Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/09f64eda-2b9c-4c89-8eb4-7cfb08b2ba08.roa
File:                     09f64eda-2b9c-4c89-8eb4-7cfb08b2ba08.roa (raw, json)
Hash identifier:          eL7xOJgff+m/FN1/T9wFN5I4F45ega1Sr9XwNJb3wuA=
Subject key identifier:   64:42:AC:83:19:C3:03:8D:3A:CD:FC:F9:EB:1B:CD:82:90:EA:35:3D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0F8688F4E8E21515A6E9F6133B56F765BF601FD0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/09f64eda-2b9c-4c89-8eb4-7cfb08b2ba08.roa
Signing time:             Fri 26 Sep 2025 18:50:49 +0000
ROA not before:           Fri 26 Sep 2025 18:50:49 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d038:8020::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:86:88:f4:e8:e2:15:15:a6:e9:f6:13:3b:56:f7:65:bf:60:1f:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:50:49 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=60c9e2942a629d0f1b3def45b9873294e64ae778c80e75b212cab46244ef8923, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:4e:1b:a5:0d:7b:6f:2c:dc:f1:37:88:5b:07:
                    39:c8:f3:6b:12:e2:90:24:d4:62:70:b9:09:25:1f:
                    1d:b4:a1:40:eb:e4:7e:cf:b0:9b:ef:df:20:52:56:
                    1c:e7:05:75:aa:91:32:a6:06:49:ec:0b:64:8b:86:
                    21:b4:3b:d3:e9:e0:13:c1:46:f2:c7:ea:da:2b:c9:
                    9e:e4:3b:81:2a:a5:80:7d:8e:e1:47:4d:1a:b4:be:
                    c2:af:4d:59:af:9e:ee:0c:51:ec:7e:ef:61:47:5c:
                    bf:e6:6b:10:d4:7e:80:5d:e3:b7:80:f3:d8:23:a0:
                    ba:ee:ac:7f:c7:bb:ae:d0:60:e6:82:21:3c:03:f4:
                    5c:59:42:bc:d4:fd:74:2c:33:3c:15:72:55:fc:35:
                    83:87:c2:e4:28:15:b2:b5:4a:9a:20:e1:69:5d:21:
                    b6:83:2c:3d:db:d5:5d:79:73:f6:f2:db:13:b1:6b:
                    61:e9:c2:98:e2:75:e8:fa:39:ba:b3:03:b9:99:52:
                    7b:91:b6:e5:2f:32:ee:ea:6d:83:44:ff:f7:2c:61:
                    92:14:87:7d:09:7b:9f:3c:60:31:c9:de:03:53:0a:
                    38:60:ef:fb:53:25:bd:78:51:9b:9c:ca:dd:be:90:
                    6f:40:20:a2:3a:75:ce:5a:da:a5:82:a9:ca:9a:2b:
                    dd:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:42:AC:83:19:C3:03:8D:3A:CD:FC:F9:EB:1B:CD:82:90:EA:35:3D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/09f64eda-2b9c-4c89-8eb4-7cfb08b2ba08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d038:8020::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:f5:de:d8:42:44:f9:73:2f:f0:54:f1:38:21:a6:d6:2c:dd:
         ce:1b:7a:8d:82:db:2f:46:0e:67:4d:b4:b8:8b:81:0a:53:5a:
         56:33:69:2e:4e:a0:ff:af:6f:7d:6a:d7:f0:dd:da:80:03:c9:
         68:97:b8:55:82:30:1a:9a:e2:2c:4b:14:c7:56:1a:4e:c0:eb:
         91:ce:90:e7:34:6e:05:5e:4f:96:fc:40:e2:ad:8f:d1:37:d2:
         d5:18:68:27:a9:91:ae:5e:fc:9d:c1:a5:71:6c:7a:17:43:fb:
         63:b5:86:7d:a7:3e:83:f0:b9:69:5f:59:39:64:ee:be:f7:f5:
         6b:fc:6a:f6:7a:7b:a6:4c:87:81:3c:ef:cb:e0:0d:60:81:7a:
         46:37:7b:61:3e:c4:d9:d0:02:16:0a:ed:14:be:a7:af:48:00:
         29:01:b3:40:bd:e5:cc:ae:88:6f:60:fa:49:2c:05:47:40:2a:
         86:fc:84:94:63:62:9c:d5:ad:54:6c:8e:0e:55:e7:3b:55:1d:
         e3:25:55:8c:c3:23:e6:e6:b7:96:f0:31:0a:e0:b5:78:aa:f6:
         e1:95:88:48:7d:2e:cf:a9:17:b2:98:90:f4:29:1a:55:d7:2b:
         93:e9:c8:00:ac:4b:60:01:6a:88:1e:bf:90:b4:02:e7:81:45:
         7d:9c:20:66
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUD4aI9OjiFRWm6fYTO1b3Zb9gH9AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODUwNDlaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDYwYzllMjk0MmE2MjlkMGYxYjNkZWY0NWI5ODczMjk0ZTY0YWU3NzhjODBl
NzViMjEyY2FiNDYyNDRlZjg5MjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANFOG6UNe28s3PE3iFsHOcjzaxLikCTUYnC5CSUfHbShQOvkfs+wm+/fIFJW
HOcFdaqRMqYGSewLZIuGIbQ70+ngE8FG8sfq2ivJnuQ7gSqlgH2O4UdNGrS+wq9N
Wa+e7gxR7H7vYUdcv+ZrENR+gF3jt4Dz2COguu6sf8e7rtBg5oIhPAP0XFlCvNT9
dCwzPBVyVfw1g4fC5CgVsrVKmiDhaV0htoMsPdvVXXlz9vLbE7FrYenCmOJ16Po5
urMDuZlSe5G25S8y7uptg0T/9yxhkhSHfQl7nzxgMcneA1MKOGDv+1MlvXhRm5zK
3b6Qb0Agojp1zlrapYKpypor3f8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRkQqyD
GcMDjTrN/PnrG82CkOo1PTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDlmNjRlZGEtMmI5Yy00Yzg5LThlYjQtN2NmYjA4YjJiYTA4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DiA
IDANBgkqhkiG9w0BAQsFAAOCAQEAVPXe2EJE+XMv8FTxOCGm1izdzht6jYLbL0YO
Z020uIuBClNaVjNpLk6g/69vfWrX8N3agAPJaJe4VYIwGpriLEsUx1YaTsDrkc6Q
5zRuBV5PlvxA4q2P0TfS1RhoJ6mRrl78ncGlcWx6F0P7Y7WGfac+g/C5aV9ZOWTu
vvf1a/xq9np7pkyHgTzvy+ANYIF6Rjd7YT7E2dACFgrtFL6nr0gAKQGzQL3lzK6I
b2D6SSwFR0AqhvyElGNinNWtVGyODlXnO1Ud4yVVjMMj5ua3lvAxCuC1eKr24ZWI
SH0uz6kXspiQ9CkaVdcrk+nIAKxLYAFqiB6/kLQC54FFfZwgZg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:05 2025 by rpki-client