Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/012c9415-fd75-453f-91b6-b57a394d548d.roa
File:                     012c9415-fd75-453f-91b6-b57a394d548d.roa (raw, json)
Hash identifier:          Un+r9o9/uPul4qLVTlvJDkzMHfA07QCky1I/wyOoI/c=
Subject key identifier:   97:96:6B:9E:48:E5:04:FE:71:C3:E4:C7:B8:0F:2E:9B:6B:10:2F:8E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       30282A1B470C678312C6DDE0830D53B89A6E135F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/012c9415-fd75-453f-91b6-b57a394d548d.roa
Signing time:             Fri 17 Oct 2025 21:10:12 +0000
ROA not before:           Fri 17 Oct 2025 21:10:12 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:28:2a:1b:47:0c:67:83:12:c6:dd:e0:83:0d:53:b8:9a:6e:13:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 17 21:10:12 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=76c528c49f50caec69d89c583fb21261ae19e4e3ce3dc5050dbc31eb25fa8ef4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ce:63:ed:64:1e:66:2f:55:39:72:56:62:bc:
                    57:2e:d3:9f:43:fc:db:62:35:23:a4:3d:d8:ca:b3:
                    8e:b3:76:cb:68:ef:23:f6:e3:ce:22:e0:b5:a8:31:
                    9d:07:cd:44:41:59:84:7c:9a:3d:84:9a:06:eb:c3:
                    db:86:18:f5:24:f9:c7:7b:c8:1d:27:74:02:5c:33:
                    b6:cc:8c:a0:3b:d8:55:ee:0a:c9:ce:7a:cd:1d:67:
                    35:ec:dd:8e:9f:de:c0:91:a6:5d:60:77:05:1d:1b:
                    ce:fb:00:da:bd:8e:70:8f:7a:e9:c9:af:5c:69:31:
                    bd:39:af:b3:ba:32:72:d8:ec:b1:32:be:25:20:22:
                    ca:94:37:2e:44:b9:8e:2f:b2:e7:08:f4:27:fd:41:
                    06:68:6b:96:5e:87:93:1f:26:29:45:d7:23:58:b6:
                    7f:20:32:a3:2a:c0:47:6b:a1:c4:26:f5:09:0b:c0:
                    a2:ed:67:3a:66:d5:b8:7c:d4:5c:78:76:21:13:f2:
                    c0:bf:50:de:30:78:db:cc:53:34:c3:fb:ed:ca:c6:
                    22:44:f4:6c:67:5d:d0:4d:96:a1:0e:af:e4:26:79:
                    da:4b:e8:10:39:90:1d:0a:ae:4c:b4:9a:20:11:24:
                    5b:8a:42:6a:79:62:11:25:f1:b8:ba:ac:e5:cd:fb:
                    b3:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:96:6B:9E:48:E5:04:FE:71:C3:E4:C7:B8:0F:2E:9B:6B:10:2F:8E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/012c9415-fd75-453f-91b6-b57a394d548d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9e:4f:4a:ca:db:3f:8d:d9:99:3a:dc:44:3a:a0:ea:04:0f:33:
         8c:1a:e8:19:ec:d5:f6:59:cb:9a:e5:0e:82:a5:f1:28:d6:f6:
         02:db:e3:08:66:3d:8d:42:ce:6c:dd:09:96:41:f0:e1:58:8b:
         9e:22:bd:2b:17:33:d8:67:db:cc:72:76:90:10:ee:07:bc:89:
         77:12:36:05:54:d9:99:af:59:d1:48:95:25:b9:b0:6c:f2:c0:
         60:fd:b7:d2:51:5c:e0:8b:8c:b8:04:e6:f8:11:ca:0b:00:90:
         a8:e3:c1:bf:b8:28:cb:86:29:95:20:23:cb:85:a0:13:ee:17:
         df:f9:b6:3f:f7:e4:5a:4e:e7:e2:da:46:9f:c7:9f:de:f7:5b:
         37:fc:d5:94:41:e1:36:5e:9d:a4:f3:3c:30:b6:30:1d:c5:34:
         93:87:ca:fc:7b:19:63:df:85:a4:00:ee:33:46:a7:2e:d1:8b:
         a8:1b:eb:0c:3b:a7:2b:ac:5a:e2:e0:bc:30:d2:b3:69:eb:1a:
         8d:a3:95:03:b8:b5:cb:81:6e:97:bc:3a:b1:ee:86:2a:9e:cd:
         95:3d:14:d7:79:8f:7c:a2:26:bb:5f:d1:44:08:8c:55:8a:6a:
         a7:15:f5:c2:68:4c:e1:50:9d:79:8c:ec:ec:79:e1:6f:69:5b:
         8d:57:c9:e3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMCgqG0cMZ4MSxt3ggw1TuJpuE18wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTcyMTEwMTJaFw0yNTExMjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDc2YzUyOGM0OWY1MGNhZWM2OWQ4OWM1ODNmYjIxMjYxYWUxOWU0ZTNjZTNk
YzUwNTBkYmMzMWViMjVmYThlZjQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKzOY+1kHmYvVTlyVmK8Vy7Tn0P822I1I6Q92MqzjrN2y2jvI/bjziLgtagx
nQfNREFZhHyaPYSaBuvD24YY9ST5x3vIHSd0AlwztsyMoDvYVe4Kyc56zR1nNezd
jp/ewJGmXWB3BR0bzvsA2r2OcI966cmvXGkxvTmvs7oyctjssTK+JSAiypQ3LkS5
ji+y5wj0J/1BBmhrll6Hkx8mKUXXI1i2fyAyoyrAR2uhxCb1CQvAou1nOmbVuHzU
XHh2IRPywL9Q3jB428xTNMP77crGIkT0bGdd0E2WoQ6v5CZ52kvoEDmQHQquTLSa
IBEkW4pCanliESXxuLqs5c37sy0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSXlmue
SOUE/nHD5Me4Dy6baxAvjjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDEyYzk0MTUtZmQ3NS00NTNmLTkxYjYtYjU3YTM5NGQ1NDhkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DVg
MA0GCSqGSIb3DQEBCwUAA4IBAQCeT0rK2z+N2Zk63EQ6oOoEDzOMGugZ7NX2Wcua
5Q6CpfEo1vYC2+MIZj2NQs5s3QmWQfDhWIueIr0rFzPYZ9vMcnaQEO4HvIl3EjYF
VNmZr1nRSJUlubBs8sBg/bfSUVzgi4y4BOb4EcoLAJCo48G/uCjLhimVICPLhaAT
7hff+bY/9+RaTufi2kafx5/e91s3/NWUQeE2Xp2k8zwwtjAdxTSTh8r8exlj34Wk
AO4zRqcu0YuoG+sMO6crrFri4Lww0rNp6xqNo5UDuLXLgW6XvDqx7oYqns2VPRTX
eY98oia7X9FECIxVimqnFfXCaEzhUJ15jOzseeFvaVuNV8nj
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:53 2025 by rpki-client