Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ca9dc172-c5c5-48fd-a801-9f7f050aa67b.roa
File:                     ca9dc172-c5c5-48fd-a801-9f7f050aa67b.roa (raw, json)
Hash identifier:          qYRyCyvFLIxTuyfZEyk4H7GbZ/RFgyt6Lb+R0wcPs6M=
Subject key identifier:   3B:6D:E0:B3:75:A5:1A:C1:5A:E8:2B:71:43:E6:9F:8D:A1:DD:16:35
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5E04D5B4503312D7CFABE369F3E2926DA5EF25F8
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ca9dc172-c5c5-48fd-a801-9f7f050aa67b.roa
Signing time:             Mon 14 Jul 2025 15:40:13 +0000
ROA not before:           Mon 14 Jul 2025 15:40:13 +0000
ROA not after:            Mon 18 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.24.0.0/13 maxlen: 13
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:04:d5:b4:50:33:12:d7:cf:ab:e3:69:f3:e2:92:6d:a5:ef:25:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 14 15:40:13 2025 GMT
            Not After : Aug 18 23:59:59 2025 GMT
        Subject: serialNumber=7be5c2e0aa6e8c773d05b2ca21232ba51e8ab460990cd2331911f3fa6bc323c4, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:d5:1c:ed:d3:c1:96:9c:cb:b2:e3:5a:d0:5b:
                    7c:d4:85:04:a9:39:19:a4:8d:20:30:15:78:33:ed:
                    8d:39:92:3f:43:f7:f7:dd:92:f1:3c:7e:b7:60:ce:
                    35:c0:45:0f:90:71:81:6d:3b:15:81:dc:c3:04:b9:
                    0a:15:ab:43:bb:e8:01:e5:a1:f6:0f:0a:a0:7a:99:
                    02:79:23:6d:b5:f6:22:8c:26:22:8e:cd:fd:2f:cf:
                    8a:d9:72:d8:9d:4f:60:f0:26:70:2c:9b:a8:63:e8:
                    24:21:71:b4:de:21:5c:1e:85:96:ef:38:c7:3a:1d:
                    dd:50:04:97:66:7b:b0:d9:a5:94:04:5d:08:c8:7f:
                    ad:20:4d:26:2e:94:19:ec:78:e2:b5:c9:be:04:18:
                    4e:40:bf:10:48:17:3c:7b:09:44:b7:a6:d6:92:ef:
                    f1:ad:13:32:50:fe:b6:1a:5a:11:05:a2:10:ec:a8:
                    7b:db:7a:b0:41:ee:38:5a:e5:45:4b:04:72:43:6e:
                    a4:36:e8:e3:7e:41:da:10:ca:aa:33:94:85:75:e4:
                    15:f8:2b:98:9d:51:ab:f8:51:fc:22:7d:a4:35:c4:
                    60:f7:87:0c:68:a8:07:20:50:54:12:e6:f1:11:c5:
                    27:1a:03:be:5e:eb:d3:b9:ba:43:dc:70:d4:b9:be:
                    6a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:6D:E0:B3:75:A5:1A:C1:5A:E8:2B:71:43:E6:9F:8D:A1:DD:16:35
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ca9dc172-c5c5-48fd-a801-9f7f050aa67b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.24.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         c7:98:88:1e:b4:f6:09:c6:a3:25:23:e8:80:6d:aa:89:68:09:
         6d:5f:5a:36:d7:2f:17:ab:3e:76:50:77:7f:10:e3:4d:a0:4a:
         f4:70:c4:8b:11:55:89:de:09:eb:34:f9:b5:82:76:8f:e1:28:
         65:11:78:fb:86:22:27:44:86:c4:72:f7:bd:e7:22:ee:c2:b9:
         af:8e:ab:ef:b9:3b:04:4d:f8:dd:34:54:6d:28:73:82:e5:46:
         4d:8b:a3:da:dd:70:47:7a:01:7a:8f:84:15:81:68:84:33:58:
         fa:2e:e5:ac:73:85:cd:5a:9e:af:42:7e:20:97:ad:e1:e5:47:
         6b:39:11:f3:f6:62:1e:bd:1e:4a:7e:37:65:a1:d8:76:fd:b8:
         7c:40:aa:8c:8d:04:c4:2b:2b:5e:1b:6b:4a:4b:80:c4:3d:a8:
         95:e0:be:cd:bb:ef:69:e3:51:af:95:a5:de:8e:5c:db:26:14:
         91:6a:3b:d1:ba:84:95:ed:3a:db:dc:a2:68:80:65:03:51:9b:
         57:5c:0d:c7:e9:e7:19:ff:dc:94:aa:92:9b:d9:25:d4:e6:79:
         66:9f:a5:63:2b:1d:94:1a:5c:c4:7e:a2:d4:18:57:18:fa:b1:
         95:bf:46:80:f8:80:ee:9e:89:85:e4:fb:48:2d:97:15:bb:df:
         4b:1e:52:d1
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXgTVtFAzEtfPq+Np8+KSbaXvJfgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTQxNTQwMTNaFw0yNTA4MTgyMzU5NTlaMHoxSTBHBgNV
BAUTQDdiZTVjMmUwYWE2ZThjNzczZDA1YjJjYTIxMjMyYmE1MWU4YWI0NjA5OTBj
ZDIzMzE5MTFmM2ZhNmJjMzIzYzQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANnVHO3TwZacy7LjWtBbfNSFBKk5GaSNIDAVeDPtjTmSP0P3992S8Tx+t2DO
NcBFD5BxgW07FYHcwwS5ChWrQ7voAeWh9g8KoHqZAnkjbbX2IowmIo7N/S/Pitly
2J1PYPAmcCybqGPoJCFxtN4hXB6Flu84xzod3VAEl2Z7sNmllARdCMh/rSBNJi6U
Gex44rXJvgQYTkC/EEgXPHsJRLem1pLv8a0TMlD+thpaEQWiEOyoe9t6sEHuOFrl
RUsEckNupDbo435B2hDKqjOUhXXkFfgrmJ1Rq/hR/CJ9pDXEYPeHDGioByBQVBLm
8RHFJxoDvl7r07m6Q9xw1Lm+agMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ7beCz
daUawVroK3FD5p+Nod0WNTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Y2E5ZGMxNzItYzVjNS00OGZkLWE4MDEtOWY3ZjA1MGFhNjdiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAzMYMA0G
CSqGSIb3DQEBCwUAA4IBAQDHmIgetPYJxqMlI+iAbaqJaAltX1o21y8Xqz52UHd/
EONNoEr0cMSLEVWJ3gnrNPm1gnaP4ShlEXj7hiInRIbEcve95yLuwrmvjqvvuTsE
TfjdNFRtKHOC5UZNi6Pa3XBHegF6j4QVgWiEM1j6LuWsc4XNWp6vQn4gl63h5Udr
ORHz9mIevR5Kfjdlodh2/bh8QKqMjQTEKyteG2tKS4DEPaiV4L7Nu+9p41GvlaXe
jlzbJhSRajvRuoSV7Trb3KJogGUDUZtXXA3H6ecZ/9yUqpKb2SXU5nlmn6VjKx2U
GlzEfqLUGFcY+rGVv0aA+IDunomF5PtILZcVu99LHlLR
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:38:19 2025 by rpki-client