Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a472a17f-cded-45fb-a444-3393023f0b36.roa
File:                     a472a17f-cded-45fb-a444-3393023f0b36.roa (raw, json)
Hash identifier:          Cn9ZKbZ/Z7uvjWtiPbD3bzsgTtUmtpW8XLwCb+1ShyU=
Subject key identifier:   02:34:30:5C:ED:6F:7F:29:E9:66:39:68:A1:96:E2:A7:0B:F8:EC:89
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7576679F62793B6A5AD71198AB56C552A8C8BA5B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a472a17f-cded-45fb-a444-3393023f0b36.roa
Signing time:             Fri 10 Oct 2025 17:10:42 +0000
ROA not before:           Fri 10 Oct 2025 17:10:42 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.51.208.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:76:67:9f:62:79:3b:6a:5a:d7:11:98:ab:56:c5:52:a8:c8:ba:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 10 17:10:42 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=b5299ceb015362e3a69300f2f4b3b2226720fa608c5176ced13830d7ff581eaa, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:51:ea:d1:71:ba:f4:bf:f7:bb:90:20:73:5e:
                    6d:fd:a8:66:0b:60:32:87:a5:d8:ab:67:f2:6d:71:
                    25:db:9a:a9:bf:aa:cc:4a:fc:b5:1e:30:6b:58:b2:
                    6f:db:78:e4:a9:d3:00:21:2e:0b:71:2a:6a:1a:65:
                    15:de:88:d2:83:3d:52:81:42:9e:5c:d8:8e:a7:f3:
                    f0:08:09:6f:28:9f:d6:d6:f1:fd:37:97:cb:8b:c5:
                    36:5f:2f:26:9b:4d:b8:e6:b6:8e:aa:ed:9d:44:5d:
                    a1:c0:4e:2d:00:9a:99:65:ab:54:f6:b8:31:75:6f:
                    66:a4:8e:bb:b3:f6:37:61:b8:14:57:c1:9c:ed:71:
                    69:af:ff:d1:a9:ee:21:9b:dc:32:fa:98:74:cf:bd:
                    18:19:e8:63:71:27:4e:fe:14:bb:50:21:f1:a9:42:
                    a7:26:ec:db:7b:65:63:67:21:ca:d4:38:68:7e:9f:
                    f8:72:eb:17:12:f8:ca:fb:50:0c:3a:ad:8b:05:a5:
                    35:da:ae:7a:0b:57:c6:62:e0:78:2c:a0:67:19:27:
                    8a:52:1e:24:d5:ba:b7:93:25:25:c2:4e:91:bd:0a:
                    4d:6c:95:d4:a5:12:dc:4a:dd:36:cf:8c:2a:2b:bd:
                    ed:1a:ce:b1:7e:f2:a5:0a:3d:c8:8f:09:6b:29:50:
                    61:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:34:30:5C:ED:6F:7F:29:E9:66:39:68:A1:96:E2:A7:0B:F8:EC:89
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a472a17f-cded-45fb-a444-3393023f0b36.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.51.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:e3:7a:4a:ca:8b:07:ae:83:d5:a8:4e:f3:35:fc:a6:2f:52:
         ec:21:00:c8:04:f4:56:eb:b0:8c:16:aa:b5:17:c6:8b:34:5c:
         aa:08:82:cf:d9:a9:fa:1f:f7:2a:24:63:f7:14:94:dd:b6:28:
         20:d2:9c:b7:af:83:62:3d:53:a4:59:4f:2f:1a:8f:58:b4:95:
         ab:4b:b7:f1:24:94:9f:20:2a:94:84:c5:d9:48:98:e9:6d:6f:
         b3:17:7b:6d:de:bc:52:1e:9a:05:95:50:77:a5:b6:12:e9:94:
         37:82:d5:bb:a0:9a:ac:15:17:61:97:d9:a8:45:07:0d:17:97:
         73:01:ff:07:81:d9:b7:5d:c4:fe:a1:aa:c6:0b:53:88:15:99:
         72:91:18:17:fb:92:97:58:86:9f:5c:77:53:c7:ba:35:3d:b0:
         fa:55:b0:03:22:dc:03:b6:07:7b:fb:b9:77:ab:fa:f5:86:e7:
         08:83:39:4e:88:05:89:ed:ec:58:33:30:e5:1e:f2:58:6b:ca:
         84:0e:52:17:33:52:cf:32:14:47:11:ee:76:3a:17:61:f6:b4:
         9b:3e:de:e1:d7:15:28:ba:36:2f:73:fe:09:c6:d4:0a:78:5b:
         26:6d:40:70:cf:36:5b:48:6a:7b:52:fd:62:e9:26:08:0c:6f:
         07:26:f0:4b
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUdXZnn2J5O2pa1xGYq1bFUqjIulswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzEwNDJaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQGI1Mjk5Y2ViMDE1MzYyZTNhNjkzMDBmMmY0YjNiMjIyNjcyMGZhNjA4YzUx
NzZjZWQxMzgzMGQ3ZmY1ODFlYWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALlR6tFxuvS/97uQIHNebf2oZgtgMoel2Ktn8m1xJduaqb+qzEr8tR4wa1iy
b9t45KnTACEuC3EqahplFd6I0oM9UoFCnlzYjqfz8AgJbyif1tbx/TeXy4vFNl8v
JptNuOa2jqrtnURdocBOLQCamWWrVPa4MXVvZqSOu7P2N2G4FFfBnO1xaa//0anu
IZvcMvqYdM+9GBnoY3EnTv4Uu1Ah8alCpybs23tlY2chytQ4aH6f+HLrFxL4yvtQ
DDqtiwWlNdquegtXxmLgeCygZxknilIeJNW6t5MlJcJOkb0KTWyV1KUS3ErdNs+M
Kiu97RrOsX7ypQo9yI8JaylQYcsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQCNDBc
7W9/KelmOWihluKnC/jsiTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTQ3MmExN2YtY2RlZC00NWZiLWE0NDQtMzM5MzAyM2YwYjM2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi4z0DAN
BgkqhkiG9w0BAQsFAAOCAQEAEON6SsqLB66D1ahO8zX8pi9S7CEAyAT0VuuwjBaq
tRfGizRcqgiCz9mp+h/3KiRj9xSU3bYoINKct6+DYj1TpFlPLxqPWLSVq0u38SSU
nyAqlITF2UiY6W1vsxd7bd68Uh6aBZVQd6W2EumUN4LVu6CarBUXYZfZqEUHDReX
cwH/B4HZt13E/qGqxgtTiBWZcpEYF/uSl1iGn1x3U8e6NT2w+lWwAyLcA7YHe/u5
d6v69YbnCIM5TogFie3sWDMw5R7yWGvKhA5SFzNSzzIURxHudjoXYfa0mz7e4dcV
KLo2L3P+CcbUCnhbJm1AcM82W0hqe1L9YukmCAxvBybwSw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:15 2025 by rpki-client