Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/216e1c1f-35c3-4c02-a0c3-0b5815c016d7.roa
File:                     216e1c1f-35c3-4c02-a0c3-0b5815c016d7.roa (raw, json)
Hash identifier:          sSF8DeoJ7aq2zVMT7xK/MJEdFSVLjf/hGbz9NpUXcBo=
Subject key identifier:   51:87:0E:28:9D:A5:6D:7D:79:5C:33:1F:2E:17:62:B4:68:4A:3E:33
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       13B85BF6C1BF44EFBACC0FFBD66F3CBE1DF30530
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/216e1c1f-35c3-4c02-a0c3-0b5815c016d7.roa
Signing time:             Fri 26 Sep 2025 18:39:42 +0000
ROA not before:           Fri 26 Sep 2025 18:39:42 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:40c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:b8:5b:f6:c1:bf:44:ef:ba:cc:0f:fb:d6:6f:3c:be:1d:f3:05:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:39:42 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=2bab098a5561db67e5c284b28c70f9250168f77def5046a1acb9c8eade9ba70e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:6c:80:6e:d6:af:e4:a3:da:71:e5:fa:e3:dd:
                    90:d8:73:29:b8:26:6b:93:ee:df:2d:84:4d:75:b4:
                    9c:0e:2b:a8:81:01:1f:21:7f:db:78:29:30:9b:7b:
                    a4:5c:99:61:2f:41:06:7e:a7:be:51:89:84:3f:ff:
                    13:18:b9:3b:e2:f0:97:d5:6a:33:f1:8b:9e:6b:51:
                    87:6c:58:95:72:50:18:a1:f5:93:84:87:1a:7b:dd:
                    6f:79:4b:5f:b2:ed:8d:76:ab:65:fe:26:ce:78:41:
                    a0:a7:5d:57:7e:e4:e7:4b:e0:25:e8:fb:05:bc:24:
                    d1:3d:a6:23:ca:5c:31:11:e7:2a:68:b1:7b:da:99:
                    e4:78:7c:cb:f8:7a:ba:cc:f5:7f:40:99:96:ee:44:
                    f3:15:ad:5f:12:e7:1f:d8:09:90:1e:4b:50:3a:e7:
                    ae:f1:0a:90:c0:24:a9:f6:48:0c:87:e8:23:3d:a0:
                    73:6b:2e:61:d9:e0:81:c6:44:1f:97:d3:5e:25:8a:
                    62:78:47:5e:cd:9a:8e:6a:84:ae:85:30:14:7b:16:
                    d4:8a:e7:55:d4:8a:f4:2a:7f:ca:13:5b:a0:b3:16:
                    cd:18:3f:a8:bc:48:31:4e:f4:9d:fa:aa:4c:9a:68:
                    4d:e9:05:c9:8f:fb:c0:8c:f9:c9:b4:4f:77:b8:69:
                    85:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:87:0E:28:9D:A5:6D:7D:79:5C:33:1F:2E:17:62:B4:68:4A:3E:33
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/216e1c1f-35c3-4c02-a0c3-0b5815c016d7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:40c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:38:a0:44:4e:43:d5:25:f4:2d:73:45:88:e2:6c:9f:26:2e:
         54:f8:e8:bc:45:57:40:a2:00:f3:7e:04:f9:80:15:94:74:01:
         8e:c5:f2:93:b2:21:27:dd:dd:52:b1:f0:42:25:f3:f2:4b:ce:
         30:39:7c:18:59:88:c1:3e:c9:5f:a0:0c:0e:ec:59:5b:c2:d5:
         5e:b6:bb:2e:03:9a:6d:6e:61:06:36:e2:4d:a9:95:86:0d:9a:
         b8:30:93:24:80:ba:95:75:e5:b4:5a:1b:73:1e:b0:e6:6e:2c:
         db:56:c2:5a:58:8d:31:dc:fd:6d:17:95:f5:af:0e:9b:99:31:
         30:ed:d2:e8:54:e2:c9:ac:50:86:3f:9a:63:5e:40:a6:02:c0:
         5c:ca:fb:db:59:87:1d:61:85:90:d8:ee:be:b9:81:a1:d1:ec:
         17:cf:16:19:ed:13:d8:43:80:bb:32:97:94:d3:a7:fb:67:b7:
         78:69:67:69:b3:73:12:61:8f:4e:80:f7:85:36:8e:cd:2a:b0:
         e4:48:1d:08:16:57:9b:9a:ff:d2:a1:0c:2b:79:bc:52:1b:a3:
         84:3b:fa:1e:e9:d1:aa:4a:23:c5:97:66:59:49:9c:13:87:da:
         51:d9:09:f1:45:75:a0:1d:04:c4:1f:e6:26:8f:93:f4:37:d6:
         59:77:e0:f3
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUE7hb9sG/RO+6zA/71m88vh3zBTAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODM5NDJaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDJiYWIwOThhNTU2MWRiNjdlNWMyODRiMjhjNzBmOTI1MDE2OGY3N2RlZjUw
NDZhMWFjYjljOGVhZGU5YmE3MGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI9sgG7Wr+Sj2nHl+uPdkNhzKbgma5Pu3y2ETXW0nA4rqIEBHyF/23gpMJt7
pFyZYS9BBn6nvlGJhD//Exi5O+Lwl9VqM/GLnmtRh2xYlXJQGKH1k4SHGnvdb3lL
X7LtjXarZf4mznhBoKddV37k50vgJej7Bbwk0T2mI8pcMRHnKmixe9qZ5Hh8y/h6
usz1f0CZlu5E8xWtXxLnH9gJkB5LUDrnrvEKkMAkqfZIDIfoIz2gc2suYdnggcZE
H5fTXiWKYnhHXs2ajmqEroUwFHsW1IrnVdSK9Cp/yhNboLMWzRg/qLxIMU70nfqq
TJpoTekFyY/7wIz5ybRPd7hphVUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRRhw4o
naVtfXlcMx8uF2K0aEo+MzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjE2ZTFjMWYtMzVjMy00YzAyLWEwYzMtMGI1ODE1YzAxNmQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HJA
wDANBgkqhkiG9w0BAQsFAAOCAQEAoTigRE5D1SX0LXNFiOJsnyYuVPjovEVXQKIA
834E+YAVlHQBjsXyk7IhJ93dUrHwQiXz8kvOMDl8GFmIwT7JX6AMDuxZW8LVXra7
LgOabW5hBjbiTamVhg2auDCTJIC6lXXltFobcx6w5m4s21bCWliNMdz9bReV9a8O
m5kxMO3S6FTiyaxQhj+aY15ApgLAXMr721mHHWGFkNjuvrmBodHsF88WGe0T2EOA
uzKXlNOn+2e3eGlnabNzEmGPToD3hTaOzSqw5EgdCBZXm5r/0qEMK3m8UhujhDv6
HunRqkojxZdmWUmcE4faUdkJ8UV1oB0ExB/mJo+T9DfWWXfg8w==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:40 2025 by rpki-client