Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2f449809-abd8-4202-adc3-ce8dd1767b62.roa
File:                     2f449809-abd8-4202-adc3-ce8dd1767b62.roa (raw, json)
Hash identifier:          1QB4MLwAqKMTtPU00YgoVMxvXvXKcomKidRa9X8FZ/8=
Subject key identifier:   72:0C:30:DD:F8:D1:34:69:53:7C:45:07:63:CD:03:94:98:0A:CC:06
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5E2601440874B5F66ADA374CAF4E8F8B62458016
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2f449809-abd8-4202-adc3-ce8dd1767b62.roa
Signing time:             Fri 26 Sep 2025 19:20:11 +0000
ROA not before:           Fri 26 Sep 2025 19:20:11 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d038:5000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:26:01:44:08:74:b5:f6:6a:da:37:4c:af:4e:8f:8b:62:45:80:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:20:11 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=a3f9ff941c23006e4c15ca535241a9b1684a9dd74c272bbd3fc7edadaab347c5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:54:9d:02:97:70:a9:74:fa:df:05:f2:70:bf:
                    ac:cf:84:e6:89:c8:dc:f8:65:69:03:f7:cd:21:e8:
                    6a:9d:07:3e:52:1d:a9:5f:8c:d4:71:c8:a4:28:47:
                    f3:75:09:fb:2b:a5:2b:b7:ca:f4:47:f3:71:5b:10:
                    5f:df:8d:00:48:72:da:fa:51:53:c8:bc:ac:f0:ee:
                    ce:97:16:c2:11:2f:62:57:76:14:bc:dc:3e:55:f2:
                    70:bb:84:4d:91:d2:3c:e7:a0:b4:7a:8d:e3:f8:42:
                    e9:88:84:09:26:da:81:3b:2c:79:9c:42:c4:55:4d:
                    43:9a:ab:ec:ec:5e:a5:84:03:6f:91:c3:5d:e9:ca:
                    e2:ad:30:2c:2d:27:85:f6:8b:e0:9d:9c:af:82:76:
                    9c:46:fe:9d:1e:da:34:6c:cb:15:9c:e4:51:96:87:
                    79:35:ea:08:0b:87:44:9b:fd:ae:61:16:76:25:de:
                    e0:d9:04:ee:c9:91:09:d0:df:d7:88:0b:e0:30:b5:
                    2a:29:19:1f:55:a1:9a:45:78:43:62:07:35:f8:c0:
                    b2:ef:75:7f:79:a6:12:50:78:5c:da:78:d4:9a:a7:
                    e7:fc:0d:4f:5d:e6:f0:ad:08:3c:0f:c3:07:7b:e5:
                    84:eb:e9:7d:78:6a:cc:0b:a7:96:e9:83:d8:73:b6:
                    bd:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:0C:30:DD:F8:D1:34:69:53:7C:45:07:63:CD:03:94:98:0A:CC:06
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2f449809-abd8-4202-adc3-ce8dd1767b62.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d038:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         12:ad:1b:0d:04:23:66:08:19:82:2d:72:45:a0:2c:3e:5f:6b:
         b8:fb:78:8a:50:3c:75:4b:18:02:9a:8d:40:cc:11:b7:f9:e5:
         99:da:12:59:cb:4e:e7:d4:a2:80:50:fe:67:03:92:bc:4a:e5:
         91:52:b0:a4:bf:b1:fb:ea:3d:7d:9e:a8:2f:2a:25:26:ac:7d:
         70:18:56:94:0b:67:62:fd:88:c8:44:45:4c:a2:03:8d:6a:49:
         d1:cd:d8:af:7d:74:20:79:d0:9b:97:4c:b8:0d:4e:01:03:e6:
         b9:d3:78:91:1e:05:77:45:5a:11:bc:3c:4a:bd:8b:6a:9f:db:
         d1:67:c8:84:05:45:d9:f1:26:cf:74:d5:7a:dd:06:14:8c:04:
         98:7d:46:3b:10:db:01:ed:d1:52:99:f1:f5:7c:e7:5a:1d:2e:
         4a:14:33:e4:3f:34:c8:4b:a3:5f:71:bd:06:93:b5:b3:f2:a1:
         de:4c:f5:d8:1e:76:41:60:77:72:69:9f:7e:2e:7c:cc:58:f6:
         e6:c4:33:bf:f3:78:a0:66:ee:ff:94:d6:6b:e0:ef:5d:0f:40:
         2a:5a:bd:f5:a8:c1:78:92:4c:dd:27:dd:61:69:fb:39:8b:11:
         26:8d:d1:60:28:d8:91:04:d9:dc:7d:54:2c:c1:f1:b3:9d:e6:
         de:ae:b7:82
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXiYBRAh0tfZq2jdMr06Pi2JFgBYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTIwMTFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGEzZjlmZjk0MWMyMzAwNmU0YzE1Y2E1MzUyNDFhOWIxNjg0YTlkZDc0YzI3
MmJiZDNmYzdlZGFkYWFiMzQ3YzUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIdUnQKXcKl0+t8F8nC/rM+E5onI3PhlaQP3zSHoap0HPlIdqV+M1HHIpChH
83UJ+yulK7fK9EfzcVsQX9+NAEhy2vpRU8i8rPDuzpcWwhEvYld2FLzcPlXycLuE
TZHSPOegtHqN4/hC6YiECSbagTsseZxCxFVNQ5qr7OxepYQDb5HDXenK4q0wLC0n
hfaL4J2cr4J2nEb+nR7aNGzLFZzkUZaHeTXqCAuHRJv9rmEWdiXe4NkE7smRCdDf
14gL4DC1KikZH1WhmkV4Q2IHNfjAsu91f3mmElB4XNp41Jqn5/wNT13m8K0IPA/D
B3vlhOvpfXhqzAunlumD2HO2vQ0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRyDDDd
+NE0aVN8RQdjzQOUmArMBjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MmY0NDk4MDktYWJkOC00MjAyLWFkYzMtY2U4ZGQxNzY3YjYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DhQ
MA0GCSqGSIb3DQEBCwUAA4IBAQASrRsNBCNmCBmCLXJFoCw+X2u4+3iKUDx1SxgC
mo1AzBG3+eWZ2hJZy07n1KKAUP5nA5K8SuWRUrCkv7H76j19nqgvKiUmrH1wGFaU
C2di/YjIREVMogONaknRzdivfXQgedCbl0y4DU4BA+a503iRHgV3RVoRvDxKvYtq
n9vRZ8iEBUXZ8SbPdNV63QYUjASYfUY7ENsB7dFSmfH1fOdaHS5KFDPkPzTIS6Nf
cb0Gk7Wz8qHeTPXYHnZBYHdyaZ9+LnzMWPbmxDO/83igZu7/lNZr4O9dD0AqWr31
qMF4kkzdJ91hafs5ixEmjdFgKNiRBNncfVQswfGzneberreC
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:21 2025 by rpki-client