Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fd04a54b-459a-491a-a013-59d0ed55825f.roa
File:                     fd04a54b-459a-491a-a013-59d0ed55825f.roa (raw, json)
Hash identifier:          40sIdqezgJ2r3Guy5vgEnakv2kzqntSlG3pMXv827qw=
Subject key identifier:   14:DA:E9:BD:C9:40:80:C2:6A:35:AF:87:0C:65:00:6B:91:1C:2C:64
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       6A77B7C23551206F7D25E97CE5D244BA40A2397E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fd04a54b-459a-491a-a013-59d0ed55825f.roa
Signing time:             Fri 11 Jul 2025 21:00:10 +0000
ROA not before:           Fri 11 Jul 2025 21:00:10 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        51.131.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:77:b7:c2:35:51:20:6f:7d:25:e9:7c:e5:d2:44:ba:40:a2:39:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 11 21:00:10 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=fe3bf516521990d368174d65ef201b406f76dbb99762e3820892e101538aa06f, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:bb:a8:03:69:c7:38:e0:e6:17:77:f1:74:ac:
                    ca:56:dd:4a:8b:11:85:af:26:83:87:a9:42:1a:55:
                    09:58:0d:92:57:7d:b6:fb:9d:d9:57:cd:89:03:ab:
                    43:de:dd:94:5f:45:bd:01:07:3c:b3:e0:7f:0a:c9:
                    c9:e6:80:a5:d1:d5:00:9c:41:5a:e4:26:eb:9d:dc:
                    a9:16:97:a6:f4:b3:17:f2:47:51:1a:3e:1d:f1:40:
                    a5:69:b4:0c:a6:09:36:28:dd:4c:bb:e2:ce:1f:c7:
                    a5:83:93:18:34:51:32:ca:9e:62:51:d7:da:be:f6:
                    8b:25:87:33:86:dd:59:4f:ec:d3:5f:03:b2:1a:78:
                    26:f6:4d:c5:32:67:56:6a:af:e8:ca:f3:87:25:1b:
                    2f:41:14:ee:4b:3e:c3:25:97:84:6c:c3:01:cb:27:
                    4a:87:04:e9:5f:c6:c6:b8:a7:ff:8f:3b:f6:b0:c5:
                    7e:77:77:46:d5:6d:64:65:e5:9d:3f:dd:68:d3:9e:
                    af:2d:3a:5c:fb:55:6d:94:8f:be:1b:cb:f2:16:78:
                    c0:8d:b0:64:9a:3e:8b:ff:db:23:b7:76:ab:61:7c:
                    7f:5b:c5:c7:97:f7:78:c8:83:00:51:8b:6e:9b:83:
                    19:43:0c:a2:8f:ea:b2:d3:a3:4f:9e:b3:e6:8b:db:
                    3a:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:DA:E9:BD:C9:40:80:C2:6A:35:AF:87:0C:65:00:6B:91:1C:2C:64
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fd04a54b-459a-491a-a013-59d0ed55825f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.131.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         71:5b:31:9c:18:dc:a3:23:ca:d7:2b:6f:31:9e:e3:42:92:26:
         1b:0c:4a:b9:b6:c8:8d:e4:e7:e9:d0:f7:36:dc:f2:f0:f1:88:
         66:2e:fc:68:4c:19:e3:d0:ba:46:95:a6:3d:0f:99:6a:0f:0b:
         66:2f:cd:80:d3:85:a4:2b:69:cd:d2:51:8e:f1:2a:fb:0e:66:
         d4:10:50:91:03:30:09:0b:2d:34:4b:83:02:e1:23:92:09:58:
         4e:bd:f7:58:d0:68:65:1b:7c:bc:1b:71:6b:a7:ec:72:fd:a3:
         c1:20:71:db:23:7e:bc:1d:16:66:ac:fa:c5:87:5e:76:bc:47:
         41:c9:d3:2e:02:d2:e7:9c:b9:32:1f:94:19:39:18:4c:85:53:
         28:46:ea:63:57:8d:c9:5c:bf:9f:3c:98:5c:3f:b1:a9:75:2f:
         64:9f:12:c7:2b:17:d8:72:39:1c:2d:3e:d7:5e:55:46:04:0f:
         09:9d:2e:41:90:e5:9b:03:0f:80:ca:75:42:4f:79:61:a8:62:
         f8:6f:ae:f3:7f:5c:05:1f:6d:e5:5a:10:f5:1b:f1:c9:9c:89:
         6e:c0:74:b8:57:61:54:a6:ff:f4:93:02:0c:b4:c9:fd:d3:36:
         2d:c9:f1:f3:cf:cc:38:80:43:f9:6a:58:90:41:43:c6:62:38:
         db:f1:7a:7d
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUane3wjVRIG99Jel85dJEukCiOX4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMTAwMTBaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGZlM2JmNTE2NTIxOTkwZDM2ODE3NGQ2NWVmMjAxYjQwNmY3NmRiYjk5NzYy
ZTM4MjA4OTJlMTAxNTM4YWEwNmYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANC7qANpxzjg5hd38XSsylbdSosRha8mg4epQhpVCVgNkld9tvud2VfNiQOr
Q97dlF9FvQEHPLPgfwrJyeaApdHVAJxBWuQm653cqRaXpvSzF/JHURo+HfFApWm0
DKYJNijdTLvizh/HpYOTGDRRMsqeYlHX2r72iyWHM4bdWU/s018Dshp4JvZNxTJn
Vmqv6MrzhyUbL0EU7ks+wyWXhGzDAcsnSocE6V/Gxrin/4879rDFfnd3RtVtZGXl
nT/daNOery06XPtVbZSPvhvL8hZ4wI2wZJo+i//bI7d2q2F8f1vFx5f3eMiDAFGL
bpuDGUMMoo/qstOjT56z5ovbOm8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQU2um9
yUCAwmo1r4cMZQBrkRwsZDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmQwNGE1NGItNDU5YS00OTFhLWEwMTMtNTlkMGVkNTU4MjVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADODMA0G
CSqGSIb3DQEBCwUAA4IBAQBxWzGcGNyjI8rXK28xnuNCkiYbDEq5tsiN5Ofp0Pc2
3PLw8YhmLvxoTBnj0LpGlaY9D5lqDwtmL82A04WkK2nN0lGO8Sr7DmbUEFCRAzAJ
Cy00S4MC4SOSCVhOvfdY0GhlG3y8G3Frp+xy/aPBIHHbI368HRZmrPrFh152vEdB
ydMuAtLnnLkyH5QZORhMhVMoRupjV43JXL+fPJhcP7GpdS9knxLHKxfYcjkcLT7X
XlVGBA8JnS5BkOWbAw+AynVCT3lhqGL4b67zf1wFH23lWhD1G/HJnIluwHS4V2FU
pv/0kwIMtMn90zYtyfHzz8w4gEP5aliQQUPGYjjb8Xp9
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:37:59 2025 by rpki-client