Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a8757a3-5b0e-4473-9a3b-876cc134e2bd.roa
File:                     1a8757a3-5b0e-4473-9a3b-876cc134e2bd.roa (raw, json)
Hash identifier:          AZWI3bJ/iVv6/tavOmmzkHx86btb9EoZm06u9Ey7Cd8=
Subject key identifier:   41:8B:F5:11:DA:DA:33:C7:10:5D:DA:21:16:56:7D:CE:46:54:5B:97
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4F35EA95F1CE1CB16CBAC5AFC132A6E9BDEC7E3F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a8757a3-5b0e-4473-9a3b-876cc134e2bd.roa
Signing time:             Fri 26 Sep 2025 19:11:41 +0000
ROA not before:           Fri 26 Sep 2025 19:11:41 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:e000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:35:ea:95:f1:ce:1c:b1:6c:ba:c5:af:c1:32:a6:e9:bd:ec:7e:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:11:41 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=8d1778490c080743d72d8623330fe804137fe4173f6c5ad3a46fdb512fa07a2b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:0d:37:84:c5:34:01:84:f8:44:82:c4:bc:0b:
                    c2:4e:84:62:6d:ca:c1:1f:ce:28:40:f2:1b:14:d9:
                    a8:0c:80:69:5f:90:0c:c9:98:fa:3e:f1:1c:af:37:
                    d0:c3:a3:9c:b5:c6:25:ab:c7:09:b7:e5:a1:7b:60:
                    b8:e6:9e:eb:5a:94:66:b2:2d:00:e9:cf:d1:b0:f2:
                    a6:a9:7b:fe:f4:d9:d6:a0:12:86:76:3e:57:52:3d:
                    fb:3a:42:f3:5f:73:cc:1b:80:1d:83:38:7e:57:e3:
                    19:7a:c1:9c:50:a1:d2:a6:ae:f3:fb:cc:97:2e:2f:
                    d2:9a:3d:01:8f:3a:66:8d:4e:db:9c:8d:b2:9c:c7:
                    e3:d0:8f:6c:27:f3:1f:a2:c1:13:7a:13:a4:b4:ff:
                    75:ec:bd:6e:a9:8f:24:7c:cd:58:97:4f:01:2f:63:
                    40:3c:d3:28:a5:17:01:15:38:7e:4e:d0:e2:07:74:
                    03:3a:fd:99:1f:23:83:8a:af:6f:8d:25:23:cc:45:
                    66:c1:8f:db:03:69:a2:6d:bb:26:1e:cf:3c:2a:05:
                    95:bf:28:f2:a4:e1:cf:5d:62:f8:67:9b:24:5f:62:
                    9c:f8:35:10:f7:47:61:43:df:6b:28:eb:e1:6e:59:
                    ce:7e:84:ce:89:0e:1e:ae:1d:77:43:3b:15:33:4a:
                    ec:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:8B:F5:11:DA:DA:33:C7:10:5D:DA:21:16:56:7D:CE:46:54:5B:97
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a8757a3-5b0e-4473-9a3b-876cc134e2bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         5d:a1:3e:d8:dd:40:57:3b:7e:6d:37:c9:17:ba:f7:83:03:2a:
         80:a1:a0:31:51:9b:2f:9d:9f:24:70:60:12:ef:10:21:f9:a6:
         d7:8a:57:66:89:dc:8d:61:7f:d7:e6:18:95:07:8e:cd:89:4f:
         57:c5:10:7e:06:0e:20:2b:e1:11:0e:e2:c7:49:84:b1:3d:a0:
         11:90:c5:fe:f5:15:88:93:a2:d8:f9:65:e6:f6:37:2e:4f:f2:
         a9:f5:4a:6e:64:b7:58:1c:e4:b5:5e:7e:0d:d8:b9:38:d6:3d:
         45:1d:3b:01:8b:2e:f8:15:61:69:92:af:06:b9:a3:84:6b:6e:
         72:fa:50:bb:ce:8c:9d:af:d3:d6:d8:24:2e:6f:21:9c:6a:f0:
         3b:30:bc:a6:e8:42:4d:e6:29:67:b3:8c:a5:61:90:92:4d:2b:
         16:8d:e9:d1:cc:05:07:45:7b:bd:d7:71:74:a0:8c:b1:b5:75:
         e4:de:b5:2b:ef:2b:4d:52:1c:8f:6f:45:0b:25:fd:8d:b8:4a:
         c0:a5:9e:0f:a0:3a:b5:9e:51:6d:2c:81:36:cd:99:a4:c0:91:
         9d:33:7f:8b:be:3c:d3:e1:c7:8a:e1:ec:af:35:40:ea:9f:14:
         2c:58:32:54:b9:88:76:da:f3:78:56:21:54:48:72:70:04:65:
         ef:8e:06:94
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTzXqlfHOHLFsusWvwTKm6b3sfj8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTExNDFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDhkMTc3ODQ5MGMwODA3NDNkNzJkODYyMzMzMGZlODA0MTM3ZmU0MTczZjZj
NWFkM2E0NmZkYjUxMmZhMDdhMmIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIoNN4TFNAGE+ESCxLwLwk6EYm3KwR/OKEDyGxTZqAyAaV+QDMmY+j7xHK83
0MOjnLXGJavHCbfloXtguOae61qUZrItAOnP0bDypql7/vTZ1qAShnY+V1I9+zpC
819zzBuAHYM4flfjGXrBnFCh0qau8/vMly4v0po9AY86Zo1O25yNspzH49CPbCfz
H6LBE3oTpLT/dey9bqmPJHzNWJdPAS9jQDzTKKUXARU4fk7Q4gd0Azr9mR8jg4qv
b40lI8xFZsGP2wNpom27Jh7PPCoFlb8o8qThz11i+GebJF9inPg1EPdHYUPfayjr
4W5Zzn6EzokOHq4dd0M7FTNK7HcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRBi/UR
2tozxxBd2iEWVn3ORlRblzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWE4NzU3YTMtNWIwZS00NDczLTlhM2ItODc2Y2MxMzRlMmJkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ADg
MA0GCSqGSIb3DQEBCwUAA4IBAQBdoT7Y3UBXO35tN8kXuveDAyqAoaAxUZsvnZ8k
cGAS7xAh+abXildmidyNYX/X5hiVB47NiU9XxRB+Bg4gK+ERDuLHSYSxPaARkMX+
9RWIk6LY+WXm9jcuT/Kp9UpuZLdYHOS1Xn4N2Lk41j1FHTsBiy74FWFpkq8GuaOE
a25y+lC7zoydr9PW2CQubyGcavA7MLym6EJN5ilns4ylYZCSTSsWjenRzAUHRXu9
13F0oIyxtXXk3rUr7ytNUhyPb0ULJf2NuErApZ4PoDq1nlFtLIE2zZmkwJGdM3+L
vjzT4ceK4eyvNUDqnxQsWDJUuYh22vN4ViFUSHJwBGXvjgaU
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:04 2025 by rpki-client