Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/03f51c56-79aa-48ca-895c-790a431bbd73.roa
File:                     03f51c56-79aa-48ca-895c-790a431bbd73.roa (raw, json)
Hash identifier:          yRATLCST5N6R8xp6wFgSFdBcRrxngDjegfchMHtKejw=
Subject key identifier:   65:E8:52:B7:79:27:CA:5B:30:47:AF:76:DF:37:E2:60:82:D2:5C:BF
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5D4F15B381EFDDB4A1BF595D7025E54CFBCF9C18
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/03f51c56-79aa-48ca-895c-790a431bbd73.roa
Signing time:             Sun 19 Oct 2025 07:00:11 +0000
ROA not before:           Sun 19 Oct 2025 07:00:11 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d075:800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:4f:15:b3:81:ef:dd:b4:a1:bf:59:5d:70:25:e5:4c:fb:cf:9c:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 19 07:00:11 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=2f2bf8d622c4f8b00c0d39c8b46609f72b73a9100da49944b9b516f7fb501baa, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:cf:df:01:5a:9b:f8:11:6c:59:cf:80:f6:39:
                    38:b4:fc:d4:84:58:ed:dd:de:f7:db:fa:ab:cc:90:
                    30:f3:43:1a:a9:0d:d7:5d:09:8b:9c:c0:51:49:97:
                    f4:64:97:50:0a:d9:ed:c1:1d:bd:f5:89:08:3c:c2:
                    d7:75:d0:ab:52:c6:5f:92:6a:0c:82:1c:f1:c6:74:
                    1f:3b:de:3f:45:69:92:6d:5c:17:38:07:0d:eb:57:
                    34:42:ca:31:4b:99:60:4d:b2:ba:a2:3e:7f:1a:eb:
                    a8:06:88:ed:02:34:fa:a8:19:25:d4:ab:64:2b:3b:
                    fa:40:33:5c:93:10:71:25:55:00:9a:52:9c:9d:80:
                    fa:3f:f9:b7:2a:31:e1:9a:51:71:1b:4c:af:cb:d4:
                    ae:f5:ea:c1:cd:6b:b2:61:10:a5:04:d6:e6:09:d0:
                    a9:28:f5:6c:b0:26:ba:19:48:41:25:37:3f:8f:89:
                    41:19:8a:ac:1f:98:59:38:84:d0:89:cf:8c:ab:16:
                    fe:75:2c:10:6e:d0:5c:04:83:fe:86:8a:47:0d:ca:
                    e2:1e:09:cb:ac:56:6f:91:4b:66:50:82:62:ab:93:
                    c2:cb:13:6e:a5:64:02:5b:fc:bf:7b:c8:b7:b2:cc:
                    1a:f2:9b:15:b9:65:17:2b:e0:55:c0:b1:34:3f:a9:
                    90:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:E8:52:B7:79:27:CA:5B:30:47:AF:76:DF:37:E2:60:82:D2:5C:BF
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/03f51c56-79aa-48ca-895c-790a431bbd73.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d075:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         53:2d:74:a8:61:3e:b3:7f:d7:9b:d1:93:6e:54:f7:e2:b7:0c:
         b7:57:e6:0a:64:94:b6:3c:e2:3d:eb:ed:6e:50:e6:e5:e9:49:
         84:eb:49:ef:35:f7:ae:ee:b6:45:b0:a5:58:13:70:fa:e7:b7:
         b7:bf:1e:08:33:7b:0e:e6:1e:59:69:87:7e:62:6e:85:a6:5a:
         39:92:50:b8:c1:16:e1:a0:cf:ea:76:3e:8e:8d:9e:e6:e8:f1:
         9d:71:8d:f2:97:b4:04:2d:b0:67:fb:e0:7e:1b:f3:9a:8b:06:
         d6:95:ba:39:9b:e3:5d:c2:c9:6c:59:bc:b3:a0:42:dd:e5:c3:
         d8:5f:6c:5d:27:41:bf:e8:56:e3:88:c2:2c:45:db:82:a1:95:
         99:6f:3e:ea:57:7a:cd:c1:c1:35:65:c1:2d:62:b8:d8:33:c7:
         9c:ff:c2:7f:f3:35:2a:89:f3:ed:45:e9:d9:d5:9d:4a:90:3a:
         01:21:9b:0e:d3:66:58:09:fb:0f:87:69:33:14:d8:31:c3:c4:
         7f:41:93:9b:4e:0f:06:9e:72:c1:56:2a:48:62:bd:be:87:28:
         76:cd:37:f8:88:4c:73:aa:28:d2:69:f8:b2:53:6c:27:4f:d4:
         bc:89:20:31:ba:bf:5d:f1:3e:bd:be:86:71:d6:9d:f5:97:3a:
         ae:00:41:b7
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXU8Vs4Hv3bShv1ldcCXlTPvPnBgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTkwNzAwMTFaFw0yNTExMjMyMzU5NTlaMHoxSTBHBgNV
BAUTQDJmMmJmOGQ2MjJjNGY4YjAwYzBkMzljOGI0NjYwOWY3MmI3M2E5MTAwZGE0
OTk0NGI5YjUxNmY3ZmI1MDFiYWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL3P3wFam/gRbFnPgPY5OLT81IRY7d3e99v6q8yQMPNDGqkN110Ji5zAUUmX
9GSXUArZ7cEdvfWJCDzC13XQq1LGX5JqDIIc8cZ0HzveP0Vpkm1cFzgHDetXNELK
MUuZYE2yuqI+fxrrqAaI7QI0+qgZJdSrZCs7+kAzXJMQcSVVAJpSnJ2A+j/5tyox
4ZpRcRtMr8vUrvXqwc1rsmEQpQTW5gnQqSj1bLAmuhlIQSU3P4+JQRmKrB+YWTiE
0InPjKsW/nUsEG7QXASD/oaKRw3K4h4Jy6xWb5FLZlCCYquTwssTbqVkAlv8v3vI
t7LMGvKbFbllFyvgVcCxND+pkMcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRl6FK3
eSfKWzBHr3bfN+JggtJcvzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDNmNTFjNTYtNzlhYS00OGNhLTg5NWMtNzkwYTQzMWJiZDczLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HUI
MA0GCSqGSIb3DQEBCwUAA4IBAQBTLXSoYT6zf9eb0ZNuVPfitwy3V+YKZJS2POI9
6+1uUObl6UmE60nvNfeu7rZFsKVYE3D657e3vx4IM3sO5h5ZaYd+Ym6Fplo5klC4
wRbhoM/qdj6OjZ7m6PGdcY3yl7QELbBn++B+G/OaiwbWlbo5m+NdwslsWbyzoELd
5cPYX2xdJ0G/6FbjiMIsRduCoZWZbz7qV3rNwcE1ZcEtYrjYM8ec/8J/8zUqifPt
RenZ1Z1KkDoBIZsO02ZYCfsPh2kzFNgxw8R/QZObTg8GnnLBVipIYr2+hyh2zTf4
iExzqijSafiyU2wnT9S8iSAxur9d8T69voZx1p31lzquAEG3
-----END CERTIFICATE-----
Generated at Mon Oct 20 11:19:48 2025 by rpki-client