzyjhQ+4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMTAwMjFaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDkxNTgyMDdiMzQ0YTIwYzM0N2E1MjY2M2IyMGZmN2VlNGU4ODc3MWMwNTY1
NjczM2NkZDhlMmRjM2M5YmEzYmMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANCJNyqiHgwvySur9BGSB//k6gEIzMag/nFgnAVZHXKVxM5nMVUkos66u5Um
QMc9rliiGwMkFglbquAJkVlFTHoqisB1PIehvO6vBDeEQWurFKgMuNVxzsfXy7C8
yXXNdPbK3ReoTpOjLhAPSoQWSLlKKc6t/BtFolgS78grBNTSuTGhFs3lF65XvcpH
9wKGGFj+D+qrxKyJRDw+UTqe4cC0fBQij4b/KBMnpI+IJXIiP09D5mB5NdphwArx
U2iYoTtMrdNsjrf83GxkEfRjKTopuJDybE4ovWEiv9DV8SXfP+ePf1mU132HzF9y
7iZrwIVdC54hlYV+gaYmZmH+4cUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQFrT+t
9zHLDpIXmPfjKycZ02JqkTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OGQyZDU4OGUtYWMwNS00NjMzLWFjYmEtNGQ1NzA1ZjcwNzFlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATO0MA0G
CSqGSIb3DQEBCwUAA4IBAQDFHj7p5sCyaUfDQoPOYpkQxsoNNx8duzJWPKTpckyd
4wo9p1xZVxaGglTtPSDOsVDCWVTUE34FOzLmoU9MoFgfwREIhS1cJB4G9zM3sfYy
Yle97KAhaLxCf4aZjOa3ig1j137UnfUUdihhwiOUTSi95A9CPqdyYlwweymLSQPV
msH+nQEkpZUKCYom7sPfJzmxP8IIosOLs6/RW/X0q6ohvdbTqpObr0COxdX5N8tz
zd98f9dYkqhGAhNBQrMp5hoMBZn06oJ2m7Oari9vr0y7h83mX3ZzqFGOXcbQjffS
JbkhVRO/i30QAjTLisE/dVJPZ6G6a1cR9G+SgHqNk1aI
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:38:56 2025 by rpki-client