Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1c81ae85-a97a-41c4-97f7-3327ccf0dc21.roa
File:                     1c81ae85-a97a-41c4-97f7-3327ccf0dc21.roa (raw, json)
Hash identifier:          am25BEyo670kOVm5gTUXzvTCkYVNG7ZWdPZ8IM4sRdY=
Subject key identifier:   54:F6:32:8E:10:86:87:47:36:3C:2B:CA:08:1E:D3:45:07:F3:B6:EB
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       47787402F742F379D2A75758ECC1C8C088EE3141
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1c81ae85-a97a-41c4-97f7-3327ccf0dc21.roa
Signing time:             Fri 26 Sep 2025 18:51:31 +0000
ROA not before:           Fri 26 Sep 2025 18:51:31 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:a040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:78:74:02:f7:42:f3:79:d2:a7:57:58:ec:c1:c8:c0:88:ee:31:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:51:31 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=4773ce97bf6881423e8032729ad25eec75cb4342199cbfb1bf215241b347afdf, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2e:1c:11:a6:8e:32:93:03:ee:ad:80:99:6d:
                    af:55:ef:10:ea:f9:68:02:7a:d9:92:c4:5d:6e:9b:
                    e3:b3:0b:a8:07:3e:0c:bd:97:b3:81:6a:ff:d6:ef:
                    49:c2:5c:44:77:59:79:04:62:d2:1b:55:03:11:51:
                    1d:85:bd:0c:ce:3c:da:ba:18:31:d0:a3:dc:77:ae:
                    f0:84:ab:e1:9d:30:5b:32:8a:0b:1f:d0:83:02:35:
                    46:bd:98:44:89:0d:67:22:d2:48:42:92:77:19:31:
                    91:34:ef:e7:7c:3d:b4:28:35:47:8a:cf:46:51:d9:
                    04:48:b7:16:a6:be:39:df:f0:3c:d0:b5:d0:59:15:
                    b0:cd:5e:5d:50:e8:de:03:56:19:54:3c:bf:74:b9:
                    8a:f5:d9:7d:f8:a7:1c:b0:55:e9:e2:39:61:39:7d:
                    5c:84:09:6b:a5:1f:7c:07:df:d6:86:d1:94:76:79:
                    bc:66:5d:32:3c:8d:b7:48:b0:12:7f:bd:3a:b5:ce:
                    92:1d:68:12:8d:d5:70:3a:73:51:ba:58:cc:76:b8:
                    44:20:7a:49:e5:67:09:f9:74:2b:df:7e:96:89:94:
                    3b:f4:65:d6:ab:0a:86:b4:62:30:05:19:ac:40:32:
                    06:17:07:2c:7a:d9:df:3b:8e:f2:54:12:76:1f:6a:
                    ee:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:F6:32:8E:10:86:87:47:36:3C:2B:CA:08:1E:D3:45:07:F3:B6:EB
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1c81ae85-a97a-41c4-97f7-3327ccf0dc21.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:a040::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:0d:28:d0:7c:68:a5:72:27:cf:be:6a:08:83:72:6d:ad:0f:
         60:42:a0:6b:68:b1:02:46:31:33:3a:a9:f8:ae:65:9c:fd:9e:
         15:97:c1:3e:e0:b5:11:c9:c7:5b:b5:9a:cd:14:f1:d2:0d:9d:
         d7:f3:b2:62:aa:7e:5a:9e:96:57:e3:a4:8c:2d:fc:ff:c0:19:
         fb:6e:0a:94:5b:67:4c:09:28:99:4c:8b:b5:d4:10:31:ec:de:
         e0:c6:68:73:e7:f1:d8:55:96:10:85:1d:9d:14:ef:27:03:5f:
         bd:65:5e:f6:e3:39:89:4a:3d:50:ba:b3:97:36:30:ad:de:01:
         c3:59:50:61:6f:b3:6a:68:a9:54:8c:a5:18:2e:72:93:72:16:
         d8:15:58:2d:be:c9:bc:19:28:73:13:1d:44:eb:53:f8:d5:b0:
         55:3f:79:e2:98:77:b2:7d:52:63:9d:62:d2:b4:e9:a8:1b:95:
         ec:03:ba:83:a7:73:c4:b2:d8:ed:77:6a:67:97:5f:2e:b4:99:
         27:9b:2c:12:09:02:c2:dc:cb:7f:ef:cc:a6:6d:4a:41:96:c0:
         22:95:b4:0d:a7:95:51:7d:de:8b:d5:8f:4f:39:c4:ec:4b:32:
         bd:3f:fc:62:9c:d1:d5:5e:3b:e0:52:62:3b:69:a2:60:cc:49:
         c9:47:af:fc
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUR3h0AvdC83nSp1dY7MHIwIjuMUEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODUxMzFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ3NzNjZTk3YmY2ODgxNDIzZTgwMzI3MjlhZDI1ZWVjNzVjYjQzNDIxOTlj
YmZiMWJmMjE1MjQxYjM0N2FmZGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKQuHBGmjjKTA+6tgJltr1XvEOr5aAJ62ZLEXW6b47MLqAc+DL2Xs4Fq/9bv
ScJcRHdZeQRi0htVAxFRHYW9DM482roYMdCj3Heu8ISr4Z0wWzKKCx/QgwI1Rr2Y
RIkNZyLSSEKSdxkxkTTv53w9tCg1R4rPRlHZBEi3Fqa+Od/wPNC10FkVsM1eXVDo
3gNWGVQ8v3S5ivXZffinHLBV6eI5YTl9XIQJa6UffAff1obRlHZ5vGZdMjyNt0iw
En+9OrXOkh1oEo3VcDpzUbpYzHa4RCB6SeVnCfl0K99+lomUO/Rl1qsKhrRiMAUZ
rEAyBhcHLHrZ3zuO8lQSdh9q7scCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRU9jKO
EIaHRzY8K8oIHtNFB/O26zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWM4MWFlODUtYTk3YS00MWM0LTk3ZjctMzMyN2NjZjBkYzIxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACg
QDANBgkqhkiG9w0BAQsFAAOCAQEAWw0o0HxopXInz75qCINyba0PYEKga2ixAkYx
Mzqp+K5lnP2eFZfBPuC1EcnHW7WazRTx0g2d1/OyYqp+Wp6WV+OkjC38/8AZ+24K
lFtnTAkomUyLtdQQMeze4MZoc+fx2FWWEIUdnRTvJwNfvWVe9uM5iUo9ULqzlzYw
rd4Bw1lQYW+zamipVIylGC5yk3IW2BVYLb7JvBkocxMdROtT+NWwVT954ph3sn1S
Y51i0rTpqBuV7AO6g6dzxLLY7XdqZ5dfLrSZJ5ssEgkCwtzLf+/Mpm1KQZbAIpW0
DaeVUX3ei9WPTznE7EsyvT/8YpzR1V474FJiO2miYMxJyUev/A==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:53 2025 by rpki-client