Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2eab4c42-5a06-4b45-b0cf-92f23ba278f9.roa
File:                     2eab4c42-5a06-4b45-b0cf-92f23ba278f9.roa (raw, json)
Hash identifier:          HQEQURNY3ptAdtwH7vGOgC16sgKKoUvXzZ0nJauqMBY=
Subject key identifier:   95:06:AA:F1:02:79:35:A9:47:CD:7A:63:04:4D:74:D0:40:82:13:C9
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7DFEEB488F09A5C41906132445AD5570B250B4AA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2eab4c42-5a06-4b45-b0cf-92f23ba278f9.roa
Signing time:             Fri 10 Oct 2025 17:10:04 +0000
ROA not before:           Fri 10 Oct 2025 17:10:04 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.51.224.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:fe:eb:48:8f:09:a5:c4:19:06:13:24:45:ad:55:70:b2:50:b4:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 10 17:10:04 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=35713d592d1ca96e26876b6bd4f06c7617c4e9bb61cbd692d30731eaca2e72c2, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:20:3e:7d:6d:7a:72:c4:e4:b9:f1:71:68:b9:
                    d3:06:9a:49:4f:14:ff:c8:63:d5:3e:f1:14:73:80:
                    db:18:e9:2e:03:55:0d:7c:86:91:9b:e2:7a:40:46:
                    d1:62:36:f0:56:cd:da:35:5e:5f:ff:27:1b:3d:32:
                    7b:d9:6b:61:1b:90:f6:a6:c6:4c:e4:25:4a:11:bf:
                    4a:c2:c8:24:a6:e4:43:5b:66:cb:5c:81:13:16:77:
                    d7:04:96:1a:fd:10:23:6b:38:9e:01:6d:06:44:9c:
                    a0:74:7b:1c:1c:3f:5b:b1:9a:de:79:4e:ab:5e:68:
                    37:c0:d5:bb:51:fd:ad:1b:46:1b:d2:53:98:75:5a:
                    3a:c4:82:7f:ac:f0:31:f8:3b:9a:3d:9d:6f:be:5f:
                    01:fd:31:68:c6:72:e8:5f:4b:41:7b:22:74:5e:f2:
                    80:2f:ac:92:17:2e:ee:b7:cd:03:aa:e4:7c:51:01:
                    4e:a1:8d:f0:66:68:ef:4a:68:b4:76:8b:55:b3:a3:
                    81:94:7d:6f:77:c2:51:64:c5:07:d0:04:00:f0:a4:
                    fa:5a:a2:90:9d:68:c3:fa:d4:9d:09:e0:e4:84:1b:
                    46:79:79:d6:58:29:5d:fc:40:01:cc:07:ec:e2:f7:
                    6f:b3:b5:c5:eb:b7:5b:6f:94:36:a8:12:53:ff:88:
                    63:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:06:AA:F1:02:79:35:A9:47:CD:7A:63:04:4D:74:D0:40:82:13:C9
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2eab4c42-5a06-4b45-b0cf-92f23ba278f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.51.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         19:f6:d6:29:bb:36:19:65:3c:b3:62:4e:8c:a3:d3:75:a7:22:
         42:75:f0:c5:fc:51:4d:99:4c:28:36:27:38:83:0a:a7:a9:4c:
         db:34:09:e8:c5:6a:93:d2:50:4c:d0:39:00:23:58:63:c3:9b:
         3b:2e:5d:4e:fb:80:40:98:cb:f2:e8:2f:a7:33:80:7e:92:30:
         94:c0:5c:b9:b9:fe:ae:aa:7a:b4:b3:c8:1f:be:c9:80:d6:2d:
         b8:fb:f1:55:b9:e2:d6:1f:1c:a2:c7:b5:16:9a:ad:b5:04:ee:
         3f:7b:42:85:77:51:0e:7d:bf:c5:39:a0:89:59:de:0a:e4:49:
         2a:ea:87:a7:3a:f8:b2:b2:65:a3:c1:d0:c6:d2:a4:b4:96:ce:
         3d:bd:48:d0:42:c6:b4:86:4e:0b:db:4b:00:f5:06:75:d5:0d:
         0d:57:01:cd:24:a9:8b:17:f2:7a:d1:0f:02:f2:04:73:f6:b7:
         e9:6d:32:ee:33:42:69:3f:61:c0:b9:89:ea:a8:dd:1c:e4:db:
         b1:f3:85:bb:90:af:35:a0:11:8a:18:0d:10:b3:0b:57:ff:a6:
         a3:c5:7a:fb:9e:03:cf:ca:19:5d:c6:47:b3:04:5b:48:a7:c9:
         d4:51:81:e4:25:61:da:e4:3f:9f:ab:19:c0:f7:cc:1c:d4:6b:
         8a:15:46:e2
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUff7rSI8JpcQZBhMkRa1VcLJQtKowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzEwMDRaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDM1NzEzZDU5MmQxY2E5NmUyNjg3NmI2YmQ0ZjA2Yzc2MTdjNGU5YmI2MWNi
ZDY5MmQzMDczMWVhY2EyZTcyYzIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKAgPn1tenLE5LnxcWi50waaSU8U/8hj1T7xFHOA2xjpLgNVDXyGkZviekBG
0WI28FbN2jVeX/8nGz0ye9lrYRuQ9qbGTOQlShG/SsLIJKbkQ1tmy1yBExZ31wSW
Gv0QI2s4ngFtBkScoHR7HBw/W7Ga3nlOq15oN8DVu1H9rRtGG9JTmHVaOsSCf6zw
Mfg7mj2db75fAf0xaMZy6F9LQXsidF7ygC+skhcu7rfNA6rkfFEBTqGN8GZo70po
tHaLVbOjgZR9b3fCUWTFB9AEAPCk+lqikJ1ow/rUnQng5IQbRnl51lgpXfxAAcwH
7OL3b7O1xeu3W2+UNqgSU/+IY+UCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSVBqrx
Ank1qUfNemMETXTQQIITyTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MmVhYjRjNDItNWEwNi00YjQ1LWIwY2YtOTJmMjNiYTI3OGY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBC4z4DAN
BgkqhkiG9w0BAQsFAAOCAQEAGfbWKbs2GWU8s2JOjKPTdaciQnXwxfxRTZlMKDYn
OIMKp6lM2zQJ6MVqk9JQTNA5ACNYY8ObOy5dTvuAQJjL8ugvpzOAfpIwlMBcubn+
rqp6tLPIH77JgNYtuPvxVbni1h8cose1FpqttQTuP3tChXdRDn2/xTmgiVneCuRJ
KuqHpzr4srJlo8HQxtKktJbOPb1I0ELGtIZOC9tLAPUGddUNDVcBzSSpixfyetEP
AvIEc/a36W0y7jNCaT9hwLmJ6qjdHOTbsfOFu5CvNaARihgNELMLV/+mo8V6+54D
z8oZXcZHswRbSKfJ1FGB5CVh2uQ/n6sZwPfMHNRrihVG4g==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:14 2025 by rpki-client