Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bddd5d52-f097-4aa0-9a71-aa7b6752dcaa.roa
File:                     bddd5d52-f097-4aa0-9a71-aa7b6752dcaa.roa (raw, json)
Hash identifier:          11yDpp6CfBM2F2OJUy6/3gQUTqFCbhxv/lNB80d4j8o=
Subject key identifier:   CA:21:A4:C0:24:8B:BA:B0:51:F9:B7:62:D6:4C:37:0D:B2:93:1F:EC
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       38EB81A7CD4468C7181AF23F0935004C96E461A9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bddd5d52-f097-4aa0-9a71-aa7b6752dcaa.roa
Signing time:             Fri 10 Oct 2025 17:10:36 +0000
ROA not before:           Fri 10 Oct 2025 17:10:36 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.137.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:eb:81:a7:cd:44:68:c7:18:1a:f2:3f:09:35:00:4c:96:e4:61:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 10 17:10:36 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=99c2f716a41defc8345d44f36c9b4442cff03f3636828ae194d34bcc0c8647b0, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:2f:34:9d:93:ac:7a:cd:9b:13:46:30:1d:e1:
                    69:d4:b7:86:61:ce:2e:ab:9d:31:5a:70:3e:4d:ab:
                    b6:02:18:9f:f3:1f:fc:c5:ba:0d:02:e6:9a:da:d9:
                    d3:41:9d:ce:82:0d:81:d4:89:bb:df:b4:34:6f:69:
                    e8:a9:92:35:97:9c:58:18:e3:9a:85:9a:d7:4c:52:
                    cf:f3:5e:e4:61:c2:90:5a:4d:ad:68:7d:60:ff:4d:
                    a0:de:24:4d:41:86:b0:53:bb:b8:29:9b:af:62:ae:
                    bc:ff:b9:53:82:5c:76:e9:91:6d:fe:b3:1b:fb:ee:
                    9d:f5:be:65:14:ef:5b:f7:bf:e6:ff:64:1d:60:1c:
                    9d:a3:6d:30:29:bd:42:ec:c1:55:15:89:a6:c2:56:
                    a7:af:36:c9:eb:0e:52:c6:7f:58:a8:9e:d6:0e:a1:
                    95:b9:43:b0:71:7f:70:74:c3:eb:c0:53:7f:bd:e6:
                    8e:fb:1f:da:8e:8c:41:90:f1:a1:6d:81:5c:05:33:
                    54:af:b2:c7:7d:52:cb:61:e9:49:b8:db:7a:dc:ae:
                    f3:54:1c:19:3e:66:7d:ab:04:7f:51:05:e8:aa:d0:
                    ee:9a:be:70:ee:2f:d1:4f:9f:6e:1f:39:e3:35:28:
                    4b:76:ec:62:49:53:d6:d0:f0:56:bc:73:28:4c:10:
                    a8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:21:A4:C0:24:8B:BA:B0:51:F9:B7:62:D6:4C:37:0D:B2:93:1F:EC
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bddd5d52-f097-4aa0-9a71-aa7b6752dcaa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.137.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a5:59:bd:c8:f5:3a:1a:41:29:af:5c:be:a0:01:0a:ce:59:13:
         74:52:ec:c5:18:3f:2f:e6:ef:cf:3e:90:51:78:6a:95:92:66:
         3e:45:6b:3a:15:6c:07:5c:b8:7e:89:4d:bc:3b:9a:b3:07:03:
         90:f2:10:3e:5d:30:70:72:1d:a9:89:2b:4d:b2:cd:16:14:b5:
         2b:60:39:30:62:27:5d:fd:0d:6d:8d:20:c0:91:67:bf:7c:61:
         5e:89:aa:cf:8b:fa:7a:0e:40:24:96:f6:b9:62:c4:dd:db:5e:
         01:b7:93:f5:9a:6d:1d:e8:6b:e2:f7:5c:8c:ca:49:b9:1a:30:
         9f:b8:07:da:61:e6:86:0b:60:2d:28:59:20:f8:64:e9:5e:ec:
         69:85:19:83:48:55:9b:38:61:01:8f:04:d8:1b:24:7f:53:6d:
         3d:a0:11:0d:14:74:3a:d0:08:31:ea:fb:98:55:84:71:40:38:
         10:6c:e5:d7:be:8a:af:1d:1b:fa:3c:7a:ba:ec:49:bc:cc:87:
         f3:98:db:18:61:52:00:f0:02:f5:1d:c7:31:38:69:f8:d6:51:
         48:e2:5d:20:b3:28:cd:a5:05:44:10:f7:73:dc:47:5d:0b:79:
         37:9f:ac:f1:49:f2:f6:23:b3:64:9e:ff:82:1a:24:c9:f0:36:
         88:1a:27:e8
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUOOuBp81EaMcYGvI/CTUATJbkYakwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzEwMzZaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDk5YzJmNzE2YTQxZGVmYzgzNDVkNDRmMzZjOWI0NDQyY2ZmMDNmMzYzNjgy
OGFlMTk0ZDM0YmNjMGM4NjQ3YjAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANEvNJ2TrHrNmxNGMB3hadS3hmHOLqudMVpwPk2rtgIYn/Mf/MW6DQLmmtrZ
00GdzoINgdSJu9+0NG9p6KmSNZecWBjjmoWa10xSz/Ne5GHCkFpNrWh9YP9NoN4k
TUGGsFO7uCmbr2KuvP+5U4JcdumRbf6zG/vunfW+ZRTvW/e/5v9kHWAcnaNtMCm9
QuzBVRWJpsJWp682yesOUsZ/WKie1g6hlblDsHF/cHTD68BTf73mjvsf2o6MQZDx
oW2BXAUzVK+yx31Sy2HpSbjbetyu81QcGT5mfasEf1EF6KrQ7pq+cO4v0U+fbh85
4zUoS3bsYklT1tDwVrxzKEwQqM8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTKIaTA
JIu6sFH5t2LWTDcNspMf7DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmRkZDVkNTItZjA5Ny00YWEwLTlhNzEtYWE3YjY3NTJkY2FhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAC6JMA0G
CSqGSIb3DQEBCwUAA4IBAQClWb3I9ToaQSmvXL6gAQrOWRN0UuzFGD8v5u/PPpBR
eGqVkmY+RWs6FWwHXLh+iU28O5qzBwOQ8hA+XTBwch2piStNss0WFLUrYDkwYidd
/Q1tjSDAkWe/fGFeiarPi/p6DkAklva5YsTd214Bt5P1mm0d6Gvi91yMykm5GjCf
uAfaYeaGC2AtKFkg+GTpXuxphRmDSFWbOGEBjwTYGyR/U209oBENFHQ60Agx6vuY
VYRxQDgQbOXXvoqvHRv6PHq67Em8zIfzmNsYYVIA8AL1HccxOGn41lFI4l0gsyjN
pQVEEPdz3EddC3k3n6zxSfL2I7Nknv+CGiTJ8DaIGifo
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:22 2025 by rpki-client