Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/19bd833c-9eac-4b19-b264-a191d9c1b939.roa
File:                     19bd833c-9eac-4b19-b264-a191d9c1b939.roa (raw, json)
Hash identifier:          tNnzVXQ+G0ti0Oog/HtUG08lN6gLucSn1Mkf7ztLqAQ=
Subject key identifier:   0F:39:AF:21:0E:20:D9:B3:D4:67:55:F3:62:EC:57:8F:27:7A:7B:46
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7D210F4387B877F1B955746C02696F3B84F74D00
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/19bd833c-9eac-4b19-b264-a191d9c1b939.roa
Signing time:             Fri 10 Oct 2025 17:10:45 +0000
ROA not before:           Fri 10 Oct 2025 17:10:45 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.51.216.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:21:0f:43:87:b8:77:f1:b9:55:74:6c:02:69:6f:3b:84:f7:4d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 10 17:10:45 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=5623b954074165d3f2bd2d8be30ea7797f737cbe78e86318503cc24f1dd44797, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f2:6d:47:16:2c:9f:65:0d:e5:f9:cf:18:a2:
                    a4:4e:0f:0d:a1:a0:57:c8:7c:ec:32:ab:88:a1:b2:
                    65:0a:cb:9a:87:64:0e:2d:d3:18:8f:16:38:d7:30:
                    19:3b:02:36:d9:a1:fc:df:39:bd:c2:5e:06:39:b1:
                    c2:18:2c:93:3f:1b:80:f1:0a:0b:24:4a:98:f7:54:
                    4c:8a:a9:03:e8:0f:4f:f5:fe:b8:e8:70:ae:29:35:
                    ef:d7:dc:59:b7:58:f6:ba:9c:93:b7:32:62:00:39:
                    dc:1d:86:b0:ba:ae:d9:d3:ad:fe:fb:e3:24:99:53:
                    85:7d:11:e1:4d:2f:a7:89:aa:65:6a:eb:26:26:73:
                    47:f9:25:0c:b2:87:52:d8:d5:40:8d:92:42:1d:6d:
                    5b:2f:46:5f:6c:07:60:a6:c0:2a:f6:c1:13:d7:2b:
                    53:b8:3d:a5:a9:f9:c2:2b:c2:1a:61:99:52:45:03:
                    79:40:87:28:60:ad:e7:d7:3e:f6:1c:62:e1:d2:56:
                    51:0d:29:0e:d8:32:fb:48:e2:bd:02:60:d8:e4:ab:
                    70:53:b8:36:40:c2:ae:a6:bc:c3:15:6a:63:cf:cf:
                    0e:d6:1a:81:d1:b1:5b:3e:ff:48:24:c3:fa:0d:f2:
                    12:4b:b6:e3:5f:c6:c8:e8:e4:f0:a8:04:ce:62:b1:
                    67:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:39:AF:21:0E:20:D9:B3:D4:67:55:F3:62:EC:57:8F:27:7A:7B:46
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/19bd833c-9eac-4b19-b264-a191d9c1b939.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.51.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1c:20:17:0d:01:63:66:42:e6:e8:cb:41:14:55:ef:61:d2:02:
         88:4a:21:e1:2f:a5:d5:4e:bf:67:e1:5f:b3:ba:63:31:85:5a:
         4b:77:8a:d4:c7:fc:07:fb:cc:2c:8e:a1:15:ac:b3:5e:e1:7d:
         3a:7f:ad:1d:6e:d0:d6:84:94:08:bc:e7:44:d8:d9:45:99:e5:
         43:37:e5:a5:cf:f1:99:e0:95:a0:27:b0:91:d5:fe:93:ed:be:
         8c:28:64:b6:10:44:a1:a4:df:45:7f:d8:74:7a:7a:2e:fc:17:
         7d:8e:b5:a9:f7:a6:98:d5:60:ac:e0:13:5d:66:34:69:85:88:
         d6:84:a4:06:c3:e5:4f:6e:cd:a6:ef:28:4a:bc:8a:bf:be:a0:
         8f:38:5f:ee:50:64:3e:44:2a:18:bc:7c:94:d6:72:02:77:df:
         b7:37:c8:da:f3:93:bf:0c:d3:c5:2b:ee:3a:55:93:7e:97:ad:
         56:bb:23:07:56:5a:bc:89:f7:91:3f:cb:60:72:a2:9c:c6:96:
         a7:0f:86:4e:4a:fb:b9:b9:c8:35:57:d6:fc:87:5a:af:97:75:
         03:a9:bf:2d:29:03:5f:2f:11:6a:1b:88:ec:74:43:a3:15:86:
         62:89:1b:a6:01:ef:ee:e9:30:91:5b:38:e1:40:4a:29:37:6b:
         44:b3:49:62
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUfSEPQ4e4d/G5VXRsAmlvO4T3TQAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzEwNDVaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDU2MjNiOTU0MDc0MTY1ZDNmMmJkMmQ4YmUzMGVhNzc5N2Y3MzdjYmU3OGU4
NjMxODUwM2NjMjRmMWRkNDQ3OTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ3ybUcWLJ9lDeX5zxiipE4PDaGgV8h87DKriKGyZQrLmodkDi3TGI8WONcw
GTsCNtmh/N85vcJeBjmxwhgskz8bgPEKCyRKmPdUTIqpA+gPT/X+uOhwrik179fc
WbdY9rqck7cyYgA53B2GsLqu2dOt/vvjJJlThX0R4U0vp4mqZWrrJiZzR/klDLKH
UtjVQI2SQh1tWy9GX2wHYKbAKvbBE9crU7g9pan5wivCGmGZUkUDeUCHKGCt59c+
9hxi4dJWUQ0pDtgy+0jivQJg2OSrcFO4NkDCrqa8wxVqY8/PDtYagdGxWz7/SCTD
+g3yEku241/GyOjk8KgEzmKxZ40CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQPOa8h
DiDZs9RnVfNi7FePJ3p7RjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTliZDgzM2MtOWVhYy00YjE5LWIyNjQtYTE5MWQ5YzFiOTM5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAy4z2DAN
BgkqhkiG9w0BAQsFAAOCAQEAHCAXDQFjZkLm6MtBFFXvYdICiEoh4S+l1U6/Z+Ff
s7pjMYVaS3eK1Mf8B/vMLI6hFayzXuF9On+tHW7Q1oSUCLznRNjZRZnlQzflpc/x
meCVoCewkdX+k+2+jChkthBEoaTfRX/YdHp6LvwXfY61qfemmNVgrOATXWY0aYWI
1oSkBsPlT27Npu8oSryKv76gjzhf7lBkPkQqGLx8lNZyAnfftzfI2vOTvwzTxSvu
OlWTfpetVrsjB1ZavIn3kT/LYHKinMaWpw+GTkr7ubnINVfW/Idar5d1A6m/LSkD
Xy8RahuI7HRDoxWGYokbpgHv7ukwkVs44UBKKTdrRLNJYg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:12 2025 by rpki-client