Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fcee65ca-9c67-4925-b46f-60ec2eecb7a3.roa
File:                     fcee65ca-9c67-4925-b46f-60ec2eecb7a3.roa (raw, json)
Hash identifier:          j7K3s7uHXQRZUzqAeBBnZ5acJro96SrhodNPl1JlwEs=
Subject key identifier:   2C:19:6F:9B:9B:5D:93:DD:1C:4C:0B:78:C3:31:CF:6F:FB:68:23:91
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4ED2E1FAB0567F68D46D31CC5E9C0296032F9D98
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fcee65ca-9c67-4925-b46f-60ec2eecb7a3.roa
Signing time:             Fri 10 Oct 2025 17:10:39 +0000
ROA not before:           Fri 10 Oct 2025 17:10:39 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        46.137.128.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:d2:e1:fa:b0:56:7f:68:d4:6d:31:cc:5e:9c:02:96:03:2f:9d:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 10 17:10:39 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=ea97c37551eef071487d1d51d12f88e911669a22c2e5c571d0c11a428b5dd166, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6e:bf:77:c0:d5:52:1e:f3:cd:e9:eb:71:4e:
                    47:65:9a:81:bc:16:f6:16:3c:f1:f1:be:72:28:3f:
                    92:4e:a6:e3:6b:82:c4:49:4d:2d:e1:57:e9:6b:6a:
                    76:f7:57:4a:e7:ba:9a:e3:ac:48:88:a0:6b:58:e8:
                    09:63:1c:52:e0:7e:7a:ff:96:90:ac:9c:de:35:7f:
                    51:4f:05:15:59:b7:26:73:d0:1d:48:92:94:a1:9b:
                    f0:9a:2d:8e:fe:5d:11:5e:34:e2:48:d2:fa:61:86:
                    0d:3b:00:b5:85:1e:4d:25:07:45:f5:7e:4d:fb:4c:
                    9e:70:06:66:e7:7e:3c:a1:1f:4f:ac:19:a1:4a:ce:
                    89:8d:05:b5:38:ed:72:0d:1f:e9:57:b2:6c:f4:a8:
                    aa:f9:fa:20:58:c7:93:83:4b:8a:cb:31:a6:c9:6f:
                    59:b2:7b:93:c0:fa:9c:5d:c8:99:d3:cc:f7:0c:f7:
                    f5:15:54:cb:f4:d9:50:fd:68:90:5c:c7:98:f2:35:
                    8f:1e:1a:85:87:90:ef:3e:c1:e5:62:fd:d4:e6:f3:
                    8a:de:d9:63:db:3d:51:93:d9:db:47:79:aa:1f:64:
                    70:13:3e:bf:d5:79:e6:27:4b:82:b7:c1:74:26:47:
                    34:ad:65:ef:13:c3:50:1c:9b:e6:fb:52:4a:93:2e:
                    6d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:19:6F:9B:9B:5D:93:DD:1C:4C:0B:78:C3:31:CF:6F:FB:68:23:91
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fcee65ca-9c67-4925-b46f-60ec2eecb7a3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.137.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0d:ec:d1:01:4d:ce:42:c8:90:4e:ac:78:2a:e6:3a:e3:de:32:
         08:d2:af:b3:7d:5b:75:3b:8b:29:d3:7d:57:7a:12:dc:bd:64:
         ea:86:48:9f:c4:36:07:6c:9e:8c:95:3a:52:79:f8:45:66:14:
         3f:15:e9:e3:9d:45:ce:eb:b9:98:4a:10:66:80:2f:f4:75:ab:
         d3:f9:64:f8:9e:3d:06:98:c1:9c:d6:00:0d:33:52:ac:c1:4e:
         c2:88:c0:07:12:b2:d1:0a:31:31:69:36:2f:51:2b:88:65:15:
         38:e1:24:ae:6c:de:8a:d3:2e:33:23:fc:0e:91:3b:b9:ac:16:
         04:cf:07:74:74:d0:a1:25:ea:7a:6b:98:43:cd:13:b2:08:e6:
         a7:63:9a:94:6b:d6:ea:f9:e2:b5:61:65:1f:c0:80:5a:4e:bc:
         b1:4a:d2:79:8b:e5:8d:3f:ba:a5:85:a3:73:fe:49:35:f7:72:
         50:a5:41:f2:54:28:5e:c8:1f:ec:68:bc:ef:d4:11:dc:38:c2:
         cc:95:2c:de:46:57:ac:56:a3:3f:47:27:a8:82:2d:62:75:4a:
         fd:48:b3:01:aa:98:00:20:1e:58:92:a0:9e:27:79:3e:07:50:
         d7:a2:b7:f3:ca:13:83:14:9d:1b:f8:24:30:32:99:bc:00:fb:
         a7:1c:fc:d2
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUTtLh+rBWf2jUbTHMXpwClgMvnZgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzEwMzlaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQGVhOTdjMzc1NTFlZWYwNzE0ODdkMWQ1MWQxMmY4OGU5MTE2NjlhMjJjMmU1
YzU3MWQwYzExYTQyOGI1ZGQxNjYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMRuv3fA1VIe883p63FOR2WagbwW9hY88fG+cig/kk6m42uCxElNLeFX6Wtq
dvdXSue6muOsSIiga1joCWMcUuB+ev+WkKyc3jV/UU8FFVm3JnPQHUiSlKGb8Jot
jv5dEV404kjS+mGGDTsAtYUeTSUHRfV+TftMnnAGZud+PKEfT6wZoUrOiY0FtTjt
cg0f6VeybPSoqvn6IFjHk4NLissxpslvWbJ7k8D6nF3ImdPM9wz39RVUy/TZUP1o
kFzHmPI1jx4ahYeQ7z7B5WL91Obzit7ZY9s9UZPZ20d5qh9kcBM+v9V55idLgrfB
dCZHNK1l7xPDUByb5vtSSpMubQUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQsGW+b
m12T3RxMC3jDMc9v+2gjkTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmNlZTY1Y2EtOWM2Ny00OTI1LWI0NmYtNjBlYzJlZWNiN2EzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBC6JgDAN
BgkqhkiG9w0BAQsFAAOCAQEADezRAU3OQsiQTqx4KuY6494yCNKvs31bdTuLKdN9
V3oS3L1k6oZIn8Q2B2yejJU6Unn4RWYUPxXp451Fzuu5mEoQZoAv9HWr0/lk+J49
BpjBnNYADTNSrMFOwojABxKy0QoxMWk2L1EriGUVOOEkrmzeitMuMyP8DpE7uawW
BM8HdHTQoSXqemuYQ80Tsgjmp2OalGvW6vnitWFlH8CAWk68sUrSeYvljT+6pYWj
c/5JNfdyUKVB8lQoXsgf7Gi879QR3DjCzJUs3kZXrFajP0cnqIItYnVK/UizAaqY
ACAeWJKgnid5PgdQ16K388oTgxSdG/gkMDKZvAD7pxz80g==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:06 2025 by rpki-client