Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9adb83e6-fa36-47fa-b5be-856fd7247898.roa
File:                     9adb83e6-fa36-47fa-b5be-856fd7247898.roa (raw, json)
Hash identifier:          IjiSBlremY7vCrTuNgO/ZEReJEO7EMIFma2Ll6DbdUM=
Subject key identifier:   21:64:F4:D6:5F:C5:23:93:AC:9A:15:D8:1A:CC:9D:6C:E0:FD:55:AD
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       45ADC61EC14422D776EF1C7344FF1290303CF35F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9adb83e6-fa36-47fa-b5be-856fd7247898.roa
Signing time:             Fri 23 May 2025 00:50:20 +0000
ROA not before:           Fri 23 May 2025 00:50:20 +0000
ROA not after:            Fri 27 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.16.104.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:ad:c6:1e:c1:44:22:d7:76:ef:1c:73:44:ff:12:90:30:3c:f3:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: May 23 00:50:20 2025 GMT
            Not After : Jun 27 23:59:59 2025 GMT
        Subject: serialNumber=71e8788b85e22f99476fff3626eecef1799133fcefeefd6da6f54351c13769a2, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b5:9b:46:e9:16:81:d0:38:72:9b:b3:a5:01:
                    11:8a:f1:0d:dd:a6:bf:b5:71:73:8f:25:50:7f:be:
                    34:0a:ac:6c:c1:8c:06:d5:94:5e:0a:c6:df:f0:3a:
                    25:0a:30:df:c3:af:eb:d0:94:d7:74:f2:e1:44:a6:
                    ce:c4:b9:b4:e9:0a:56:65:83:9e:a4:db:df:98:97:
                    c1:13:a1:7e:ce:13:66:54:77:75:56:ab:13:e4:3d:
                    1d:ad:fa:af:5e:57:8d:5c:0d:7d:24:d3:11:fb:ff:
                    40:9c:26:88:ce:f3:28:57:2d:65:ca:7d:92:4a:b9:
                    45:c1:78:fe:8b:40:71:e8:e7:31:83:71:60:35:53:
                    37:c6:90:3f:60:5c:d5:a0:42:26:53:37:77:05:c0:
                    4d:7f:38:d7:c2:5c:af:41:5a:ba:5d:14:f7:0c:2f:
                    b9:65:39:2d:4f:b4:c5:25:b2:11:76:1f:db:73:87:
                    db:9f:ff:7b:86:a1:4c:a9:86:d7:08:90:e6:b0:9d:
                    55:f1:9f:22:29:71:00:c9:3f:5b:c1:9a:2b:62:d0:
                    9f:31:6b:3a:2e:aa:17:22:53:97:f4:e0:1f:78:c3:
                    db:f8:34:6b:2d:51:88:ec:a1:7b:a2:86:b1:ad:5f:
                    4d:63:9f:e3:ca:21:8c:6b:b9:43:3e:ca:af:33:b7:
                    cf:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:64:F4:D6:5F:C5:23:93:AC:9A:15:D8:1A:CC:9D:6C:E0:FD:55:AD
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9adb83e6-fa36-47fa-b5be-856fd7247898.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.16.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:35:70:8e:fe:30:fb:86:71:83:93:bb:2a:b6:a5:7a:81:23:
         67:e5:ab:5b:b6:9b:5c:2c:df:d7:75:d8:ee:28:57:bd:0e:81:
         b9:88:32:1b:e9:8c:26:7d:84:d8:15:89:ed:66:f1:af:53:c0:
         b0:41:99:f7:6b:9d:fa:b4:c6:e4:7d:23:63:45:e8:af:05:a3:
         44:5b:b0:a3:b8:67:92:09:29:87:1e:17:71:38:a3:52:2b:a0:
         d0:26:6b:08:60:cd:68:5a:8d:84:e8:24:24:d5:0f:be:a9:16:
         d2:75:ba:ef:25:ef:a1:3a:9b:84:bb:0b:e1:4f:f4:66:ed:70:
         e8:89:f2:e8:d0:30:ab:1b:3e:27:94:fc:41:54:00:f6:e4:fb:
         c9:a3:8d:81:08:b5:11:15:5c:5a:b2:12:d5:06:30:9e:be:50:
         b1:dc:86:9d:a8:d5:13:f9:36:45:6c:f8:cf:ed:99:9f:15:1d:
         c5:ea:64:fa:9a:1d:82:68:06:db:f1:38:6a:ee:a7:b0:ce:45:
         62:6e:7e:e0:0b:01:a2:cd:51:bd:1e:71:32:b3:d9:48:82:59:
         9c:e5:57:0c:70:16:c7:39:0f:f5:6d:0d:0a:da:75:55:0c:fc:
         5b:61:c5:93:2d:bf:0b:71:31:c2:4d:98:ab:5e:ba:03:8a:2f:
         e9:9a:76:80
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIURa3GHsFEItd27xxzRP8SkDA8818wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MjMwMDUwMjBaFw0yNTA2MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQDcxZTg3ODhiODVlMjJmOTk0NzZmZmYzNjI2ZWVjZWYxNzk5MTMzZmNlZmVl
ZmQ2ZGE2ZjU0MzUxYzEzNzY5YTIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKi1m0bpFoHQOHKbs6UBEYrxDd2mv7Vxc48lUH++NAqsbMGMBtWUXgrG3/A6
JQow38Ov69CU13Ty4USmzsS5tOkKVmWDnqTb35iXwROhfs4TZlR3dVarE+Q9Ha36
r15XjVwNfSTTEfv/QJwmiM7zKFctZcp9kkq5RcF4/otAcejnMYNxYDVTN8aQP2Bc
1aBCJlM3dwXATX8418Jcr0Faul0U9wwvuWU5LU+0xSWyEXYf23OH25//e4ahTKmG
1wiQ5rCdVfGfIilxAMk/W8GaK2LQnzFrOi6qFyJTl/TgH3jD2/g0ay1RiOyhe6KG
sa1fTWOf48ohjGu5Qz7KrzO3z7cCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQhZPTW
X8Ujk6yaFdgazJ1s4P1VrTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWFkYjgzZTYtZmEzNi00N2ZhLWI1YmUtODU2ZmQ3MjQ3ODk4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEATMQaDAN
BgkqhkiG9w0BAQsFAAOCAQEAljVwjv4w+4Zxg5O7KraleoEjZ+WrW7abXCzf13XY
7ihXvQ6BuYgyG+mMJn2E2BWJ7Wbxr1PAsEGZ92ud+rTG5H0jY0XorwWjRFuwo7hn
kgkphx4XcTijUiug0CZrCGDNaFqNhOgkJNUPvqkW0nW67yXvoTqbhLsL4U/0Zu1w
6Iny6NAwqxs+J5T8QVQA9uT7yaONgQi1ERVcWrIS1QYwnr5QsdyGnajVE/k2RWz4
z+2ZnxUdxepk+podgmgG2/E4au6nsM5FYm5+4AsBos1RvR5xMrPZSIJZnOVXDHAW
xzkP9W0NCtp1VQz8W2HFky2/C3Exwk2Yq166A4ov6Zp2gA==
-----END CERTIFICATE-----
Generated at Sat Jun 14 05:56:07 2025 by rpki-client