Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ff2e2d46-44f0-4790-a453-0090beda0015.roa
File:                     ff2e2d46-44f0-4790-a453-0090beda0015.roa (raw, json)
Hash identifier:          NjkJTVo+MnqQgUm4cKIVhQWYTIl+2Gl//6H2KCnSyks=
Subject key identifier:   59:3D:EE:61:1A:D4:00:18:B1:88:37:AF:BC:91:17:83:DB:E5:91:88
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       73E537500B3B3F9C4660D91A9986AF7A6FADE889
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ff2e2d46-44f0-4790-a453-0090beda0015.roa
Signing time:             Fri 11 Jul 2025 20:50:04 +0000
ROA not before:           Fri 11 Jul 2025 20:50:04 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        195.247.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:e5:37:50:0b:3b:3f:9c:46:60:d9:1a:99:86:af:7a:6f:ad:e8:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jul 11 20:50:04 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=6a721f5aa96419d7fcb9922368a3f728a90609073308ad79a28bdfade9c42b56, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:b7:2c:9c:40:39:4d:13:fb:8d:4c:ab:89:4b:
                    7b:46:10:e4:ac:d7:d6:dc:08:63:43:d8:fb:bd:bf:
                    89:68:2e:ff:9c:f1:72:b2:f2:aa:8f:da:31:82:85:
                    27:34:49:3f:a3:cd:57:a3:de:a4:73:3a:e9:52:ea:
                    74:63:b3:c8:f6:7a:e0:40:5f:13:0f:31:0e:75:53:
                    b7:28:15:6a:4e:61:2c:ee:35:e3:99:39:42:11:78:
                    5c:71:06:15:00:ae:a5:c8:a6:c0:db:1c:8a:3a:1a:
                    1d:10:83:15:f7:ff:0d:6c:6e:d6:10:31:76:bb:0a:
                    2f:12:85:41:83:aa:ed:91:2d:9e:9a:9c:15:f8:42:
                    07:af:33:8f:5b:05:ea:5a:3c:fd:9a:56:44:2b:12:
                    81:83:16:62:08:3e:6c:38:79:68:e2:87:4e:ad:48:
                    df:f1:b5:87:c6:ca:88:d2:02:b5:aa:23:1f:95:ea:
                    05:ec:fb:13:f2:53:57:ea:2b:6b:21:7a:4f:7d:a1:
                    3e:24:bf:ce:ae:c9:74:94:4a:db:93:f6:f7:49:25:
                    8a:25:57:78:b6:f5:10:1b:9c:f8:38:77:18:0c:aa:
                    54:62:58:f0:87:db:47:b4:42:46:b2:d3:9e:7b:0f:
                    ca:db:c4:8e:77:9b:e6:b2:fc:dd:95:5d:40:a5:3a:
                    0c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:3D:EE:61:1A:D4:00:18:B1:88:37:AF:BC:91:17:83:DB:E5:91:88
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ff2e2d46-44f0-4790-a453-0090beda0015.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.247.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3c:08:d0:93:b7:9c:dc:a1:04:1d:b3:f3:84:e4:b8:d7:a7:8c:
         6f:4c:18:07:fa:31:b0:37:c7:79:76:88:7d:a0:74:a1:16:af:
         64:08:a9:37:f1:79:a8:f9:0a:de:4a:ae:09:cf:66:35:af:9f:
         eb:49:01:eb:36:d2:b8:f9:30:fc:c6:7d:d5:73:46:d0:c6:58:
         ec:57:23:e5:a8:c7:8c:d8:50:fb:1a:3e:33:69:ea:76:63:f8:
         1f:a5:8f:f7:a4:75:81:df:5d:7a:3f:e3:d4:36:20:c8:b2:af:
         4f:9d:2f:db:5a:22:8a:33:6d:92:8b:fb:fd:76:14:5f:e0:d6:
         67:2a:e7:e5:46:c5:38:ad:30:25:04:5a:20:62:82:ca:f1:65:
         58:1d:0d:43:93:22:1f:3e:bc:0e:00:d6:48:11:8b:20:c2:a4:
         f3:45:45:0b:47:fe:4f:37:c1:5f:e2:94:50:5f:90:02:ac:97:
         ed:69:cb:d5:e3:8e:3a:e7:80:c4:a7:ba:b8:11:64:8b:b8:ca:
         a0:0d:cb:95:28:78:9b:87:2a:f4:9e:ab:d8:67:55:6e:31:c4:
         dc:bb:96:d3:a4:40:c4:cf:ab:fb:0e:a8:53:3c:e0:cf:ca:b8:
         c9:c5:ca:f1:34:e9:7b:fb:4b:fa:41:aa:27:71:5d:a8:24:ad:
         3c:cb:3b:e5
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUc+U3UAs7P5xGYNkamYavem+t6IkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA3MTEyMDUwMDRaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDZhNzIxZjVhYTk2NDE5ZDdmY2I5OTIyMzY4YTNmNzI4YTkwNjA5MDczMzA4
YWQ3OWEyOGJkZmFkZTljNDJiNTYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOW3LJxAOU0T+41Mq4lLe0YQ5KzX1twIY0PY+72/iWgu/5zxcrLyqo/aMYKF
JzRJP6PNV6PepHM66VLqdGOzyPZ64EBfEw8xDnVTtygVak5hLO4145k5QhF4XHEG
FQCupcimwNscijoaHRCDFff/DWxu1hAxdrsKLxKFQYOq7ZEtnpqcFfhCB68zj1sF
6lo8/ZpWRCsSgYMWYgg+bDh5aOKHTq1I3/G1h8bKiNICtaojH5XqBez7E/JTV+or
ayF6T32hPiS/zq7JdJRK25P290kliiVXeLb1EBuc+Dh3GAyqVGJY8IfbR7RCRrLT
nnsPytvEjneb5rL83ZVdQKU6DGsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRZPe5h
GtQAGLGIN6+8kReD2+WRiDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmYyZTJkNDYtNDRmMC00NzkwLWE0NTMtMDA5MGJlZGEwMDE1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMP3MA0G
CSqGSIb3DQEBCwUAA4IBAQA8CNCTt5zcoQQds/OE5LjXp4xvTBgH+jGwN8d5doh9
oHShFq9kCKk38Xmo+QreSq4Jz2Y1r5/rSQHrNtK4+TD8xn3Vc0bQxljsVyPlqMeM
2FD7Gj4zaep2Y/gfpY/3pHWB3116P+PUNiDIsq9PnS/bWiKKM22Si/v9dhRf4NZn
KuflRsU4rTAlBFogYoLK8WVYHQ1DkyIfPrwOANZIEYsgwqTzRUULR/5PN8Ff4pRQ
X5ACrJftacvV444654DEp7q4EWSLuMqgDcuVKHibhyr0nqvYZ1VuMcTcu5bTpEDE
z6v7DqhTPODPyrjJxcrxNOl7+0v6QaoncV2oJK08yzvl
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:44:42 2025 by rpki-client