Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d3290b1-5123-4651-a2b9-bde2c7d0d334.roa
File:                     7d3290b1-5123-4651-a2b9-bde2c7d0d334.roa (raw, json)
Hash identifier:          SqoM6WZ2FSLeZc58o8Zb0LrI1YNB0SzR2pszs52ekBY=
Subject key identifier:   BC:F3:1A:C2:D5:06:F8:F6:31:3A:40:A4:05:5D:32:EC:C4:5E:B0:43
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0BE364F4F3B2AC9ACC407F1DAF6BF5C65C2A853C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d3290b1-5123-4651-a2b9-bde2c7d0d334.roa
Signing time:             Fri 10 Oct 2025 17:10:44 +0000
ROA not before:           Fri 10 Oct 2025 17:10:44 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.51.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:e3:64:f4:f3:b2:ac:9a:cc:40:7f:1d:af:6b:f5:c6:5c:2a:85:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 10 17:10:44 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=210823f30579d3cf2d84d683dc1a96a9563cd94560f79d77604b1e143b503989, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:4d:35:2f:a0:0f:c6:f4:97:9f:b6:3d:f3:c8:
                    a0:60:ef:1f:36:71:ef:a6:f3:1c:66:d6:68:07:19:
                    ad:a4:de:62:ab:77:15:01:03:df:8a:21:d3:0c:90:
                    0a:51:67:02:4d:24:87:fb:ac:3f:5e:38:57:7f:db:
                    3d:21:7b:9b:14:22:49:dc:8c:56:31:83:1a:98:9d:
                    de:d5:ca:c4:36:cd:3a:cd:4d:3d:cb:7a:a0:b5:d8:
                    68:04:e4:4a:e4:f0:32:b5:c9:87:dd:bd:33:cb:37:
                    ce:e9:90:14:0b:3d:23:e4:5e:bb:f8:18:2d:bc:65:
                    6b:2b:aa:2a:b1:17:29:e0:78:04:c9:ff:e6:ad:5c:
                    cb:77:be:56:5e:02:b6:95:30:99:89:71:b7:bf:14:
                    7f:ff:06:5d:0e:e9:bb:61:2a:c6:f7:23:a2:d7:26:
                    91:e8:ce:0e:a5:19:fa:58:bc:88:49:ad:05:1a:82:
                    bc:4d:ff:f7:45:4a:b5:eb:68:0e:4b:1e:68:5f:74:
                    15:b1:9a:a3:a3:bc:66:fe:b5:02:33:00:05:8a:53:
                    14:de:52:ea:db:10:b8:70:ee:1d:73:06:83:1b:f9:
                    66:4e:ec:6d:b5:9e:b2:c5:b8:c6:45:a8:4b:88:db:
                    1d:e4:ec:53:bd:4c:e8:91:1f:4d:50:a3:02:a1:95:
                    04:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:F3:1A:C2:D5:06:F8:F6:31:3A:40:A4:05:5D:32:EC:C4:5E:B0:43
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d3290b1-5123-4651-a2b9-bde2c7d0d334.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.51.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         b8:2d:cd:b1:b2:ea:c8:28:ab:e3:9b:82:37:d6:94:bf:8b:84:
         7b:0a:ee:95:c1:86:68:d8:b5:92:eb:b5:f3:0d:22:17:1e:6b:
         5a:51:7d:8b:d8:37:fb:26:1c:00:65:35:73:50:3f:d2:30:87:
         c5:08:f8:ce:be:5e:34:ca:79:c6:c5:ec:c6:53:6e:34:94:42:
         ff:ca:b6:7d:79:55:44:68:5b:42:30:c8:27:50:e6:73:4e:82:
         ca:f4:8c:e2:7d:ae:9f:d0:cf:58:db:b8:26:83:19:83:e0:6d:
         26:04:fd:ba:40:12:aa:ba:db:ed:26:40:44:92:4c:43:14:e0:
         5c:2c:b5:9e:d5:ba:fa:30:9e:de:8e:14:2f:31:28:7a:fc:b8:
         a9:42:c7:46:8e:51:74:43:d5:db:0b:cc:1b:b0:10:bd:5d:25:
         0b:3e:47:63:24:0b:41:d5:af:79:9f:cc:84:4d:11:fe:59:ac:
         68:19:fc:32:f3:9b:83:41:dd:18:bb:fa:63:b6:ec:34:b6:f9:
         c1:1c:ec:35:4a:e4:22:4a:dd:0b:da:88:4e:e1:e4:2b:60:dc:
         40:a6:ff:9a:91:9a:1d:36:a4:df:a7:59:78:61:5c:9e:a9:f8:
         17:eb:7e:62:bd:e4:4a:3a:80:44:38:ff:54:cd:72:a3:30:8a:
         09:c6:6d:d9
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUC+Nk9POyrJrMQH8dr2v1xlwqhTwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzEwNDRaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDIxMDgyM2YzMDU3OWQzY2YyZDg0ZDY4M2RjMWE5NmE5NTYzY2Q5NDU2MGY3
OWQ3NzYwNGIxZTE0M2I1MDM5ODkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM1NNS+gD8b0l5+2PfPIoGDvHzZx76bzHGbWaAcZraTeYqt3FQED34oh0wyQ
ClFnAk0kh/usP144V3/bPSF7mxQiSdyMVjGDGpid3tXKxDbNOs1NPct6oLXYaATk
SuTwMrXJh929M8s3zumQFAs9I+Reu/gYLbxlayuqKrEXKeB4BMn/5q1cy3e+Vl4C
tpUwmYlxt78Uf/8GXQ7pu2EqxvcjotcmkejODqUZ+li8iEmtBRqCvE3/90VKteto
DkseaF90FbGao6O8Zv61AjMABYpTFN5S6tsQuHDuHXMGgxv5Zk7sbbWessW4xkWo
S4jbHeTsU71M6JEfTVCjAqGVBDMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBS88xrC
1Qb49jE6QKQFXTLsxF6wQzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2QzMjkwYjEtNTEyMy00NjUxLWEyYjktYmRlMmM3ZDBkMzM0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBi4zgDAN
BgkqhkiG9w0BAQsFAAOCAQEAuC3NsbLqyCir45uCN9aUv4uEewrulcGGaNi1kuu1
8w0iFx5rWlF9i9g3+yYcAGU1c1A/0jCHxQj4zr5eNMp5xsXsxlNuNJRC/8q2fXlV
RGhbQjDIJ1Dmc06CyvSM4n2un9DPWNu4JoMZg+BtJgT9ukASqrrb7SZARJJMQxTg
XCy1ntW6+jCe3o4ULzEoevy4qULHRo5RdEPV2wvMG7AQvV0lCz5HYyQLQdWveZ/M
hE0R/lmsaBn8MvObg0HdGLv6Y7bsNLb5wRzsNUrkIkrdC9qITuHkK2DcQKb/mpGa
HTak36dZeGFcnqn4F+t+Yr3kSjqARDj/VM1yozCKCcZt2Q==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:06 2025 by rpki-client