Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/279da9d6-10c2-4fd5-9d75-0a963c29c8d4.roa
File:                     279da9d6-10c2-4fd5-9d75-0a963c29c8d4.roa (raw, json)
Hash identifier:          PsQjOAnzKoGt983dBym/a3nnu9i+8RIosNhrnmWYUEE=
Subject key identifier:   A9:43:B8:11:05:56:9D:20:D1:F5:3A:01:F7:7C:9E:9F:A6:73:0B:D3
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0B00C0889CEFE2F7CCBD14480FAF4B9349A1E7F4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/279da9d6-10c2-4fd5-9d75-0a963c29c8d4.roa
Signing time:             Fri 10 Oct 2025 17:10:19 +0000
ROA not before:           Fri 10 Oct 2025 17:10:19 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.137.144.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:00:c0:88:9c:ef:e2:f7:cc:bd:14:48:0f:af:4b:93:49:a1:e7:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 10 17:10:19 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=7b42f0f337c7d664f10739182c7af2308d5b7ac7da0ec36b71153ed93e4dd4cc, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:93:76:a1:9e:76:dd:b5:ab:df:fd:15:34:ab:
                    ef:57:b1:11:52:70:b4:ee:80:e5:e2:c7:29:d3:d9:
                    fc:46:99:70:48:ad:80:34:59:29:bf:14:6b:ba:f1:
                    57:a5:73:da:7c:9d:7d:1a:05:8f:33:ac:44:25:17:
                    24:93:70:ac:35:2b:53:fd:5a:89:47:10:55:2c:b5:
                    97:50:5f:45:eb:bd:29:6a:87:ba:7f:d3:82:9c:3f:
                    6c:92:84:f4:55:19:d2:7e:a0:24:0a:f3:28:93:8a:
                    84:48:1d:83:40:0d:67:af:4d:67:c2:b7:fc:7e:5f:
                    5e:2b:6a:ac:c0:c5:1c:c6:52:e6:60:66:f2:6b:b5:
                    ab:7d:28:ac:58:ca:53:00:31:76:02:13:04:ab:a7:
                    61:80:91:d5:67:71:c0:87:83:49:4e:8e:e1:25:67:
                    01:39:3d:51:fe:5b:86:87:dc:9e:f3:5f:f4:ea:9a:
                    0d:2a:eb:9b:ea:af:41:2b:9a:f9:ec:a1:8f:bb:83:
                    e9:ca:be:bd:4b:23:78:4b:df:e8:d9:cf:50:2b:1e:
                    5f:e2:c4:96:7e:38:9c:8c:e3:05:51:d2:82:4e:e8:
                    42:e0:7e:08:71:74:e7:bd:e7:76:72:65:6b:ef:ac:
                    a8:94:83:56:63:7f:4a:32:bf:43:d9:b7:16:62:65:
                    93:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:43:B8:11:05:56:9D:20:D1:F5:3A:01:F7:7C:9E:9F:A6:73:0B:D3
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/279da9d6-10c2-4fd5-9d75-0a963c29c8d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.137.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0a:38:17:f1:e9:1a:22:b2:17:32:28:22:0b:c9:0f:af:83:d6:
         35:85:2e:a6:96:7a:0d:56:c1:92:40:26:8e:d8:58:fb:cc:8b:
         61:71:72:5c:64:06:af:43:ed:92:2e:8c:72:6d:51:3f:f4:36:
         83:b9:4c:2c:32:0f:e2:ab:64:ed:ae:e5:ba:70:21:a4:bd:27:
         44:64:b3:0d:b3:c0:c2:1a:fe:63:22:d8:ba:a7:9e:8f:f2:13:
         71:3d:56:e0:8b:0e:f9:56:1e:f1:e9:e9:c8:35:14:f2:8f:84:
         93:0f:17:d2:d8:49:f3:02:53:53:ca:9d:61:4b:6b:01:da:d8:
         aa:2f:79:df:d6:b9:21:66:6f:6e:b8:fd:0f:da:63:69:ae:c3:
         80:5d:ca:90:b7:86:8f:e3:62:47:34:27:eb:8e:cb:50:38:32:
         fd:f4:cd:dd:81:84:f7:0c:59:b5:4f:9c:c4:be:ec:83:d8:a6:
         51:37:b0:98:a1:b0:54:82:cc:26:0d:d6:f0:19:50:29:50:e6:
         2a:f9:c8:f6:cd:7b:8a:5e:ac:4f:6c:c9:83:bb:f2:1f:73:b1:
         40:2e:79:40:b8:6c:11:1c:a9:46:b5:c7:06:06:c4:23:ad:88:
         7e:77:d6:dd:0a:72:49:aa:6e:86:d0:ae:b8:1f:22:10:1e:38:
         7f:e6:cf:9c
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUCwDAiJzv4vfMvRRID69Lk0mh5/QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzEwMTlaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDdiNDJmMGYzMzdjN2Q2NjRmMTA3MzkxODJjN2FmMjMwOGQ1YjdhYzdkYTBl
YzM2YjcxMTUzZWQ5M2U0ZGQ0Y2MxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO+TdqGedt21q9/9FTSr71exEVJwtO6A5eLHKdPZ/EaZcEitgDRZKb8Ua7rx
V6Vz2nydfRoFjzOsRCUXJJNwrDUrU/1aiUcQVSy1l1BfReu9KWqHun/Tgpw/bJKE
9FUZ0n6gJArzKJOKhEgdg0ANZ69NZ8K3/H5fXitqrMDFHMZS5mBm8mu1q30orFjK
UwAxdgITBKunYYCR1WdxwIeDSU6O4SVnATk9Uf5bhofcnvNf9OqaDSrrm+qvQSua
+eyhj7uD6cq+vUsjeEvf6NnPUCseX+LEln44nIzjBVHSgk7oQuB+CHF0573ndnJl
a++sqJSDVmN/SjK/Q9m3FmJlkx8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSpQ7gR
BVadINH1OgH3fJ6fpnML0zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Mjc5ZGE5ZDYtMTBjMi00ZmQ1LTlkNzUtMGE5NjNjMjljOGQ0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAy6JkDAN
BgkqhkiG9w0BAQsFAAOCAQEACjgX8ekaIrIXMigiC8kPr4PWNYUuppZ6DVbBkkAm
jthY+8yLYXFyXGQGr0Ptki6Mcm1RP/Q2g7lMLDIP4qtk7a7lunAhpL0nRGSzDbPA
whr+YyLYuqeej/ITcT1W4IsO+VYe8enpyDUU8o+Ekw8X0thJ8wJTU8qdYUtrAdrY
qi9539a5IWZvbrj9D9pjaa7DgF3KkLeGj+NiRzQn647LUDgy/fTN3YGE9wxZtU+c
xL7sg9imUTewmKGwVILMJg3W8BlQKVDmKvnI9s17il6sT2zJg7vyH3OxQC55QLhs
ERypRrXHBgbEI62IfnfW3QpySapuhtCuuB8iEB44f+bPnA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:03 2025 by rpki-client