Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b360e2c-382b-4420-8550-330a58e946ee.roa
File:                     0b360e2c-382b-4420-8550-330a58e946ee.roa (raw, json)
Hash identifier:          oIIQ8IsJ2irfMSeB3ikTLzFe2bo/P4CinmmSs2YZtEM=
Subject key identifier:   5A:FB:89:77:1E:21:30:D9:52:F6:11:AF:1A:AD:7B:CE:6E:5D:04:3F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4E49FBFA8053A7835A53EB61D6DB133C58450294
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b360e2c-382b-4420-8550-330a58e946ee.roa
Signing time:             Fri 26 Sep 2025 19:51:03 +0000
ROA not before:           Fri 26 Sep 2025 19:51:03 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d058:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:49:fb:fa:80:53:a7:83:5a:53:eb:61:d6:db:13:3c:58:45:02:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:51:03 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=e56c65f8a795e46ada5e41859aa74d64297c3cd8750b2afd2134d1b2ce320f1a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d9:d3:32:38:2c:eb:8f:fe:61:35:8e:9d:c7:
                    cf:d9:d7:61:ec:8b:5f:cb:1c:d5:86:bb:0a:e7:16:
                    4f:1c:be:27:a5:01:94:de:f9:f6:d3:c1:11:e1:ca:
                    59:54:66:4a:b8:f8:73:ab:de:d2:ce:2a:cd:e4:a8:
                    41:e7:a3:da:46:74:06:ba:d4:7a:19:e1:80:b2:df:
                    78:47:49:ac:fe:e7:4b:7b:23:7c:1d:42:78:17:55:
                    3d:03:15:1d:02:b5:15:77:6c:09:cb:f3:86:7c:68:
                    a8:c3:21:0c:7e:9e:4a:48:7d:fb:eb:1a:a8:3a:be:
                    dc:eb:d2:12:aa:97:13:9b:df:c5:a2:52:0b:6b:3a:
                    82:86:d3:0c:d4:40:0c:59:a2:a6:21:0a:1e:59:4d:
                    85:c9:16:33:f8:c8:b4:69:92:05:b9:e0:a6:b3:cd:
                    68:12:fe:8f:b9:59:3a:1d:2b:07:18:34:8e:02:04:
                    2b:35:1d:7d:7f:8f:ce:af:8d:85:c3:50:2e:0a:24:
                    98:d0:7a:72:81:d4:9e:38:80:ce:bd:7c:f6:93:2c:
                    55:1e:03:d6:4d:02:5a:3e:7d:68:ba:f1:c8:84:83:
                    bd:45:1e:f0:39:6a:ab:7e:d5:8f:59:bd:dc:15:c8:
                    54:05:4c:13:73:8b:11:b5:79:54:d7:40:64:84:8e:
                    97:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:FB:89:77:1E:21:30:D9:52:F6:11:AF:1A:AD:7B:CE:6E:5D:04:3F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b360e2c-382b-4420-8550-330a58e946ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d058:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         19:8a:40:11:2e:43:0d:0c:7c:d5:be:be:44:c0:8f:76:c5:ad:
         b9:2e:2f:d6:d4:ea:40:8d:74:f3:18:b3:1a:69:07:87:bf:81:
         c4:09:a8:f8:ec:cc:53:ce:5f:47:b7:cb:5a:30:a5:43:ef:f0:
         89:4b:9b:9d:61:74:cb:46:f3:ff:2a:93:f6:d2:78:aa:9b:13:
         24:a3:68:71:a1:d4:f8:24:29:8a:39:16:1f:6e:fe:b0:e5:a3:
         68:27:af:e8:bd:f0:5c:a3:40:bf:07:ad:b9:60:c5:50:62:95:
         79:d6:05:b3:97:14:8d:8e:ec:1a:2e:4a:a8:f4:3e:4d:3c:f9:
         92:37:b1:e2:74:17:5e:2a:a1:66:ea:b7:96:62:d4:d1:88:91:
         d8:3b:66:3b:81:12:43:22:18:05:00:fd:5f:81:24:ce:a4:e5:
         3e:e6:79:3d:0c:da:76:fc:dc:d0:ff:ab:af:5d:f8:fa:97:0d:
         bd:6a:50:5c:91:7a:ad:a6:d3:45:c7:e7:41:67:0e:2c:3e:92:
         dc:14:37:25:e5:4c:29:2b:67:fd:32:08:10:64:df:79:26:ed:
         3c:c2:35:4c:4d:92:c9:f6:5d:e7:a9:f2:98:3d:f3:b8:1a:63:
         b7:86:b2:ba:ae:09:59:12:0d:72:94:18:91:b7:44:e4:af:46:
         ba:d9:b6:fc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTkn7+oBTp4NaU+th1tsTPFhFApQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTUxMDNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGU1NmM2NWY4YTc5NWU0NmFkYTVlNDE4NTlhYTc0ZDY0Mjk3YzNjZDg3NTBi
MmFmZDIxMzRkMWIyY2UzMjBmMWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMbZ0zI4LOuP/mE1jp3Hz9nXYeyLX8sc1Ya7CucWTxy+J6UBlN759tPBEeHK
WVRmSrj4c6ve0s4qzeSoQeej2kZ0BrrUehnhgLLfeEdJrP7nS3sjfB1CeBdVPQMV
HQK1FXdsCcvzhnxoqMMhDH6eSkh9++saqDq+3OvSEqqXE5vfxaJSC2s6gobTDNRA
DFmipiEKHllNhckWM/jItGmSBbngprPNaBL+j7lZOh0rBxg0jgIEKzUdfX+Pzq+N
hcNQLgokmNB6coHUnjiAzr189pMsVR4D1k0CWj59aLrxyISDvUUe8Dlqq37Vj1m9
3BXIVAVME3OLEbV5VNdAZISOl+kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRa+4l3
HiEw2VL2Ea8arXvObl0EPzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGIzNjBlMmMtMzgyYi00NDIwLTg1NTAtMzMwYTU4ZTk0NmVlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fhg
MA0GCSqGSIb3DQEBCwUAA4IBAQAZikARLkMNDHzVvr5EwI92xa25Li/W1OpAjXTz
GLMaaQeHv4HECaj47MxTzl9Ht8taMKVD7/CJS5udYXTLRvP/KpP20niqmxMko2hx
odT4JCmKORYfbv6w5aNoJ6/ovfBco0C/B625YMVQYpV51gWzlxSNjuwaLkqo9D5N
PPmSN7HidBdeKqFm6reWYtTRiJHYO2Y7gRJDIhgFAP1fgSTOpOU+5nk9DNp2/NzQ
/6uvXfj6lw29alBckXqtptNFx+dBZw4sPpLcFDcl5UwpK2f9MggQZN95Ju08wjVM
TZLJ9l3nqfKYPfO4GmO3hrK6rglZEg1ylBiRt0Tkr0a62bb8
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:46 2025 by rpki-client