Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/46a21ff8-4dea-4da4-a276-6b424d4e3bed.roa
File:                     46a21ff8-4dea-4da4-a276-6b424d4e3bed.roa (raw, json)
Hash identifier:          JE+JR+5W7lghs9ewNF6hiKyVoGN9SGZ+Fs22NJZ0PIQ=
Subject key identifier:   E7:A6:AA:10:2E:F7:A0:A3:AE:DA:98:1A:27:EC:32:98:A5:0C:9E:31
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       630FC7D0972C0BE45C6B5E7080E0F856C7587270
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/46a21ff8-4dea-4da4-a276-6b424d4e3bed.roa
Signing time:             Fri 10 Oct 2025 17:10:38 +0000
ROA not before:           Fri 10 Oct 2025 17:10:38 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.137.224.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:0f:c7:d0:97:2c:0b:e4:5c:6b:5e:70:80:e0:f8:56:c7:58:72:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 10 17:10:38 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=59df26e5abf00f2566db49d403cd5bf98aced10243db5d53c909359e5fcd5f21, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:fe:2b:c3:1d:a8:af:3f:0a:06:9c:af:17:84:
                    bf:39:c5:83:9b:39:c1:fe:7b:08:33:b4:bf:46:87:
                    59:69:bd:25:e0:94:bd:19:ca:9f:24:ee:a1:8f:53:
                    5f:d1:66:c4:29:17:7c:c7:16:51:21:1d:87:c0:df:
                    7e:5f:63:60:2b:b1:36:4c:da:60:d0:c4:b0:eb:21:
                    c3:d3:01:4a:93:b6:ba:14:8a:6f:29:21:a3:66:3f:
                    32:e1:a8:2c:41:00:57:5c:0f:49:59:31:90:63:a1:
                    e1:6d:9a:84:00:db:68:2e:1c:34:3f:66:e6:59:30:
                    3f:b7:30:12:75:f6:3b:10:e1:48:94:20:ee:e9:cf:
                    0c:e4:71:ad:b8:9c:e7:21:41:5a:83:5d:16:ac:28:
                    f2:46:8e:fa:09:2b:6c:81:70:c1:3f:c3:18:00:e3:
                    46:82:b7:85:c3:26:b6:f9:5b:44:a5:97:58:21:f5:
                    c7:e9:e9:84:47:ce:6b:24:37:f4:d3:92:7e:5b:ea:
                    0b:2d:e6:73:a5:bc:79:cd:7a:87:63:6a:1a:ac:81:
                    71:ac:62:a2:aa:b0:8e:9e:32:bf:15:b5:27:2f:c9:
                    43:fc:cc:e3:15:bc:07:73:3f:ed:21:64:0e:05:c3:
                    11:fc:4b:30:c2:89:72:b0:54:23:09:5b:55:48:54:
                    6c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:A6:AA:10:2E:F7:A0:A3:AE:DA:98:1A:27:EC:32:98:A5:0C:9E:31
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/46a21ff8-4dea-4da4-a276-6b424d4e3bed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.137.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         42:40:33:7b:1a:3e:0b:95:b6:43:38:26:db:39:b1:b6:7e:58:
         d5:15:44:11:0e:08:13:da:fb:2c:a7:93:57:a9:4a:11:d8:75:
         d0:83:84:14:b8:a5:ac:78:b8:11:b5:8f:f0:44:7f:b5:94:3e:
         e1:99:10:dc:08:da:d4:6d:4d:c8:69:87:e8:41:ec:02:3b:c2:
         97:27:82:45:93:79:ab:55:78:1d:56:d4:5a:72:ee:9d:d3:d1:
         c8:a5:a1:11:31:e4:89:ff:fe:f2:d8:e0:69:c0:3f:8a:bd:87:
         db:17:42:f4:b6:31:5c:12:0b:10:a1:08:8b:9d:37:9b:3c:7a:
         d2:d8:b9:84:eb:ca:8d:32:46:16:e9:97:6d:7f:a9:72:a9:70:
         85:47:2a:3f:1e:70:bb:d6:73:79:29:7e:73:f8:d1:bf:a8:09:
         e0:62:43:a4:2c:32:d6:55:09:76:f6:95:b7:6a:f1:36:14:b4:
         49:06:93:98:76:31:22:ee:c0:2f:22:e3:a2:8c:a9:56:ca:16:
         d6:9d:85:b7:05:c4:1e:af:8f:0c:95:45:aa:e5:df:e2:e2:81:
         92:c6:66:be:91:c0:b6:85:6e:09:6d:4e:32:2f:e8:a9:0b:2d:
         94:93:6f:a3:f3:a9:39:52:5e:54:fe:9c:ed:f4:70:d1:4d:b1:
         ae:c8:32:36
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUYw/H0JcsC+Rca15wgOD4VsdYcnAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzEwMzhaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDU5ZGYyNmU1YWJmMDBmMjU2NmRiNDlkNDAzY2Q1YmY5OGFjZWQxMDI0M2Ri
NWQ1M2M5MDkzNTllNWZjZDVmMjExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMf+K8MdqK8/CgacrxeEvznFg5s5wf57CDO0v0aHWWm9JeCUvRnKnyTuoY9T
X9FmxCkXfMcWUSEdh8Dffl9jYCuxNkzaYNDEsOshw9MBSpO2uhSKbykho2Y/MuGo
LEEAV1wPSVkxkGOh4W2ahADbaC4cND9m5lkwP7cwEnX2OxDhSJQg7unPDORxrbic
5yFBWoNdFqwo8kaO+gkrbIFwwT/DGADjRoK3hcMmtvlbRKWXWCH1x+nphEfOayQ3
9NOSflvqCy3mc6W8ec16h2NqGqyBcaxioqqwjp4yvxW1Jy/JQ/zM4xW8B3M/7SFk
DgXDEfxLMMKJcrBUIwlbVUhUbLMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTnpqoQ
Lvego67amBon7DKYpQyeMTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDZhMjFmZjgtNGRlYS00ZGE0LWEyNzYtNmI0MjRkNGUzYmVkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBS6J4DAN
BgkqhkiG9w0BAQsFAAOCAQEAQkAzexo+C5W2Qzgm2zmxtn5Y1RVEEQ4IE9r7LKeT
V6lKEdh10IOEFLilrHi4EbWP8ER/tZQ+4ZkQ3Aja1G1NyGmH6EHsAjvClyeCRZN5
q1V4HVbUWnLundPRyKWhETHkif/+8tjgacA/ir2H2xdC9LYxXBILEKEIi503mzx6
0ti5hOvKjTJGFumXbX+pcqlwhUcqPx5wu9ZzeSl+c/jRv6gJ4GJDpCwy1lUJdvaV
t2rxNhS0SQaTmHYxIu7ALyLjooypVsoW1p2FtwXEHq+PDJVFquXf4uKBksZmvpHA
toVuCW1OMi/oqQstlJNvo/OpOVJeVP6c7fRw0U2xrsgyNg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:09 2025 by rpki-client