Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d480b6d-25fc-4f37-b125-f45ce236f4ea.roa
File:                     1d480b6d-25fc-4f37-b125-f45ce236f4ea.roa (raw, json)
Hash identifier:          xJm/0YgxfLYaCjWIEMQhkiP9Y8IZtYggc3PgSUQIGxU=
Subject key identifier:   DE:C3:C8:E5:42:99:03:3C:93:C6:74:13:0E:8B:82:60:C0:80:6E:C4
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       38E171C6066110960438A07BAA1BD7F2D8927376
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d480b6d-25fc-4f37-b125-f45ce236f4ea.roa
Signing time:             Fri 26 Sep 2025 20:11:17 +0000
ROA not before:           Fri 26 Sep 2025 20:11:17 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d01d:800::/37 maxlen: 37
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:e1:71:c6:06:61:10:96:04:38:a0:7b:aa:1b:d7:f2:d8:92:73:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 20:11:17 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=2f177dc1047ebce627d037681762c6e0f9def5045a269cfa31a2c2b6e3fe746f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:71:89:da:27:9b:64:3b:2e:cc:86:19:8c:33:
                    09:49:27:d1:3c:5f:62:a9:bc:ab:81:1c:66:0d:90:
                    97:68:3d:1d:4a:a5:08:d7:df:24:62:fa:cf:8e:53:
                    2b:b3:1f:c0:8f:88:82:3c:64:21:13:5d:db:5c:09:
                    16:56:40:6e:f5:c2:5d:37:58:36:68:f8:f7:e3:c1:
                    6f:61:7d:82:66:43:3b:93:0a:64:50:f7:e8:b9:ce:
                    c8:71:55:c4:b4:bd:23:24:db:3b:c5:5a:aa:d3:12:
                    eb:42:5e:06:ff:ae:f0:41:bd:26:3a:e3:79:27:f0:
                    d0:b2:94:c4:45:1d:ba:1a:f7:64:ad:51:4c:eb:48:
                    ac:2e:7d:cb:4a:ca:f9:e9:0f:b0:53:12:16:d6:ed:
                    b1:44:ef:3c:ac:95:0a:a4:23:bc:a8:23:5d:04:5e:
                    15:77:d0:bb:dd:f1:d8:18:77:52:45:71:64:fc:88:
                    01:03:d6:ea:25:16:76:42:c2:f4:d2:bf:8c:07:04:
                    b1:d3:8f:ce:05:df:d2:b6:73:de:79:ab:9e:09:31:
                    76:8e:38:b7:a2:0d:81:4f:3c:be:dd:57:85:2a:79:
                    df:b3:a9:e1:13:77:98:d2:26:ca:da:76:96:d6:cd:
                    1b:d2:b2:d0:c9:fa:b2:de:98:d2:ca:20:47:73:88:
                    86:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:C3:C8:E5:42:99:03:3C:93:C6:74:13:0E:8B:82:60:C0:80:6E:C4
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d480b6d-25fc-4f37-b125-f45ce236f4ea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d01d:800::/37

    Signature Algorithm: sha256WithRSAEncryption
         c4:7c:fd:ea:ab:02:12:bb:e5:9a:ea:62:6c:6d:89:cb:3b:e8:
         80:b6:9c:fe:42:1f:d4:90:ae:ef:8e:5d:e1:3e:6c:e5:c1:d6:
         30:4a:ee:20:55:b2:da:44:e0:79:c1:fc:02:5c:37:14:ce:a4:
         f9:bb:52:30:46:ef:45:b0:4b:27:a3:b1:f0:97:00:50:98:ca:
         83:72:70:90:5f:b5:94:2c:05:cf:b6:fc:4d:59:7e:e4:1c:ed:
         dd:64:57:eb:e6:77:fa:5c:09:4a:1c:f5:8c:63:bb:ad:8e:3f:
         47:5c:ef:e0:a3:72:6d:6a:2b:bf:fb:79:ec:08:c0:b9:d8:bb:
         1f:e7:7f:c1:a1:a9:14:63:8a:51:1f:f9:c3:b7:7b:97:aa:91:
         7a:a9:18:20:a6:46:d8:1b:8f:81:65:95:9c:67:ec:ce:e4:b5:
         12:5f:bf:bb:14:73:9b:5f:3d:8a:5b:da:e2:51:5e:df:e9:ee:
         f9:28:4a:fe:f1:14:04:c4:f7:f3:c1:e5:d8:f5:e3:9c:4f:77:
         42:fd:55:da:a7:b3:11:87:e3:a4:e2:42:33:55:f6:e8:ad:05:
         46:1a:a3:3d:7d:d5:14:99:72:fb:29:24:ff:fe:94:2e:3b:4b:
         a4:95:54:ad:73:0b:fc:8b:96:34:75:7a:b5:b5:4f:55:d2:59:
         1d:9f:8b:70
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOOFxxgZhEJYEOKB7qhvX8tiSc3YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDExMTdaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDJmMTc3ZGMxMDQ3ZWJjZTYyN2QwMzc2ODE3NjJjNmUwZjlkZWY1MDQ1YTI2
OWNmYTMxYTJjMmI2ZTNmZTc0NmYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKRxidonm2Q7LsyGGYwzCUkn0TxfYqm8q4EcZg2Ql2g9HUqlCNffJGL6z45T
K7MfwI+IgjxkIRNd21wJFlZAbvXCXTdYNmj49+PBb2F9gmZDO5MKZFD36LnOyHFV
xLS9IyTbO8VaqtMS60JeBv+u8EG9JjrjeSfw0LKUxEUduhr3ZK1RTOtIrC59y0rK
+ekPsFMSFtbtsUTvPKyVCqQjvKgjXQReFXfQu93x2Bh3UkVxZPyIAQPW6iUWdkLC
9NK/jAcEsdOPzgXf0rZz3nmrngkxdo44t6INgU88vt1XhSp537Op4RN3mNImytp2
ltbNG9Ky0Mn6st6Y0sogR3OIhoECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTew8jl
QpkDPJPGdBMOi4JgwIBuxDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWQ0ODBiNmQtMjVmYy00ZjM3LWIxMjUtZjQ1Y2UyMzZmNGVhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAyoF0B0I
MA0GCSqGSIb3DQEBCwUAA4IBAQDEfP3qqwISu+Wa6mJsbYnLO+iAtpz+Qh/UkK7v
jl3hPmzlwdYwSu4gVbLaROB5wfwCXDcUzqT5u1IwRu9FsEsno7HwlwBQmMqDcnCQ
X7WULAXPtvxNWX7kHO3dZFfr5nf6XAlKHPWMY7utjj9HXO/go3Jtaiu/+3nsCMC5
2Lsf53/BoakUY4pRH/nDt3uXqpF6qRggpkbYG4+BZZWcZ+zO5LUSX7+7FHObXz2K
W9riUV7f6e75KEr+8RQExPfzweXY9eOcT3dC/VXap7MRh+Ok4kIzVfborQVGGqM9
fdUUmXL7KST//pQuO0uklVStcwv8i5Y0dXq1tU9V0lkdn4tw
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:45 2025 by rpki-client