Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/11f67075-d744-49be-809b-fca0d72c41e0.roa
File:                     11f67075-d744-49be-809b-fca0d72c41e0.roa (raw, json)
Hash identifier:          elIZCeEchtYcwjlfHCs9I3lo/HO3cZSsDCcdadCjCQ8=
Subject key identifier:   F9:5A:1D:31:4F:6E:C2:27:DF:7C:6F:70:46:42:F9:4A:B8:4A:F3:D4
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3DEB21F043DE977F0EB191ED5699CDF170A883F9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/11f67075-d744-49be-809b-fca0d72c41e0.roa
Signing time:             Fri 26 Sep 2025 19:21:16 +0000
ROA not before:           Fri 26 Sep 2025 19:21:16 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d078:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:eb:21:f0:43:de:97:7f:0e:b1:91:ed:56:99:cd:f1:70:a8:83:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:21:16 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=2f289deef25ac9f346dfd93514227078b4188432e3aa166a9df45420aee86fc7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:92:04:16:34:30:c5:a3:84:8b:1a:f0:6b:19:
                    5c:c0:a5:f2:eb:25:cf:9c:44:b3:f0:51:27:6c:31:
                    14:c7:d2:ab:a3:a1:6e:7f:6e:e7:2e:b9:95:aa:bd:
                    6f:ce:03:50:37:96:e8:81:80:56:3c:b5:4f:7b:13:
                    7e:73:8b:44:a5:90:3e:95:06:81:0a:b3:df:48:0b:
                    78:3e:15:94:ea:e5:1d:21:cc:64:6d:4e:45:af:f3:
                    da:6f:fa:97:44:5a:54:4d:3f:21:69:d5:31:28:61:
                    83:9a:01:08:4f:11:d8:7a:d7:59:16:47:9e:fc:61:
                    19:43:6f:42:20:42:c3:c8:55:90:b4:6e:9a:49:58:
                    32:f3:d5:6f:aa:d0:8b:69:3a:81:26:29:b4:12:eb:
                    96:e5:40:b0:81:8a:23:22:fa:c8:4e:d8:60:bc:41:
                    77:58:9e:3a:ee:34:85:da:cd:d0:76:9c:9e:f5:22:
                    e4:78:21:57:55:5a:d8:12:c0:82:60:7f:1d:be:3f:
                    8a:a6:92:a5:d8:5f:03:de:74:b7:49:bf:99:19:08:
                    6d:bb:77:ae:ba:cb:6b:92:0d:c1:35:b5:5a:55:14:
                    6f:ac:2d:81:5f:89:00:ad:d5:04:03:5a:1f:d2:23:
                    1d:0d:2f:ed:3e:1b:2c:df:05:7b:12:38:6f:ef:bb:
                    b2:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:5A:1D:31:4F:6E:C2:27:DF:7C:6F:70:46:42:F9:4A:B8:4A:F3:D4
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/11f67075-d744-49be-809b-fca0d72c41e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d078:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         84:f9:b3:54:57:ed:fa:c2:78:9e:3e:79:fb:a3:9e:c8:cb:3b:
         53:eb:34:fa:5c:0a:8f:23:ed:81:b8:a6:97:56:c5:d1:e7:a6:
         3c:7d:51:87:af:22:02:ec:73:1a:df:c9:18:39:3b:8e:61:45:
         cc:41:9c:8d:42:77:98:cf:c0:fc:19:bb:2f:f2:a2:a2:68:d0:
         f3:2c:1e:88:40:77:23:cd:94:a4:24:bc:12:a3:49:aa:6c:39:
         97:c5:ad:b5:c2:3a:61:b0:f2:45:ea:7b:8a:e2:48:63:c5:f6:
         31:2e:ff:6a:03:bb:29:15:0d:4e:8d:65:b7:49:d9:ac:c6:4f:
         c9:e1:9e:b0:2c:d9:1c:9e:d8:e4:50:cd:3e:53:7b:30:fd:71:
         57:ac:1e:36:75:ac:f4:bf:7b:ca:79:96:93:32:11:3e:f5:ed:
         ab:1a:a7:d1:c7:91:75:89:f4:a7:ab:2e:c8:79:b4:10:d7:47:
         e3:f9:91:82:8d:18:cd:1f:4a:69:eb:e1:9e:f8:63:b7:40:00:
         da:3d:4e:5a:da:46:5c:4d:ff:cf:cb:4e:d4:e0:23:cd:8a:e1:
         f8:c7:8c:b5:00:9e:dc:9e:b1:51:de:96:a2:4c:eb:3f:85:76:
         28:1e:e3:db:4b:be:29:9b:8e:0c:6e:9e:75:b7:e7:80:9e:8f:
         dc:1b:6c:9d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPesh8EPel38OsZHtVpnN8XCog/kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTIxMTZaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDJmMjg5ZGVlZjI1YWM5ZjM0NmRmZDkzNTE0MjI3MDc4YjQxODg0MzJlM2Fh
MTY2YTlkZjQ1NDIwYWVlODZmYzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALmSBBY0MMWjhIsa8GsZXMCl8uslz5xEs/BRJ2wxFMfSq6Ohbn9u5y65laq9
b84DUDeW6IGAVjy1T3sTfnOLRKWQPpUGgQqz30gLeD4VlOrlHSHMZG1ORa/z2m/6
l0RaVE0/IWnVMShhg5oBCE8R2HrXWRZHnvxhGUNvQiBCw8hVkLRumklYMvPVb6rQ
i2k6gSYptBLrluVAsIGKIyL6yE7YYLxBd1ieOu40hdrN0HacnvUi5HghV1Va2BLA
gmB/Hb4/iqaSpdhfA950t0m/mRkIbbt3rrrLa5INwTW1WlUUb6wtgV+JAK3VBANa
H9IjHQ0v7T4bLN8FexI4b++7smMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT5Wh0x
T27CJ998b3BGQvlKuErz1DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTFmNjcwNzUtZDc0NC00OWJlLTgwOWItZmNhMGQ3MmM0MWUwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hgg
MA0GCSqGSIb3DQEBCwUAA4IBAQCE+bNUV+36wniePnn7o57IyztT6zT6XAqPI+2B
uKaXVsXR56Y8fVGHryIC7HMa38kYOTuOYUXMQZyNQneYz8D8Gbsv8qKiaNDzLB6I
QHcjzZSkJLwSo0mqbDmXxa21wjphsPJF6nuK4khjxfYxLv9qA7spFQ1OjWW3Sdms
xk/J4Z6wLNkcntjkUM0+U3sw/XFXrB42daz0v3vKeZaTMhE+9e2rGqfRx5F1ifSn
qy7IebQQ10fj+ZGCjRjNH0pp6+Ge+GO3QADaPU5a2kZcTf/Py07U4CPNiuH4x4y1
AJ7cnrFR3paiTOs/hXYoHuPbS74pm44Mbp51t+eAno/cG2yd
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:17 2025 by rpki-client