Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2b0de12a-ec1d-465b-8f38-68a2dd6a19df.roa
File:                     2b0de12a-ec1d-465b-8f38-68a2dd6a19df.roa (raw, json)
Hash identifier:          1QW0q0LzIYUmgcMrrVYB5LLkplzxlC6kGwcJkiI6fRU=
Subject key identifier:   50:87:1A:66:14:F9:53:39:69:BB:3C:BF:E5:0B:5F:DE:4C:0E:33:07
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       57F86991735DF2E447BCBC13B174243C8B75FA55
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2b0de12a-ec1d-465b-8f38-68a2dd6a19df.roa
Signing time:             Fri 26 Sep 2025 19:11:03 +0000
ROA not before:           Fri 26 Sep 2025 19:11:03 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:6000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:f8:69:91:73:5d:f2:e4:47:bc:bc:13:b1:74:24:3c:8b:75:fa:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:11:03 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=8dc16eb9a93835cceb3b3422e30bd2a28b849c5b651edf56c0790232cf5777b6, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:62:71:8b:66:d3:f9:5b:e0:66:f8:05:7c:75:
                    f1:d7:02:2c:01:3b:49:7d:09:e9:6a:7e:d7:a9:23:
                    ff:f4:21:2f:71:f0:d4:33:01:90:47:7a:4b:19:4d:
                    69:14:80:76:aa:98:c8:1d:d8:8f:a2:4b:76:8f:65:
                    9c:59:65:a1:05:7a:c7:16:e7:55:7d:7f:80:57:25:
                    bd:84:bc:ec:46:04:7c:29:68:19:16:7a:d2:82:99:
                    2b:a6:58:0e:a5:8c:c5:a1:38:0c:a0:71:4e:7a:cd:
                    48:c7:a3:75:f0:35:30:71:74:54:12:2c:78:a2:8b:
                    b1:21:6b:53:27:c6:2b:d3:69:ae:e8:07:be:0e:73:
                    a6:3c:d2:7f:0d:39:d3:9d:3c:3c:75:3e:3d:07:a7:
                    e4:b5:89:73:2c:fc:f1:bf:86:f8:91:2a:19:eb:9c:
                    5e:f6:84:ae:32:77:76:1f:81:d5:a0:23:aa:b7:5d:
                    90:17:be:10:fc:bd:65:58:09:c7:62:f8:09:e6:0c:
                    a3:ca:e8:83:68:ca:c4:fd:38:e2:6d:eb:26:62:17:
                    bf:52:77:3b:ae:6c:a1:50:7d:27:22:0e:d3:65:c1:
                    67:62:f5:54:f9:e9:45:52:18:ba:59:4b:b9:19:2a:
                    e8:8d:be:c1:e9:06:18:e8:2c:b6:00:92:9a:a3:e6:
                    0a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:87:1A:66:14:F9:53:39:69:BB:3C:BF:E5:0B:5F:DE:4C:0E:33:07
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2b0de12a-ec1d-465b-8f38-68a2dd6a19df.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         46:29:e1:fc:26:5e:4c:a6:3e:00:c4:c9:6b:bd:a7:3e:c1:4d:
         15:64:c9:a3:b6:a2:65:15:11:3a:66:d2:96:e0:45:23:27:70:
         79:33:f2:74:46:02:f3:29:06:b1:55:70:57:c0:f8:0e:58:36:
         cf:e2:b0:c7:7c:8c:1c:fd:ca:5b:c3:b9:19:3a:df:be:12:35:
         f9:d2:92:bd:1b:0b:86:71:a5:4e:5c:e0:97:1f:ae:30:67:65:
         22:f1:57:d5:fa:cd:b6:0b:c5:e2:45:70:ee:1d:9d:ea:b4:57:
         ac:cd:cd:ab:12:6f:34:92:22:e5:0e:04:d4:f2:57:69:29:ed:
         cb:28:eb:3f:2c:17:a3:04:3d:e6:21:61:c3:b6:62:f4:96:9a:
         61:d5:84:89:a8:7a:fb:93:c3:0d:cb:0c:c0:2f:09:85:1c:5f:
         8e:66:9a:90:49:64:88:59:4c:bd:f8:6a:f3:79:8c:9a:38:5c:
         9a:c7:3f:f5:5b:b4:3d:5e:6d:af:a1:7e:ad:37:90:04:63:e0:
         0a:c9:2a:2d:7a:7b:b9:e7:aa:0c:24:6a:86:b9:66:63:72:dc:
         3c:e2:bb:74:24:60:bb:a0:14:20:bb:b6:66:ae:ba:3e:e8:a9:
         a0:86:3a:59:e2:82:0f:60:12:a9:e2:cb:0b:53:5c:ad:2d:f5:
         5c:79:6f:69
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUV/hpkXNd8uRHvLwTsXQkPIt1+lUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTExMDNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDhkYzE2ZWI5YTkzODM1Y2NlYjNiMzQyMmUzMGJkMmEyOGI4NDljNWI2NTFl
ZGY1NmMwNzkwMjMyY2Y1Nzc3YjYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALdicYtm0/lb4Gb4BXx18dcCLAE7SX0J6Wp+16kj//QhL3Hw1DMBkEd6SxlN
aRSAdqqYyB3Yj6JLdo9lnFlloQV6xxbnVX1/gFclvYS87EYEfCloGRZ60oKZK6ZY
DqWMxaE4DKBxTnrNSMejdfA1MHF0VBIseKKLsSFrUyfGK9NprugHvg5zpjzSfw05
0508PHU+PQen5LWJcyz88b+G+JEqGeucXvaErjJ3dh+B1aAjqrddkBe+EPy9ZVgJ
x2L4CeYMo8rog2jKxP044m3rJmIXv1J3O65soVB9JyIO02XBZ2L1VPnpRVIYullL
uRkq6I2+wekGGOgstgCSmqPmCpMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRQhxpm
FPlTOWm7PL/lC1/eTA4zBzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MmIwZGUxMmEtZWMxZC00NjViLThmMzgtNjhhMmRkNmExOWRmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ABg
MA0GCSqGSIb3DQEBCwUAA4IBAQBGKeH8Jl5Mpj4AxMlrvac+wU0VZMmjtqJlFRE6
ZtKW4EUjJ3B5M/J0RgLzKQaxVXBXwPgOWDbP4rDHfIwc/cpbw7kZOt++EjX50pK9
GwuGcaVOXOCXH64wZ2Ui8VfV+s22C8XiRXDuHZ3qtFeszc2rEm80kiLlDgTU8ldp
Ke3LKOs/LBejBD3mIWHDtmL0lpph1YSJqHr7k8MNywzALwmFHF+OZpqQSWSIWUy9
+GrzeYyaOFyaxz/1W7Q9Xm2voX6tN5AEY+AKySotenu556oMJGqGuWZjctw84rt0
JGC7oBQgu7Zmrro+6KmghjpZ4oIPYBKp4ssLU1ytLfVceW9p
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:54 2025 by rpki-client