Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/278dd4fa-de02-446c-a4ac-184c5f35a577.roa
File:                     278dd4fa-de02-446c-a4ac-184c5f35a577.roa (raw, json)
Hash identifier:          THKc6qPeFkLwIbWaBUKl7IjL9CXES92026EagTuP1Po=
Subject key identifier:   06:74:EB:BB:A4:79:6D:7B:F5:CD:96:50:62:29:B6:AE:29:CF:0F:4F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       768551EA0ED3A083853CC6BCCCAAEC0CBB65B293
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/278dd4fa-de02-446c-a4ac-184c5f35a577.roa
Signing time:             Fri 26 Sep 2025 19:00:14 +0000
ROA not before:           Fri 26 Sep 2025 19:00:14 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:a000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:85:51:ea:0e:d3:a0:83:85:3c:c6:bc:cc:aa:ec:0c:bb:65:b2:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:00:14 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=76a5fb66cc42794ca6d44e815623e73b573a57de931096e71004a3a8a953aa45, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f3:d0:4f:3d:25:9b:3c:87:58:8e:12:d2:6e:
                    38:c3:ec:73:4c:7d:4a:18:3a:32:f0:53:2a:a0:f3:
                    93:5c:ab:60:58:ce:be:e5:e0:44:ed:79:7f:f6:70:
                    7e:bb:ea:a7:ec:5c:82:2e:15:f7:7d:07:89:de:e4:
                    05:49:28:96:a9:59:76:86:f0:29:a3:04:10:8f:4d:
                    25:cd:ef:6c:6b:ff:73:11:a6:03:f3:71:f8:36:fa:
                    96:a5:7c:88:93:02:ce:5e:c0:ce:5f:a8:2b:48:51:
                    ab:5e:fe:50:9a:32:17:74:5a:e0:76:fb:60:99:8c:
                    53:f9:c3:0f:c4:31:ca:38:f7:12:83:bd:1e:42:57:
                    43:7d:ab:d5:d5:d9:2d:5b:0f:1d:00:3c:05:24:33:
                    2d:e9:36:9d:d1:43:2d:76:ac:d6:42:a0:bc:78:37:
                    27:8d:26:d3:76:a4:b0:7b:80:19:21:cc:b9:7e:d2:
                    a0:7a:fb:62:1b:7f:1a:94:e3:f2:8c:1f:3d:05:c1:
                    9c:5c:e8:0d:e9:fe:ca:19:de:2d:71:1e:71:c6:7b:
                    82:1b:15:cd:c2:90:18:be:35:ee:74:09:0d:94:2b:
                    b2:bb:35:55:3a:41:d9:ce:64:a1:3d:f4:32:b0:35:
                    54:6a:31:5f:8e:53:8e:e1:ed:01:ab:af:76:7e:3b:
                    9b:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:74:EB:BB:A4:79:6D:7B:F5:CD:96:50:62:29:B6:AE:29:CF:0F:4F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/278dd4fa-de02-446c-a4ac-184c5f35a577.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         ab:66:92:99:70:33:74:28:4b:01:44:f9:98:1a:57:61:8a:35:
         50:0e:1f:7c:dd:d0:79:5a:89:2a:8c:66:42:72:7d:e7:75:67:
         88:80:51:c5:88:06:f8:df:fc:7b:65:a8:70:64:28:42:61:7c:
         d2:11:f0:e8:e6:b2:fb:98:02:4b:89:88:b0:77:fd:0a:c8:8e:
         94:32:40:8c:db:52:02:39:d4:bc:26:8e:d5:e5:a1:c0:1b:7d:
         11:6a:7e:27:88:8b:6a:60:05:cd:e2:69:65:74:04:ee:59:62:
         e4:60:62:ac:86:de:4b:9a:a6:21:15:06:2f:0e:aa:fe:8e:e3:
         bb:5c:c7:0c:f6:41:21:de:f9:e9:71:6a:21:aa:ae:c7:4a:bc:
         35:a3:e7:6c:93:3a:62:e9:63:a5:f7:29:c7:8c:48:41:c1:da:
         e4:44:8a:f2:ad:18:1d:f3:26:4c:64:92:a6:81:f8:b3:f4:f5:
         e7:9d:3c:3f:c6:1d:81:e0:44:1c:0f:07:6d:86:a7:47:82:48:
         80:b4:ed:16:06:64:09:32:0a:18:f8:11:7e:5e:f1:36:c3:6d:
         e9:e5:3a:7d:01:0b:40:d8:d3:9d:a9:50:8b:c9:af:97:94:b6:
         c9:0e:d3:0f:f0:3c:5f:37:c5:93:fa:b7:b3:6b:46:9e:c1:20:
         26:8d:dc:ca
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdoVR6g7ToIOFPMa8zKrsDLtlspMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTAwMTRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDc2YTVmYjY2Y2M0Mjc5NGNhNmQ0NGU4MTU2MjNlNzNiNTczYTU3ZGU5MzEw
OTZlNzEwMDRhM2E4YTk1M2FhNDUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL/z0E89JZs8h1iOEtJuOMPsc0x9Shg6MvBTKqDzk1yrYFjOvuXgRO15f/Zw
frvqp+xcgi4V930Hid7kBUkolqlZdobwKaMEEI9NJc3vbGv/cxGmA/Nx+Db6lqV8
iJMCzl7Azl+oK0hRq17+UJoyF3Ra4Hb7YJmMU/nDD8Qxyjj3EoO9HkJXQ32r1dXZ
LVsPHQA8BSQzLek2ndFDLXas1kKgvHg3J40m03aksHuAGSHMuX7SoHr7Yht/GpTj
8owfPQXBnFzoDen+yhneLXEeccZ7ghsVzcKQGL417nQJDZQrsrs1VTpB2c5koT30
MrA1VGoxX45TjuHtAauvdn47mz0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQGdOu7
pHlte/XNllBiKbauKc8PTzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Mjc4ZGQ0ZmEtZGUwMi00NDZjLWE0YWMtMTg0YzVmMzVhNTc3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H+g
MA0GCSqGSIb3DQEBCwUAA4IBAQCrZpKZcDN0KEsBRPmYGldhijVQDh983dB5Wokq
jGZCcn3ndWeIgFHFiAb43/x7ZahwZChCYXzSEfDo5rL7mAJLiYiwd/0KyI6UMkCM
21ICOdS8Jo7V5aHAG30Ran4niItqYAXN4mlldATuWWLkYGKsht5LmqYhFQYvDqr+
juO7XMcM9kEh3vnpcWohqq7HSrw1o+dskzpi6WOl9ynHjEhBwdrkRIryrRgd8yZM
ZJKmgfiz9PXnnTw/xh2B4EQcDwdthqdHgkiAtO0WBmQJMgoY+BF+XvE2w23p5Tp9
AQtA2NOdqVCLya+XlLbJDtMP8DxfN8WT+reza0aewSAmjdzK
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:21 2025 by rpki-client