Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d411eca7-95af-41dd-a2fc-fdaa162ad2e7.roa
File:                     d411eca7-95af-41dd-a2fc-fdaa162ad2e7.roa (raw, json)
Hash identifier:          KPIM+qVCmYqamm/UzGNxM5/Ww4BD1gP95ZEMt/UwkLI=
Subject key identifier:   31:1D:B9:4F:60:E5:23:B8:29:50:A3:7C:3B:D6:91:5B:5A:EC:41:B7
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       08749B4A8DF1035159EF84BE36C7F1C784FE250E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d411eca7-95af-41dd-a2fc-fdaa162ad2e7.roa
Signing time:             Tue 15 Jul 2025 00:30:06 +0000
ROA not before:           Tue 15 Jul 2025 00:30:06 +0000
ROA not after:            Tue 19 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        83.118.240.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:74:9b:4a:8d:f1:03:51:59:ef:84:be:36:c7:f1:c7:84:fe:25:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 15 00:30:06 2025 GMT
            Not After : Aug 19 23:59:59 2025 GMT
        Subject: serialNumber=b58368a019eeb57586fb32ca3e4fe61bed6bc7573fddab44844cf42fa1198725, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:17:16:0d:47:67:f0:1f:c3:21:dc:e0:47:ea:
                    71:72:7d:84:9a:de:3b:53:1e:cf:02:9c:d1:5f:70:
                    58:a3:27:bc:ef:9e:42:b9:a5:10:33:b3:f0:2d:a0:
                    e2:b4:38:f5:38:ab:60:53:ae:0f:5e:97:03:d1:6c:
                    ba:7f:df:ef:5e:2a:1b:f1:b0:3e:f2:d3:22:ac:8d:
                    f3:6a:1f:c5:9c:e9:53:e3:e4:06:35:50:b2:dc:44:
                    06:31:c5:20:92:f5:6c:0c:da:4e:70:d8:1a:ad:49:
                    e7:ca:07:b8:5a:07:1c:8d:06:4f:be:55:dd:ac:3b:
                    28:e8:b5:d9:ff:5e:c7:16:3d:0d:7c:6c:7f:3f:85:
                    62:20:e4:6b:05:ca:07:2a:d5:a9:f9:fa:b2:6c:da:
                    4e:66:14:1e:5b:ff:4d:76:7b:6c:dc:e3:41:dc:db:
                    26:39:53:30:b8:1b:b4:b7:ae:70:e4:c4:16:07:d2:
                    1c:74:f4:96:9a:b2:fd:1b:2d:a1:87:44:d3:68:88:
                    cc:13:a7:ee:f4:e9:6a:b9:0d:51:4b:39:1e:8b:35:
                    d6:29:58:86:66:e5:77:39:70:a6:38:b4:7c:2d:24:
                    78:fb:64:da:da:fb:4e:b4:15:0e:cc:53:3c:ce:a8:
                    0b:41:4f:dd:e4:a9:de:b0:4c:44:35:ec:df:05:29:
                    5a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:1D:B9:4F:60:E5:23:B8:29:50:A3:7C:3B:D6:91:5B:5A:EC:41:B7
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d411eca7-95af-41dd-a2fc-fdaa162ad2e7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.118.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b6:ae:fe:f0:ea:f3:f2:36:d0:2a:66:96:e0:7e:81:dd:42:8f:
         79:09:c0:24:1b:54:32:49:0e:28:91:c7:7c:4f:87:7d:97:24:
         ff:dd:2b:20:d4:fa:58:64:2f:70:06:7a:07:83:c3:84:de:da:
         8d:e3:4d:b8:66:fe:c4:23:0f:5b:cb:38:b8:d1:31:4f:44:15:
         05:91:50:96:f1:2b:f7:f1:6d:70:bf:85:28:ae:e9:e8:9f:0b:
         86:95:71:df:9b:66:5f:a6:c9:36:7f:11:ba:05:b8:cb:1b:3e:
         16:5d:86:14:2c:b1:89:4d:7f:db:30:4e:25:3a:2e:a9:b3:8e:
         1d:14:6e:c4:fd:0b:e5:05:3b:72:ca:76:18:68:ef:c3:d2:55:
         6e:dc:53:44:62:0d:58:d6:39:17:86:55:78:5f:2c:e5:31:39:
         91:8f:43:2a:2d:72:09:ed:0d:14:23:10:69:a3:10:be:f7:8c:
         80:4e:1e:7b:24:f8:34:41:7d:2c:c1:c4:52:6d:80:77:f1:1e:
         de:d7:8b:9f:a0:4b:6f:88:1d:35:a9:9d:1c:71:3e:b1:18:e6:
         e8:2e:b8:1f:0e:e3:84:35:18:31:af:23:9f:31:a2:87:99:35:
         31:95:28:81:3b:82:89:43:a6:e8:11:64:f3:f1:22:07:e8:b1:
         e2:42:01:18
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUCHSbSo3xA1FZ74S+Nsfxx4T+JQ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTUwMDMwMDZaFw0yNTA4MTkyMzU5NTlaMHoxSTBHBgNV
BAUTQGI1ODM2OGEwMTllZWI1NzU4NmZiMzJjYTNlNGZlNjFiZWQ2YmM3NTczZmRk
YWI0NDg0NGNmNDJmYTExOTg3MjUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKQXFg1HZ/AfwyHc4EfqcXJ9hJreO1MezwKc0V9wWKMnvO+eQrmlEDOz8C2g
4rQ49TirYFOuD16XA9Fsun/f714qG/GwPvLTIqyN82ofxZzpU+PkBjVQstxEBjHF
IJL1bAzaTnDYGq1J58oHuFoHHI0GT75V3aw7KOi12f9exxY9DXxsfz+FYiDkawXK
ByrVqfn6smzaTmYUHlv/TXZ7bNzjQdzbJjlTMLgbtLeucOTEFgfSHHT0lpqy/Rst
oYdE02iIzBOn7vTparkNUUs5Hos11ilYhmbldzlwpji0fC0kePtk2tr7TrQVDsxT
PM6oC0FP3eSp3rBMRDXs3wUpWt8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQxHblP
YOUjuClQo3w71pFbWuxBtzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDQxMWVjYTctOTVhZi00MWRkLWEyZmMtZmRhYTE2MmFkMmU3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBFN28DAN
BgkqhkiG9w0BAQsFAAOCAQEAtq7+8Orz8jbQKmaW4H6B3UKPeQnAJBtUMkkOKJHH
fE+HfZck/90rINT6WGQvcAZ6B4PDhN7ajeNNuGb+xCMPW8s4uNExT0QVBZFQlvEr
9/FtcL+FKK7p6J8LhpVx35tmX6bJNn8RugW4yxs+Fl2GFCyxiU1/2zBOJTouqbOO
HRRuxP0L5QU7csp2GGjvw9JVbtxTRGINWNY5F4ZVeF8s5TE5kY9DKi1yCe0NFCMQ
aaMQvveMgE4eeyT4NEF9LMHEUm2Ad/Ee3teLn6BLb4gdNamdHHE+sRjm6C64Hw7j
hDUYMa8jnzGih5k1MZUogTuCiUOm6BFk8/EiB+ix4kIBGA==
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:38:54 2025 by rpki-client