Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2cee858e-c572-427b-8123-23b2e05abc40.roa
File:                     2cee858e-c572-427b-8123-23b2e05abc40.roa (raw, json)
Hash identifier:          gcuRlTuIF1oeDXdku/999vep0tyZVyRemUaz5nH6L1E=
Subject key identifier:   17:37:50:71:BE:87:C8:57:B0:CC:55:85:2B:55:C1:3D:42:65:E7:99
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3FF28C628F86E1CC56DB96B6271A70CF898157F1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2cee858e-c572-427b-8123-23b2e05abc40.roa
Signing time:             Fri 26 Sep 2025 18:20:11 +0000
ROA not before:           Fri 26 Sep 2025 18:20:11 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:c080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:f2:8c:62:8f:86:e1:cc:56:db:96:b6:27:1a:70:cf:89:81:57:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:20:11 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=84275b27896d17da78a11322f63fb25f509b936da14ec1e9763a9a6ce62b8e9a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:a7:65:d4:73:80:6b:2c:68:88:fd:51:29:1d:
                    f3:99:5e:8b:df:0d:c4:fb:75:c1:6a:57:ca:c4:0a:
                    79:e6:e6:56:fe:b1:56:76:52:17:e6:50:bc:08:c0:
                    5f:c4:53:56:e9:8e:ef:84:33:46:69:3e:d0:1f:e1:
                    2a:36:db:4f:5f:2c:88:ff:6e:cf:f6:bd:fc:9b:28:
                    27:e7:26:0a:0a:d7:52:b4:55:85:a1:73:22:ee:8d:
                    10:24:50:11:6c:4a:49:4e:92:1e:13:e6:cb:9d:11:
                    97:24:56:cf:1c:0d:71:7a:cb:63:87:64:1a:8c:db:
                    07:69:91:93:f7:05:e4:6b:8a:24:b7:64:9e:90:76:
                    09:74:a4:33:b0:a2:6f:1e:e9:dc:e9:d0:a1:d1:65:
                    1e:42:e3:54:4c:e4:7a:cd:26:dd:65:2f:62:ea:2f:
                    cf:5d:99:f9:de:74:cb:56:62:c7:f1:e9:bd:ca:61:
                    5f:b4:ef:10:1d:31:06:45:fc:d5:11:cf:ca:31:55:
                    3d:99:57:e4:91:2a:96:87:17:84:49:ec:20:45:d2:
                    49:e0:59:dc:4e:3b:12:27:c0:c7:b5:9c:e7:16:84:
                    d9:1a:2a:e7:86:00:8c:2a:55:80:7c:3b:23:ce:04:
                    37:f6:3f:21:35:41:f2:2b:f8:39:e0:cc:6b:96:03:
                    59:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:37:50:71:BE:87:C8:57:B0:CC:55:85:2B:55:C1:3D:42:65:E7:99
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2cee858e-c572-427b-8123-23b2e05abc40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:c080::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:c1:b8:f5:bd:13:25:f1:33:29:1a:2e:cd:86:c1:bb:20:20:
         d7:f4:30:4a:d2:5d:bd:cb:dc:f6:5f:de:74:3f:ff:18:31:8d:
         e0:60:29:93:0b:3a:ae:6e:e4:07:2f:23:64:f7:d3:d8:70:70:
         3c:64:c4:2d:f5:20:f9:bf:40:92:54:14:64:f6:a6:22:ca:e7:
         b1:93:b8:be:0d:1d:23:a5:b6:3e:0b:b2:c9:1e:37:52:77:00:
         ee:27:71:8d:db:36:18:9a:95:31:b0:14:60:0d:c2:27:71:3d:
         14:72:c8:cf:aa:0b:aa:28:c9:18:98:a3:9d:29:c5:29:8d:e0:
         73:e1:e3:70:2c:0f:6c:b0:00:c7:fa:89:59:4a:18:46:93:39:
         d1:3c:3a:27:82:33:8d:23:74:4b:c9:26:36:99:37:eb:e7:92:
         da:0b:74:d9:07:b9:32:63:58:54:23:f7:0d:a2:04:35:4d:d7:
         35:b2:ce:b7:47:e0:82:46:6c:be:e6:1f:31:b5:f5:2c:a9:a3:
         38:79:fa:d7:52:b0:a4:2e:6f:0c:98:5b:95:d2:98:8c:da:00:
         c6:1c:60:db:78:db:23:54:7b:a8:d9:3c:ee:fd:eb:90:4e:1c:
         21:57:18:b0:d4:e8:0b:96:d4:04:3d:02:e2:54:5b:f5:60:d1:
         d0:e7:12:c2
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUP/KMYo+G4cxW25a2Jxpwz4mBV/EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODIwMTFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDg0Mjc1YjI3ODk2ZDE3ZGE3OGExMTMyMmY2M2ZiMjVmNTA5YjkzNmRhMTRl
YzFlOTc2M2E5YTZjZTYyYjhlOWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOanZdRzgGssaIj9USkd85lei98NxPt1wWpXysQKeebmVv6xVnZSF+ZQvAjA
X8RTVumO74QzRmk+0B/hKjbbT18siP9uz/a9/JsoJ+cmCgrXUrRVhaFzIu6NECRQ
EWxKSU6SHhPmy50RlyRWzxwNcXrLY4dkGozbB2mRk/cF5GuKJLdknpB2CXSkM7Ci
bx7p3OnQodFlHkLjVEzkes0m3WUvYuovz12Z+d50y1Zix/HpvcphX7TvEB0xBkX8
1RHPyjFVPZlX5JEqlocXhEnsIEXSSeBZ3E47EifAx7Wc5xaE2Roq54YAjCpVgHw7
I84EN/Y/ITVB8iv4OeDMa5YDWZECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQXN1Bx
vofIV7DMVYUrVcE9QmXnmTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MmNlZTg1OGUtYzU3Mi00MjdiLTgxMjMtMjNiMmUwNWFiYzQwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HLA
gDANBgkqhkiG9w0BAQsFAAOCAQEAFsG49b0TJfEzKRouzYbBuyAg1/QwStJdvcvc
9l/edD//GDGN4GApkws6rm7kBy8jZPfT2HBwPGTELfUg+b9AklQUZPamIsrnsZO4
vg0dI6W2PguyyR43UncA7idxjds2GJqVMbAUYA3CJ3E9FHLIz6oLqijJGJijnSnF
KY3gc+HjcCwPbLAAx/qJWUoYRpM50Tw6J4IzjSN0S8kmNpk36+eS2gt02Qe5MmNY
VCP3DaIENU3XNbLOt0fggkZsvuYfMbX1LKmjOHn611KwpC5vDJhbldKYjNoAxhxg
23jbI1R7qNk87v3rkE4cIVcYsNToC5bUBD0C4lRb9WDR0OcSwg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:30 2025 by rpki-client