Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04c34ea1-cddb-45aa-979f-bfe1fa0995af.roa
File:                     04c34ea1-cddb-45aa-979f-bfe1fa0995af.roa (raw, json)
Hash identifier:          PJnOJSjkvd1rmqJrrMOm2Kq4RZzcKd2fPlEPm7qDmRQ=
Subject key identifier:   D5:AB:6A:4F:16:43:0B:68:B6:E8:11:B5:84:F2:6B:8F:93:78:BD:FC
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       439A51E15B4C0468473623BEA13EDA66DA616F28
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04c34ea1-cddb-45aa-979f-bfe1fa0995af.roa
Signing time:             Mon 06 Oct 2025 17:40:08 +0000
ROA not before:           Mon 06 Oct 2025 17:40:08 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:c000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:9a:51:e1:5b:4c:04:68:47:36:23:be:a1:3e:da:66:da:61:6f:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct  6 17:40:08 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=230e6d9e1dfa9c286a8a75197dfbc5f345e4888847d7ffc7333a585fdd90f913, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:18:69:57:a6:14:fc:42:83:35:5c:c6:20:87:
                    3b:0d:9f:82:0d:8e:09:db:23:42:60:fb:40:f9:65:
                    e5:a4:7a:53:27:87:02:84:e8:1f:86:ab:5d:52:db:
                    7e:66:7a:e4:74:ac:a7:7f:84:b2:48:90:63:c8:16:
                    ca:f7:98:66:d3:a0:71:a2:96:f3:6c:4c:57:f0:3b:
                    3e:e2:60:77:74:d2:58:f5:c7:f3:bc:a5:58:0d:e2:
                    9b:94:41:9e:a6:54:36:d2:19:fd:0a:dc:9f:93:25:
                    88:cb:4f:1f:4a:e3:fc:09:84:c6:f4:b9:7e:39:07:
                    13:11:fb:22:5d:df:56:be:0c:c1:c8:55:19:d9:b2:
                    e7:09:d7:ec:e2:15:9f:c0:78:04:40:b4:18:13:4e:
                    77:e2:48:10:6c:50:d6:5e:95:15:c4:88:28:c5:0c:
                    35:80:5d:9e:12:b6:9c:c7:a1:0c:71:76:0b:dc:8e:
                    5c:53:6e:45:6c:7b:71:78:81:88:34:00:1d:35:dd:
                    93:3f:89:92:c3:54:d4:cb:6c:2a:59:74:7d:b1:2d:
                    c8:4e:2e:00:40:b6:49:f9:dc:6b:79:15:b8:fb:da:
                    30:f1:24:19:75:eb:c0:4b:9b:c3:14:e5:c2:6c:05:
                    20:de:49:f1:b1:a0:dd:da:e6:7e:55:d9:fc:c8:06:
                    85:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:AB:6A:4F:16:43:0B:68:B6:E8:11:B5:84:F2:6B:8F:93:78:BD:FC
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04c34ea1-cddb-45aa-979f-bfe1fa0995af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         73:ac:db:9b:21:7f:67:b5:1c:98:83:85:6a:f1:1e:c8:ad:a1:
         6e:6e:a0:34:ca:6c:eb:d0:87:3d:45:df:f3:10:2a:43:4c:1a:
         09:b5:ec:a2:43:60:05:84:3c:e3:63:f7:b8:ff:5d:52:bb:e7:
         29:7d:7c:7f:39:b6:fd:f9:54:b4:e5:7e:3f:2d:0c:dd:c9:76:
         dc:09:31:b0:b7:49:6c:54:ea:40:11:b5:62:c3:e7:85:c1:9b:
         55:64:12:40:7e:26:60:3c:ac:f0:55:8d:8e:61:80:03:b1:2a:
         b9:55:5b:d0:13:3e:63:4c:a7:49:ed:e6:3d:37:41:30:4c:54:
         e8:e3:41:41:a6:66:9a:47:40:c1:53:9a:bc:c4:b1:d0:68:2c:
         f7:fd:e6:49:a2:aa:68:16:ab:a4:f7:f7:51:e3:df:c4:0e:67:
         4b:ed:49:3d:55:56:2c:85:df:05:57:0b:2f:23:8e:77:84:aa:
         24:01:3b:a0:38:11:04:a0:e2:fe:30:f8:bd:8f:40:3c:1b:93:
         38:75:1e:c3:70:ef:d8:90:3a:e5:bd:05:41:e3:18:69:28:85:
         a2:1b:18:14:2f:65:13:19:e1:9a:f4:e2:d0:4c:ea:92:fc:a1:
         7f:fb:6b:08:7c:56:d7:bb:75:bf:2e:f5:17:e0:a8:b8:01:00:
         b0:7a:60:59
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQ5pR4VtMBGhHNiO+oT7aZtphbygwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxNzQwMDhaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDIzMGU2ZDllMWRmYTljMjg2YThhNzUxOTdkZmJjNWYzNDVlNDg4ODg0N2Q3
ZmZjNzMzM2E1ODVmZGQ5MGY5MTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKwYaVemFPxCgzVcxiCHOw2fgg2OCdsjQmD7QPll5aR6UyeHAoToH4arXVLb
fmZ65HSsp3+EskiQY8gWyveYZtOgcaKW82xMV/A7PuJgd3TSWPXH87ylWA3im5RB
nqZUNtIZ/Qrcn5MliMtPH0rj/AmExvS5fjkHExH7Il3fVr4MwchVGdmy5wnX7OIV
n8B4BEC0GBNOd+JIEGxQ1l6VFcSIKMUMNYBdnhK2nMehDHF2C9yOXFNuRWx7cXiB
iDQAHTXdkz+JksNU1MtsKll0fbEtyE4uAEC2Sfnca3kVuPvaMPEkGXXrwEubwxTl
wmwFIN5J8bGg3drmflXZ/MgGhWUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTVq2pP
FkMLaLboEbWE8muPk3i9/DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDRjMzRlYTEtY2RkYi00NWFhLTk3OWYtYmZlMWZhMDk5NWFmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DHA
MA0GCSqGSIb3DQEBCwUAA4IBAQBzrNubIX9ntRyYg4Vq8R7IraFubqA0ymzr0Ic9
Rd/zECpDTBoJteyiQ2AFhDzjY/e4/11Su+cpfXx/Obb9+VS05X4/LQzdyXbcCTGw
t0lsVOpAEbViw+eFwZtVZBJAfiZgPKzwVY2OYYADsSq5VVvQEz5jTKdJ7eY9N0Ew
TFTo40FBpmaaR0DBU5q8xLHQaCz3/eZJoqpoFquk9/dR49/EDmdL7Uk9VVYshd8F
VwsvI453hKokATugOBEEoOL+MPi9j0A8G5M4dR7DcO/YkDrlvQVB4xhpKIWiGxgU
L2UTGeGa9OLQTOqS/KF/+2sIfFbXu3W/LvUX4Ki4AQCwemBZ
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:38 2025 by rpki-client