Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b730eef0-bb94-4d31-bf9a-c0fb9a47b3b1.roa
File:                     b730eef0-bb94-4d31-bf9a-c0fb9a47b3b1.roa (raw, json)
Hash identifier:          xc3146QZHMXaJuucw/MolHRSf0OnekMnhKY7NDvkhlY=
Subject key identifier:   1E:84:64:D4:37:33:61:7C:B0:8D:00:4A:13:2C:1B:1E:26:99:7D:3A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5985DEA941EFC26694F0176E514346555DD0B4B7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b730eef0-bb94-4d31-bf9a-c0fb9a47b3b1.roa
Signing time:             Fri 10 Oct 2025 17:10:45 +0000
ROA not before:           Fri 10 Oct 2025 17:10:45 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.51.160.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:85:de:a9:41:ef:c2:66:94:f0:17:6e:51:43:46:55:5d:d0:b4:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 10 17:10:45 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=e100de95716f2f6dc7cb7a3d6a2bdf26b3c5ec3da4da3c766aeaafa918b1db95, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:96:6c:df:9f:ca:b1:a3:ed:55:bb:19:b9:c5:
                    ea:61:a4:a7:1b:b9:d6:ae:19:7e:c1:69:25:12:33:
                    2e:57:7f:e3:4e:25:87:65:01:c6:a5:37:4c:12:8a:
                    5a:71:62:ab:9e:9b:9b:df:23:a7:f8:e1:e1:68:98:
                    d2:e7:5d:f8:6d:06:a2:d4:37:10:17:ef:58:c7:30:
                    d3:3e:a0:7c:74:90:b3:9a:b9:ff:68:c7:89:1a:9f:
                    2c:ea:d4:b3:ee:d3:fb:16:72:6e:0f:95:23:9b:4e:
                    1a:d1:69:c6:74:6c:52:2d:5f:22:b2:c4:2b:b6:26:
                    df:78:67:53:93:7a:09:17:39:a3:17:3b:90:16:8b:
                    12:18:ff:5a:b0:13:aa:08:99:f2:8d:07:3f:98:bc:
                    6b:48:d0:3c:82:1b:4c:61:c0:ba:f5:6c:91:92:69:
                    47:37:eb:26:99:1b:61:c5:ef:e7:9e:33:76:3f:4f:
                    fa:eb:4b:90:70:14:2d:20:ed:d9:e8:1b:ce:7b:56:
                    ec:b3:71:1a:7d:b0:de:d6:56:3b:7e:2e:c6:dd:65:
                    f1:3e:54:53:72:65:63:93:a7:08:ef:1f:85:df:9b:
                    10:cb:bf:81:c1:35:6c:bf:a8:88:da:97:f7:a6:0e:
                    4f:05:0d:8a:17:0a:f0:e4:78:26:7c:32:55:e9:10:
                    7f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:84:64:D4:37:33:61:7C:B0:8D:00:4A:13:2C:1B:1E:26:99:7D:3A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b730eef0-bb94-4d31-bf9a-c0fb9a47b3b1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.51.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         bc:2d:35:e2:d5:ca:23:24:38:a9:2a:fe:cf:44:4f:8c:d3:2e:
         d3:d5:29:00:d1:21:47:a8:5f:ea:97:92:7c:79:74:09:92:dc:
         2e:5c:40:ca:06:fb:61:4d:b9:4c:71:bb:cf:47:61:e5:9e:74:
         05:5a:8c:b6:e9:d7:b4:4e:2e:25:86:8a:ab:f0:ca:75:92:58:
         f4:4f:e6:72:c0:94:2d:66:7b:37:e8:9c:13:95:eb:a5:4a:85:
         9c:cf:2a:8e:71:71:43:12:01:93:8f:d5:e9:5e:ef:00:7a:b1:
         5e:31:07:0e:b1:4b:55:66:c7:fe:5c:f1:b7:91:59:c5:b4:bc:
         ba:48:5e:aa:0a:c8:d5:25:aa:22:a6:3d:d5:84:c6:b3:1a:9d:
         c8:d9:81:76:a9:b2:7f:50:66:9e:2f:3d:e1:be:2a:4d:7e:99:
         89:55:6d:46:95:d8:f3:9c:c8:42:51:76:bd:63:c5:fa:7a:81:
         a9:8a:d6:04:c3:8a:69:40:ed:26:96:ec:09:f3:b6:f7:5b:73:
         02:da:bc:08:e6:10:93:84:28:1d:04:7e:cf:e2:31:43:f8:32:
         5c:7a:0e:3d:c9:73:b9:39:76:0a:9b:2a:4d:fa:57:16:17:12:
         75:54:d6:af:88:1b:07:4f:8c:6e:f4:b1:51:4e:58:bc:be:7c:
         ee:cc:a4:31
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUWYXeqUHvwmaU8BduUUNGVV3QtLcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzEwNDVaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQGUxMDBkZTk1NzE2ZjJmNmRjN2NiN2EzZDZhMmJkZjI2YjNjNWVjM2RhNGRh
M2M3NjZhZWFhZmE5MThiMWRiOTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJGWbN+fyrGj7VW7GbnF6mGkpxu51q4ZfsFpJRIzLld/404lh2UBxqU3TBKK
WnFiq56bm98jp/jh4WiY0udd+G0GotQ3EBfvWMcw0z6gfHSQs5q5/2jHiRqfLOrU
s+7T+xZybg+VI5tOGtFpxnRsUi1fIrLEK7Ym33hnU5N6CRc5oxc7kBaLEhj/WrAT
qgiZ8o0HP5i8a0jQPIIbTGHAuvVskZJpRzfrJpkbYcXv554zdj9P+utLkHAULSDt
2egbzntW7LNxGn2w3tZWO34uxt1l8T5UU3JlY5OnCO8fhd+bEMu/gcE1bL+oiNqX
96YOTwUNihcK8OR4JnwyVekQfyMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQehGTU
NzNhfLCNAEoTLBseJpl9OjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjczMGVlZjAtYmI5NC00ZDMxLWJmOWEtYzBmYjlhNDdiM2IxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAy4zoDAN
BgkqhkiG9w0BAQsFAAOCAQEAvC014tXKIyQ4qSr+z0RPjNMu09UpANEhR6hf6peS
fHl0CZLcLlxAygb7YU25THG7z0dh5Z50BVqMtunXtE4uJYaKq/DKdZJY9E/mcsCU
LWZ7N+icE5XrpUqFnM8qjnFxQxIBk4/V6V7vAHqxXjEHDrFLVWbH/lzxt5FZxbS8
ukheqgrI1SWqIqY91YTGsxqdyNmBdqmyf1Bmni894b4qTX6ZiVVtRpXY85zIQlF2
vWPF+nqBqYrWBMOKaUDtJpbsCfO291tzAtq8COYQk4QoHQR+z+IxQ/gyXHoOPclz
uTl2CpsqTfpXFhcSdVTWr4gbB0+MbvSxUU5YvL587sykMQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:29 2025 by rpki-client