Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/21e2f5c8-e012-44d0-a6f2-c4a065b3b954.roa
File:                     21e2f5c8-e012-44d0-a6f2-c4a065b3b954.roa (raw, json)
Hash identifier:          YsVfgINyZbLc/hAhdSJ8Q3e2DcRgBkSdIVFTbU+v7QM=
Subject key identifier:   C5:05:C1:4D:E8:21:75:77:75:82:BA:B5:45:F2:27:B1:24:31:BF:37
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       35459DD54F751453C426A51AC906D20435888598
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/21e2f5c8-e012-44d0-a6f2-c4a065b3b954.roa
Signing time:             Fri 26 Sep 2025 19:41:50 +0000
ROA not before:           Fri 26 Sep 2025 19:41:50 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d034:4000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:45:9d:d5:4f:75:14:53:c4:26:a5:1a:c9:06:d2:04:35:88:85:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:41:50 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=b9ca088d4e65b7ec97b355e523170b179bcb87feb97c0426211f592c64f90b7c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:eb:55:8f:c0:ac:89:e4:f5:b5:43:08:57:df:
                    f5:42:c8:40:08:47:d5:4d:05:14:63:ef:70:2d:53:
                    40:f7:dc:47:af:f9:ad:43:06:f3:ed:9c:11:6f:09:
                    23:39:c2:c0:aa:0b:76:b7:01:d8:fe:fd:c7:cd:a0:
                    23:79:d4:66:30:2c:1d:9d:a0:3d:18:75:66:a3:1f:
                    59:51:36:21:c9:a8:31:f5:65:d4:9d:86:db:7a:a5:
                    c9:fa:f7:bb:1c:1f:af:ba:7c:ad:fe:17:b8:ba:83:
                    5f:51:6e:9f:06:0b:9b:45:b3:e1:87:88:4e:79:de:
                    fa:b7:15:9d:15:71:60:4c:0a:8e:98:50:1d:b6:54:
                    52:76:f2:34:82:26:4f:ae:99:d1:3b:13:60:da:cd:
                    7c:f7:22:84:dd:86:71:8a:b6:9b:72:72:a0:ac:ef:
                    2d:dc:9a:0c:03:d8:51:ab:30:25:c2:de:0b:28:51:
                    cd:c6:38:a2:b5:f2:61:37:f9:9f:db:17:43:d8:dd:
                    4e:42:41:6e:cb:f5:77:a9:75:be:a9:bc:3f:33:b8:
                    ca:74:c2:8c:53:ae:dd:43:61:c0:f7:cc:65:63:35:
                    d2:df:e4:1e:b5:92:6d:81:86:1e:aa:c8:8b:50:a1:
                    7b:7c:39:f6:60:e3:c8:a3:c3:89:7c:45:b0:42:80:
                    52:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:05:C1:4D:E8:21:75:77:75:82:BA:B5:45:F2:27:B1:24:31:BF:37
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/21e2f5c8-e012-44d0-a6f2-c4a065b3b954.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d034:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         84:5c:da:34:1a:0b:6c:85:28:e6:4c:c7:bc:af:51:5f:f9:8d:
         f1:e4:92:ca:77:38:40:55:93:3e:8a:f7:c6:a4:24:74:d1:80:
         2c:fa:9e:0d:ea:24:3e:b7:b1:07:b6:4a:0e:31:45:c9:d3:06:
         05:9b:b9:e6:4b:ca:10:13:e1:81:54:6b:74:66:05:a6:55:ab:
         c1:ae:28:b6:21:a8:dd:2e:7e:54:18:eb:ad:d9:15:bb:3a:78:
         bd:b8:70:83:1c:6e:0b:fd:39:38:de:87:8f:6d:19:e3:54:1a:
         2d:96:4e:ac:0e:19:4d:c2:82:10:fa:5a:46:27:df:c7:db:5e:
         69:65:cb:50:a4:aa:d2:ad:b0:ad:a9:45:db:de:fd:24:2e:26:
         50:0c:0a:fc:7e:80:5a:08:04:4b:c5:fb:15:ff:bf:87:39:d1:
         e1:75:1d:16:b3:0e:04:17:97:1c:3a:24:1f:13:25:e3:29:c3:
         42:44:99:48:bd:36:ad:90:82:88:7e:6a:56:17:77:ca:4c:f1:
         3e:35:7b:5a:4e:91:70:2b:b6:57:ca:fb:94:e4:e1:f9:09:52:
         8f:83:3c:67:e8:eb:86:30:d9:f7:2a:58:75:02:2e:42:e6:69:
         b0:66:88:b9:71:98:94:14:2b:aa:98:50:8b:a2:56:7e:c5:7b:
         b8:e1:64:27
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNUWd1U91FFPEJqUayQbSBDWIhZgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQxNTBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGI5Y2EwODhkNGU2NWI3ZWM5N2IzNTVlNTIzMTcwYjE3OWJjYjg3ZmViOTdj
MDQyNjIxMWY1OTJjNjRmOTBiN2MxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKvrVY/ArInk9bVDCFff9ULIQAhH1U0FFGPvcC1TQPfcR6/5rUMG8+2cEW8J
IznCwKoLdrcB2P79x82gI3nUZjAsHZ2gPRh1ZqMfWVE2IcmoMfVl1J2G23qlyfr3
uxwfr7p8rf4XuLqDX1FunwYLm0Wz4YeITnne+rcVnRVxYEwKjphQHbZUUnbyNIIm
T66Z0TsTYNrNfPcihN2GcYq2m3JyoKzvLdyaDAPYUaswJcLeCyhRzcY4orXyYTf5
n9sXQ9jdTkJBbsv1d6l1vqm8PzO4ynTCjFOu3UNhwPfMZWM10t/kHrWSbYGGHqrI
i1Che3w59mDjyKPDiXxFsEKAUgUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTFBcFN
6CF1d3WCurVF8iexJDG/NzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjFlMmY1YzgtZTAxMi00NGQwLWE2ZjItYzRhMDY1YjNiOTU0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DRA
MA0GCSqGSIb3DQEBCwUAA4IBAQCEXNo0GgtshSjmTMe8r1Ff+Y3x5JLKdzhAVZM+
ivfGpCR00YAs+p4N6iQ+t7EHtkoOMUXJ0wYFm7nmS8oQE+GBVGt0ZgWmVavBrii2
IajdLn5UGOut2RW7Oni9uHCDHG4L/Tk43oePbRnjVBotlk6sDhlNwoIQ+lpGJ9/H
215pZctQpKrSrbCtqUXb3v0kLiZQDAr8foBaCARLxfsV/7+HOdHhdR0Wsw4EF5cc
OiQfEyXjKcNCRJlIvTatkIKIfmpWF3fKTPE+NXtaTpFwK7ZXyvuU5OH5CVKPgzxn
6OuGMNn3Klh1Ai5C5mmwZoi5cZiUFCuqmFCLolZ+xXu44WQn
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:13 2025 by rpki-client