Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/332d3a7e-56bb-435c-b479-a81f23cb0414.roa
File:                     332d3a7e-56bb-435c-b479-a81f23cb0414.roa (raw, json)
Hash identifier:          dBRujoRLSE0+6zSdo3vxgbgucqBzV+QVjC6ytBZOh8A=
Subject key identifier:   0B:13:72:01:C4:A6:B3:4A:E9:FC:19:4C:31:7D:46:4D:66:DF:BA:2F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6A9BD9F5F78B8A6F1BDBB2E8475C2347A3955C59
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/332d3a7e-56bb-435c-b479-a81f23cb0414.roa
Signing time:             Fri 26 Sep 2025 20:10:59 +0000
ROA not before:           Fri 26 Sep 2025 20:10:59 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        79.125.28.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:9b:d9:f5:f7:8b:8a:6f:1b:db:b2:e8:47:5c:23:47:a3:95:5c:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 20:10:59 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=4000339d915e11024cec285eacc6784618ef148ec0af1be5e93438d885c77388, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:95:75:43:93:15:91:8d:0e:03:88:81:c5:5b:
                    9c:31:c7:a9:e0:8e:24:88:79:a9:fd:ba:af:65:b7:
                    eb:73:4f:89:ef:a4:52:ad:81:7c:25:2a:97:31:93:
                    2d:34:f0:10:a2:bd:89:86:33:4b:b0:cc:a4:9b:74:
                    30:a6:d2:c0:08:d1:29:9e:1f:f1:10:23:b5:c2:1c:
                    26:1d:5a:2a:80:fb:88:bd:b3:e8:ff:8b:0a:d8:27:
                    9d:c6:ef:64:f5:69:d0:0a:4a:29:2c:48:1a:8d:ae:
                    e0:83:77:77:b7:08:9a:a3:85:bd:6d:d7:9b:cf:92:
                    c8:7e:a8:04:79:67:12:43:f3:41:89:60:82:bb:58:
                    05:4c:f7:c0:48:09:53:75:a0:8c:d0:1d:7e:84:f6:
                    83:45:4b:b7:17:a4:a4:ea:ae:f4:98:1d:89:11:88:
                    59:44:f3:50:a8:62:f4:2a:15:8a:4b:4e:82:0d:5d:
                    e9:15:27:dd:1b:32:77:7b:30:5a:e9:85:03:a4:c5:
                    45:e9:a9:8b:ff:57:2f:5d:94:16:29:a4:cd:64:1b:
                    d8:ae:f5:a6:7e:4f:b9:8f:42:c8:e4:3e:b2:9a:3b:
                    4f:51:6d:e1:af:5f:aa:4f:10:03:a8:fa:c6:47:ea:
                    fe:12:fd:ea:e4:51:05:60:d5:45:72:73:f1:56:0b:
                    c8:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:13:72:01:C4:A6:B3:4A:E9:FC:19:4C:31:7D:46:4D:66:DF:BA:2F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/332d3a7e-56bb-435c-b479-a81f23cb0414.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.125.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:25:53:3d:ac:4c:54:bc:13:38:0e:2b:97:c2:0f:b4:d2:12:
         4b:b1:8b:7a:54:f5:1c:5e:06:c0:b2:7d:85:f6:a2:78:4d:29:
         72:70:b3:5a:7a:4b:1a:d5:a6:d0:40:56:de:1d:de:96:de:d4:
         f0:99:7f:a4:58:c2:51:bf:a0:a4:5f:76:f9:c8:e7:2d:05:d6:
         93:ef:3b:cc:af:5c:bd:e7:df:8e:4e:2e:19:e5:12:e4:db:6b:
         79:e6:06:08:ab:55:0e:f9:7d:07:0b:e2:fe:ca:3a:a4:a7:8a:
         34:2e:a4:0c:d7:e0:c5:d7:99:a4:b0:3d:e7:f7:73:5e:07:a5:
         e8:cf:a1:b9:e8:18:63:90:32:ae:ab:9b:86:61:eb:a3:f8:aa:
         b3:e8:77:9c:4a:ae:92:dc:d2:81:3e:f7:b0:fc:b0:00:d1:c1:
         8a:20:42:bf:e3:38:06:e4:22:61:47:bc:c8:57:38:7e:3b:1b:
         05:43:64:21:f1:05:96:02:c5:4e:7c:33:d4:85:09:d6:66:6b:
         c2:f5:eb:12:de:4d:db:a1:3a:0e:04:80:3c:97:2e:30:4b:cd:
         16:f3:d2:2b:00:ed:5d:a9:50:8f:e5:bc:96:e0:c0:96:20:a3:
         c6:68:a0:dd:a4:08:0e:9f:d8:7f:7a:ce:0f:6b:60:ab:55:17:
         14:43:92:2c
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUapvZ9feLim8b27LoR1wjR6OVXFkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDEwNTlaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQwMDAzMzlkOTE1ZTExMDI0Y2VjMjg1ZWFjYzY3ODQ2MThlZjE0OGVjMGFm
MWJlNWU5MzQzOGQ4ODVjNzczODgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN+VdUOTFZGNDgOIgcVbnDHHqeCOJIh5qf26r2W363NPie+kUq2BfCUqlzGT
LTTwEKK9iYYzS7DMpJt0MKbSwAjRKZ4f8RAjtcIcJh1aKoD7iL2z6P+LCtgnncbv
ZPVp0ApKKSxIGo2u4IN3d7cImqOFvW3Xm8+SyH6oBHlnEkPzQYlggrtYBUz3wEgJ
U3WgjNAdfoT2g0VLtxekpOqu9JgdiRGIWUTzUKhi9CoViktOgg1d6RUn3Rsyd3sw
WumFA6TFRempi/9XL12UFimkzWQb2K71pn5PuY9CyOQ+spo7T1Ft4a9fqk8QA6j6
xkfq/hL96uRRBWDVRXJz8VYLyEECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQLE3IB
xKazSun8GUwxfUZNZt+6LzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzMyZDNhN2UtNTZiYi00MzVjLWI0NzktYTgxZjIzY2IwNDE0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAk99HDAN
BgkqhkiG9w0BAQsFAAOCAQEAbSVTPaxMVLwTOA4rl8IPtNISS7GLelT1HF4GwLJ9
hfaieE0pcnCzWnpLGtWm0EBW3h3elt7U8Jl/pFjCUb+gpF92+cjnLQXWk+87zK9c
veffjk4uGeUS5NtreeYGCKtVDvl9Bwvi/so6pKeKNC6kDNfgxdeZpLA95/dzXgel
6M+huegYY5AyrqubhmHro/iqs+h3nEquktzSgT73sPywANHBiiBCv+M4BuQiYUe8
yFc4fjsbBUNkIfEFlgLFTnwz1IUJ1mZrwvXrEt5N26E6DgSAPJcuMEvNFvPSKwDt
XalQj+W8luDAliCjxmig3aQIDp/Yf3rOD2tgq1UXFEOSLA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:11 2025 by rpki-client