Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a961f3a-fb71-4357-a4fc-28c4024b0441.roa
File:                     1a961f3a-fb71-4357-a4fc-28c4024b0441.roa (raw, json)
Hash identifier:          mNLnIT2waZv1AQMM+sr391HkOnpmZg9Q9YRO5+w4bEM=
Subject key identifier:   D0:9C:9C:C0:61:02:BD:07:3E:38:B3:02:E2:C4:A2:53:D3:72:E1:46
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       27D5D9D39E6C2B1ED1E33586DE17FADE432A608E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a961f3a-fb71-4357-a4fc-28c4024b0441.roa
Signing time:             Mon 13 Oct 2025 18:00:02 +0000
ROA not before:           Mon 13 Oct 2025 18:00:02 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000::/25 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:d5:d9:d3:9e:6c:2b:1e:d1:e3:35:86:de:17:fa:de:43:2a:60:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 18:00:02 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=f84ac8c4797c8307e083265498b6ed3c5eb524064d661a939a055754b6726ddf, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:78:0f:2c:21:3f:05:35:86:91:9b:41:7b:43:
                    bb:96:4c:cb:14:50:74:9a:9b:7d:72:5e:68:97:5b:
                    6e:d8:7c:0c:42:95:c1:e1:fa:ab:f4:01:ab:df:62:
                    e6:1e:58:c5:2f:75:ea:cb:15:54:e9:b0:e7:c1:47:
                    d5:fd:96:ea:6b:2e:5f:c0:80:11:a1:cd:e0:a2:f1:
                    83:b2:d9:f5:d4:2a:c8:d8:34:49:be:20:18:96:7a:
                    72:4b:93:8b:59:5a:ee:a1:8b:29:2f:ed:0f:60:ab:
                    2d:49:b8:32:32:f3:9b:11:21:c6:bb:0e:79:c0:80:
                    1d:08:2f:df:9d:ae:02:aa:22:cf:d5:09:46:3e:2d:
                    11:fe:d9:8a:13:9d:1d:95:ab:2b:92:1e:94:9e:62:
                    d8:8a:93:08:18:5d:90:0a:fe:67:20:ee:4f:a6:4a:
                    9b:14:78:23:17:9d:ab:ce:a3:49:43:83:2a:cc:41:
                    df:6e:74:21:4f:88:a4:c2:89:1c:1b:51:b7:f6:49:
                    b6:f7:86:d8:33:87:54:bc:90:fa:a3:e9:09:84:c0:
                    49:d9:d1:83:70:c1:b5:42:0a:6b:4e:bf:aa:6a:b6:
                    80:3e:f9:34:c6:87:8b:36:68:a4:a6:61:e7:93:e2:
                    4e:c8:00:9b:33:32:b0:a5:b4:de:eb:6c:31:11:72:
                    09:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:9C:9C:C0:61:02:BD:07:3E:38:B3:02:E2:C4:A2:53:D3:72:E1:46
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a961f3a-fb71-4357-a4fc-28c4024b0441.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000::/25

    Signature Algorithm: sha256WithRSAEncryption
         a5:92:a8:75:e9:bb:d5:a0:71:76:b6:e6:22:52:84:ff:e5:4f:
         3f:f2:cc:54:58:aa:b7:87:c2:4d:ab:29:a3:41:d4:41:d6:ea:
         c0:37:d5:ab:5e:70:f4:33:31:54:6a:68:88:bb:95:ef:b2:0d:
         9a:e4:66:f7:79:31:e4:e2:a1:26:54:c5:7e:af:b4:9f:1b:5b:
         e4:d9:5d:97:30:3e:01:b3:81:a1:27:14:33:19:4a:18:ee:30:
         02:0d:0e:b1:6f:96:48:59:8a:51:d7:10:1e:8f:15:77:5d:15:
         80:f8:e1:ae:97:6c:0d:71:41:95:39:8a:67:15:27:cb:59:ee:
         11:a4:74:76:44:cb:4d:a0:c0:52:aa:8a:9d:a8:ac:25:62:b4:
         79:d0:a2:f0:b6:42:32:5e:fd:d4:bf:21:0b:23:cc:5e:bc:c2:
         f2:f8:50:3d:99:bb:7d:ca:56:69:c6:37:1f:ce:d4:34:70:b8:
         8d:0f:be:79:54:ad:10:9e:26:1f:ac:8e:2b:31:fe:50:c4:f8:
         88:04:53:a0:d1:3a:3e:e6:74:7e:c8:0d:63:3e:0c:6b:ef:9d:
         c7:fe:b8:bb:0f:af:57:12:10:d9:ba:d1:a7:51:75:cd:b0:d6:
         dc:43:1b:e6:b1:12:2a:40:6f:c2:48:85:0d:b3:c4:32:6c:ba:
         b7:58:ee:6b
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUJ9XZ055sKx7R4zWG3hf63kMqYI4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxODAwMDJaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQGY4NGFjOGM0Nzk3YzgzMDdlMDgzMjY1NDk4YjZlZDNjNWViNTI0MDY0ZDY2
MWE5MzlhMDU1NzU0YjY3MjZkZGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPd4DywhPwU1hpGbQXtDu5ZMyxRQdJqbfXJeaJdbbth8DEKVweH6q/QBq99i
5h5YxS916ssVVOmw58FH1f2W6msuX8CAEaHN4KLxg7LZ9dQqyNg0Sb4gGJZ6ckuT
i1la7qGLKS/tD2CrLUm4MjLzmxEhxrsOecCAHQgv352uAqoiz9UJRj4tEf7ZihOd
HZWrK5IelJ5i2IqTCBhdkAr+ZyDuT6ZKmxR4Ixedq86jSUODKsxB3250IU+IpMKJ
HBtRt/ZJtveG2DOHVLyQ+qPpCYTASdnRg3DBtUIKa06/qmq2gD75NMaHizZopKZh
55PiTsgAmzMysKW03utsMRFyCSUCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBTQnJzA
YQK9Bz44swLixKJT03LhRjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWE5NjFmM2EtZmI3MS00MzU3LWE0ZmMtMjhjNDAyNGIwNDQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFByoF0AAw
DQYJKoZIhvcNAQELBQADggEBAKWSqHXpu9WgcXa25iJShP/lTz/yzFRYqreHwk2r
KaNB1EHW6sA31atecPQzMVRqaIi7le+yDZrkZvd5MeTioSZUxX6vtJ8bW+TZXZcw
PgGzgaEnFDMZShjuMAINDrFvlkhZilHXEB6PFXddFYD44a6XbA1xQZU5imcVJ8tZ
7hGkdHZEy02gwFKqip2orCVitHnQovC2QjJe/dS/IQsjzF68wvL4UD2Zu33KVmnG
Nx/O1DRwuI0PvnlUrRCeJh+sjisx/lDE+IgEU6DROj7mdH7IDWM+DGvvncf+uLsP
r1cSENm60adRdc2w1txDG+axEipAb8JIhQ2zxDJsurdY7ms=
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:33 2025 by rpki-client