Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b44363b9-ba48-4913-b8a4-9cd0dc32ba02.roa
File:                     b44363b9-ba48-4913-b8a4-9cd0dc32ba02.roa (raw, json)
Hash identifier:          cDLRlzuXJiY3+zJvjunZNWIYwCXjane4tHDKDRKq758=
Subject key identifier:   0A:CD:99:F6:5A:72:E7:3C:DD:36:10:FB:D5:C5:05:B5:60:84:1D:F6
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       50D432EB5C41C3477F9BE09EC85537092950D405
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b44363b9-ba48-4913-b8a4-9cd0dc32ba02.roa
Signing time:             Fri 10 Oct 2025 17:10:46 +0000
ROA not before:           Fri 10 Oct 2025 17:10:46 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.51.240.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:d4:32:eb:5c:41:c3:47:7f:9b:e0:9e:c8:55:37:09:29:50:d4:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 10 17:10:46 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=697878d7fa7e6c133a507f7da3aa9b4f6458d2c0d02f3c729616644115efeb02, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:cc:91:aa:54:2d:8a:a5:94:02:b4:c5:a0:f6:
                    63:8b:cf:79:9d:08:43:e0:e1:20:1a:c7:22:d7:a9:
                    d1:ea:4a:df:6a:03:ea:80:f3:c1:17:2f:df:fe:2a:
                    85:4c:35:ea:0e:34:0a:a8:35:f0:64:7b:bc:a3:fc:
                    4b:6e:b2:d2:5b:2f:7d:7c:9a:8a:8f:c9:c8:20:34:
                    f9:4f:36:b8:b3:a9:a4:b5:4b:e8:f7:b4:b5:cd:54:
                    dd:3b:fb:10:a3:2b:3a:5a:f6:30:7c:83:24:12:7c:
                    9f:92:11:35:f2:db:dd:41:46:c0:d5:53:a9:d4:26:
                    49:17:80:6e:95:13:f5:02:59:84:c6:3c:87:7b:e3:
                    51:e3:3e:5c:e6:2f:23:6a:6b:38:5d:71:e2:37:ec:
                    98:06:b6:f3:79:72:23:67:c2:35:fb:20:09:f3:8d:
                    5f:6b:a9:30:1d:a9:ce:43:28:14:20:15:1f:7c:d8:
                    d2:b2:de:d1:f9:81:5c:5f:c0:ce:85:d3:60:83:c7:
                    24:35:cc:cb:ca:4a:8f:3e:6f:9a:c3:ec:7a:9d:7f:
                    9e:d2:81:55:22:69:a3:0b:96:1f:a3:ba:ef:76:05:
                    27:c7:f7:9f:a6:99:7f:76:f5:87:2b:44:6d:f7:47:
                    e1:80:12:ad:96:47:b6:5f:af:03:6b:41:0e:02:c7:
                    9a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:CD:99:F6:5A:72:E7:3C:DD:36:10:FB:D5:C5:05:B5:60:84:1D:F6
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b44363b9-ba48-4913-b8a4-9cd0dc32ba02.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.51.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         93:0e:f3:66:59:18:d6:91:31:03:61:33:9c:59:33:ab:b0:26:
         c2:9f:55:18:42:82:b7:c6:b3:ca:64:d0:e1:5a:35:16:4e:a4:
         ee:e1:5b:d0:db:94:73:8b:e6:05:e2:b0:ca:27:2c:d5:e9:50:
         dc:0e:b1:2c:dc:3a:e8:6d:28:47:af:ca:45:58:3e:4d:92:57:
         4c:80:6f:b4:10:b6:4a:6e:23:32:d4:08:54:b4:8a:f0:42:d0:
         b9:d1:01:d2:d3:39:41:67:0f:02:ab:b4:25:bd:37:14:62:01:
         0e:0f:ea:16:55:b4:4b:e6:44:51:28:04:46:18:9f:70:de:b1:
         60:a6:62:6c:c8:8f:a3:6b:fc:0e:55:d0:1e:fb:30:9d:7a:25:
         6e:2e:ad:7c:88:19:fc:20:70:99:59:ba:31:9c:86:c5:3c:ef:
         a4:64:9a:25:c0:ba:85:f5:6e:ce:1f:9b:47:69:0d:44:f0:66:
         98:10:42:59:f2:10:5c:e8:6b:d5:3a:1a:f3:da:49:97:a2:e2:
         d1:b7:8d:09:b5:b0:c3:39:ac:e1:22:f5:24:06:92:e0:37:b8:
         21:4f:99:3d:ea:9f:0f:7a:39:b8:75:e8:bb:da:d4:b4:e2:6b:
         e0:27:d1:58:52:ed:fb:e3:b4:15:8f:5e:20:bf:bf:7b:de:04:
         05:4e:db:f7
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUUNQy61xBw0d/m+CeyFU3CSlQ1AUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzEwNDZaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDY5Nzg3OGQ3ZmE3ZTZjMTMzYTUwN2Y3ZGEzYWE5YjRmNjQ1OGQyYzBkMDJm
M2M3Mjk2MTY2NDQxMTVlZmViMDIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJTMkapULYqllAK0xaD2Y4vPeZ0IQ+DhIBrHItep0epK32oD6oDzwRcv3/4q
hUw16g40Cqg18GR7vKP8S26y0lsvfXyaio/JyCA0+U82uLOppLVL6Pe0tc1U3Tv7
EKMrOlr2MHyDJBJ8n5IRNfLb3UFGwNVTqdQmSReAbpUT9QJZhMY8h3vjUeM+XOYv
I2prOF1x4jfsmAa283lyI2fCNfsgCfONX2upMB2pzkMoFCAVH3zY0rLe0fmBXF/A
zoXTYIPHJDXMy8pKjz5vmsPsep1/ntKBVSJpowuWH6O673YFJ8f3n6aZf3b1hytE
bfdH4YASrZZHtl+vA2tBDgLHmn0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQKzZn2
WnLnPN02EPvVxQW1YIQd9jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjQ0MzYzYjktYmE0OC00OTEzLWI4YTQtOWNkMGRjMzJiYTAyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBC4z8DAN
BgkqhkiG9w0BAQsFAAOCAQEAkw7zZlkY1pExA2EznFkzq7Amwp9VGEKCt8azymTQ
4Vo1Fk6k7uFb0NuUc4vmBeKwyics1elQ3A6xLNw66G0oR6/KRVg+TZJXTIBvtBC2
Sm4jMtQIVLSK8ELQudEB0tM5QWcPAqu0Jb03FGIBDg/qFlW0S+ZEUSgERhifcN6x
YKZibMiPo2v8DlXQHvswnXolbi6tfIgZ/CBwmVm6MZyGxTzvpGSaJcC6hfVuzh+b
R2kNRPBmmBBCWfIQXOhr1Toa89pJl6Li0beNCbWwwzms4SL1JAaS4De4IU+ZPeqf
D3o5uHXou9rUtOJr4CfRWFLt++O0FY9eIL+/e94EBU7b9w==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:19 2025 by rpki-client