Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ba2d063-915b-4ef5-b1b8-00d73dc8a31a.roa
File:                     1ba2d063-915b-4ef5-b1b8-00d73dc8a31a.roa (raw, json)
Hash identifier:          FROjfsJz/+M/klJnt2n3utP4u5Tx6VP5YZmTsuPj7rs=
Subject key identifier:   8A:04:19:CD:37:DB:04:16:BF:A8:CC:86:BA:FF:B9:CF:92:C9:09:E1
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0E0B897F4D996BDC4CC41061ED88446B42B50EFC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ba2d063-915b-4ef5-b1b8-00d73dc8a31a.roa
Signing time:             Mon 29 Sep 2025 15:24:13 +0000
ROA not before:           Mon 29 Sep 2025 15:24:13 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d034:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:0b:89:7f:4d:99:6b:dc:4c:c4:10:61:ed:88:44:6b:42:b5:0e:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 29 15:24:13 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=a596170d28fd7e34c2a06a7d8753ad047ab81bcaf1b465ec325e0997a5460395, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:31:19:9a:1c:b5:3c:c4:c4:5c:fc:cd:39:a6:
                    74:53:4c:d6:a8:b0:a1:d6:8a:c3:7a:00:30:ef:3c:
                    03:40:6e:89:d8:b1:bd:56:48:48:c9:4e:64:83:ca:
                    c3:9d:7e:7f:75:dd:e0:63:41:f0:33:2d:96:3e:25:
                    5d:1c:c3:d0:f5:9d:47:47:88:d3:a6:f8:22:85:4b:
                    63:3b:da:d8:9e:9c:78:2c:8f:58:1d:87:4d:74:47:
                    2a:4c:17:d6:02:82:f0:25:4b:9a:3e:79:74:93:d6:
                    d1:43:ec:b4:6d:9f:84:24:a6:05:8d:1b:cd:52:d1:
                    ee:78:11:e4:d3:fb:ed:d3:cf:2a:1c:57:64:d3:66:
                    46:76:6c:60:ac:2d:4e:bd:44:96:a0:01:47:8e:a9:
                    90:53:0a:89:ea:e4:8e:8a:03:15:73:bc:53:40:e9:
                    9e:93:d6:de:f8:5f:de:1f:c4:a4:fa:7e:f5:6b:a1:
                    64:cb:c8:a0:f3:63:32:d0:ea:f1:7b:c5:61:86:3a:
                    0e:c7:46:8f:45:02:2b:6a:36:15:e1:d2:05:b8:ff:
                    81:ee:b6:bd:de:69:19:1b:82:5d:60:53:17:e1:60:
                    93:5e:36:5b:b7:f8:75:ae:74:f1:26:44:d2:b6:a6:
                    35:de:71:72:9e:17:35:eb:02:f1:5a:a0:c1:29:75:
                    4f:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:04:19:CD:37:DB:04:16:BF:A8:CC:86:BA:FF:B9:CF:92:C9:09:E1
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ba2d063-915b-4ef5-b1b8-00d73dc8a31a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d034:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b9:45:e4:59:64:80:b8:6a:57:bd:3a:fc:de:fb:5a:66:e2:68:
         ab:6c:bb:6b:24:f8:f7:c8:73:c3:2f:0b:25:20:f1:1a:0f:74:
         24:c2:86:1d:14:02:03:50:ff:1a:dc:89:96:18:9a:8f:2b:ab:
         00:0b:2d:8a:d9:e5:36:4a:bd:3c:01:83:44:6c:61:ca:f2:f1:
         21:03:c7:fd:95:48:1c:39:aa:9f:c8:e9:a3:8f:a9:c9:01:67:
         44:8e:e7:b9:76:ad:e0:54:61:88:4b:cf:1a:28:f0:dc:4f:c2:
         92:a2:e1:17:a1:99:c3:09:d7:aa:25:60:9a:3e:e6:5f:ff:79:
         38:0c:b3:7e:48:c1:92:f2:9c:76:62:71:49:b5:80:4f:4d:9e:
         b4:71:cf:0f:7c:e2:51:7c:ea:4b:a7:69:5c:5a:b6:28:81:1e:
         67:dc:10:6e:b8:33:c7:28:e8:80:9c:5d:81:37:8f:64:91:ea:
         f6:1c:68:ec:86:2a:1e:84:c5:1f:21:56:6d:8c:95:01:10:55:
         dd:bb:57:b1:f4:42:6b:46:29:d5:9f:96:b5:ff:af:cf:b6:13:
         f0:24:86:fd:91:e0:a5:57:25:68:5c:71:84:9d:f5:3a:18:85:
         b3:84:ab:ac:7d:c8:8d:bb:a9:e2:af:d6:35:f6:92:74:d1:e9:
         4a:cd:73:7d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDguJf02Za9xMxBBh7YhEa0K1DvwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjkxNTI0MTNaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGE1OTYxNzBkMjhmZDdlMzRjMmEwNmE3ZDg3NTNhZDA0N2FiODFiY2FmMWI0
NjVlYzMyNWUwOTk3YTU0NjAzOTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALgxGZoctTzExFz8zTmmdFNM1qiwodaKw3oAMO88A0BuidixvVZISMlOZIPK
w51+f3Xd4GNB8DMtlj4lXRzD0PWdR0eI06b4IoVLYzva2J6ceCyPWB2HTXRHKkwX
1gKC8CVLmj55dJPW0UPstG2fhCSmBY0bzVLR7ngR5NP77dPPKhxXZNNmRnZsYKwt
Tr1ElqABR46pkFMKierkjooDFXO8U0DpnpPW3vhf3h/EpPp+9WuhZMvIoPNjMtDq
8XvFYYY6DsdGj0UCK2o2FeHSBbj/ge62vd5pGRuCXWBTF+Fgk142W7f4da508SZE
0ramNd5xcp4XNesC8VqgwSl1T5UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSKBBnN
N9sEFr+ozIa6/7nPkskJ4TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWJhMmQwNjMtOTE1Yi00ZWY1LWIxYjgtMDBkNzNkYzhhMzFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DRg
MA0GCSqGSIb3DQEBCwUAA4IBAQC5ReRZZIC4ale9Ovze+1pm4mirbLtrJPj3yHPD
LwslIPEaD3QkwoYdFAIDUP8a3ImWGJqPK6sACy2K2eU2Sr08AYNEbGHK8vEhA8f9
lUgcOaqfyOmjj6nJAWdEjue5dq3gVGGIS88aKPDcT8KSouEXoZnDCdeqJWCaPuZf
/3k4DLN+SMGS8px2YnFJtYBPTZ60cc8PfOJRfOpLp2lcWrYogR5n3BBuuDPHKOiA
nF2BN49kker2HGjshioehMUfIVZtjJUBEFXdu1ex9EJrRinVn5a1/6/PthPwJIb9
keClVyVoXHGEnfU6GIWzhKusfciNu6nir9Y19pJ00elKzXN9
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:07 2025 by rpki-client