Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa
File:                     33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa (raw, json)
Hash identifier:          KYr4MHWT/86XAerQ0Cf3Dtc73/LgLKrH/bYFT9/3O2E=
Subject key identifier:   01:11:58:18:2F:C5:4D:21:52:A8:6F:FD:A4:09:5C:AB:27:86:1C:D9
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6F626433538C6165056516A59BFDB92CB49D861B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa
Signing time:             Fri 26 Sep 2025 19:38:41 +0000
ROA not before:           Fri 26 Sep 2025 19:38:41 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d078:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:62:64:33:53:8c:61:65:05:65:16:a5:9b:fd:b9:2c:b4:9d:86:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:38:41 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=78e95206e86a924cf8db7e17a54ddba0c5532b009ff835de6cb22006052b0040, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ef:e6:b3:90:50:69:68:e4:32:93:fb:2c:bc:
                    3d:1d:c9:34:58:2f:64:0a:ae:8d:5e:1e:0c:e6:7b:
                    e4:73:9c:e6:16:30:bb:61:aa:7f:1c:bb:57:68:e5:
                    83:7e:fe:95:aa:8f:c5:4b:16:73:f7:e4:1e:c7:bd:
                    a4:e7:3b:a4:42:c4:1f:43:d5:40:55:a4:5c:48:3f:
                    4d:6e:7d:a1:b2:34:c6:e9:a5:09:ba:7c:73:be:34:
                    0d:69:60:a3:5d:11:d4:0d:8b:20:79:65:4c:ad:9a:
                    13:a3:e2:52:c5:d1:de:bd:b8:ff:fa:69:e9:cb:25:
                    7d:2d:ed:7d:c5:a2:13:f1:6f:4f:f2:cc:c3:bd:c1:
                    e9:91:63:f3:87:42:b5:12:0b:21:dc:90:07:a4:33:
                    a9:4d:8e:08:2f:91:d4:5c:31:1d:48:21:89:b5:79:
                    66:91:b7:8e:fd:33:8a:7f:d2:04:f7:40:6a:c3:aa:
                    9a:94:1f:1e:16:22:7f:3a:13:88:76:6b:32:67:4b:
                    ce:a7:15:30:35:4d:11:3e:49:26:cf:c2:92:08:32:
                    dc:75:7c:9a:6d:bc:d1:80:d3:7b:02:1e:08:9d:bf:
                    64:bb:23:1c:25:7f:f4:e1:2c:ea:9c:96:1c:8a:91:
                    5f:7c:00:f0:01:46:7f:37:8a:58:4c:d2:18:02:08:
                    ed:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:11:58:18:2F:C5:4D:21:52:A8:6F:FD:A4:09:5C:AB:27:86:1C:D9
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d078:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         01:f1:ad:2e:10:d0:a7:e4:03:1e:ba:50:de:b2:a4:71:bf:3d:
         7d:52:b4:28:b0:d3:29:b5:cd:75:4c:78:a0:31:38:c7:a9:56:
         62:32:bc:36:99:a8:e2:ee:97:df:d5:d4:29:ae:e7:1f:7c:d1:
         46:64:69:38:b6:3e:65:7e:25:65:78:a5:84:fb:68:28:10:e1:
         e8:38:fc:ab:9f:3f:27:15:bd:bf:96:f8:5c:74:1a:1c:95:31:
         93:9e:5c:52:58:e3:5a:be:28:59:b1:95:eb:18:ff:d8:41:27:
         db:d3:bc:f6:1c:c3:61:9e:b7:dd:0d:98:5d:1f:2a:f9:49:d0:
         4d:05:a3:6e:ef:28:5a:3a:32:9b:7c:0b:76:36:b5:93:dd:d4:
         68:46:dc:fc:75:34:85:fa:34:80:43:8e:85:1f:1d:71:77:09:
         87:46:25:1b:40:30:02:16:a3:7c:e3:b9:aa:34:a5:c4:9b:e4:
         21:5f:3d:b2:4f:3c:e2:20:de:b9:07:3f:23:84:7c:64:13:e5:
         8f:23:43:f4:98:24:53:3d:47:44:a9:e6:79:a6:37:35:cf:73:
         d5:e4:64:61:09:a7:55:c7:d3:e4:21:b3:8d:89:83:8c:93:0c:
         c2:c2:21:a2:a3:8b:d7:32:7e:a2:54:d4:7c:a5:c6:33:b3:df:
         54:d8:93:e5
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUb2JkM1OMYWUFZRalm/25LLSdhhswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTM4NDFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDc4ZTk1MjA2ZTg2YTkyNGNmOGRiN2UxN2E1NGRkYmEwYzU1MzJiMDA5ZmY4
MzVkZTZjYjIyMDA2MDUyYjAwNDAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKzv5rOQUGlo5DKT+yy8PR3JNFgvZAqujV4eDOZ75HOc5hYwu2Gqfxy7V2jl
g37+laqPxUsWc/fkHse9pOc7pELEH0PVQFWkXEg/TW59obI0xumlCbp8c740DWlg
o10R1A2LIHllTK2aE6PiUsXR3r24//pp6cslfS3tfcWiE/FvT/LMw73B6ZFj84dC
tRILIdyQB6QzqU2OCC+R1FwxHUghibV5ZpG3jv0zin/SBPdAasOqmpQfHhYifzoT
iHZrMmdLzqcVMDVNET5JJs/Ckggy3HV8mm280YDTewIeCJ2/ZLsjHCV/9OEs6pyW
HIqRX3wA8AFGfzeKWEzSGAII7Y8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQBEVgY
L8VNIVKob/2kCVyrJ4Yc2TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzNmNDQyZTEtNzY2ZS00NjFkLWEzYjktMmIwZmQwMWIwOGNjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hhg
MA0GCSqGSIb3DQEBCwUAA4IBAQAB8a0uENCn5AMeulDesqRxvz19UrQosNMptc11
THigMTjHqVZiMrw2maji7pff1dQprucffNFGZGk4tj5lfiVleKWE+2goEOHoOPyr
nz8nFb2/lvhcdBoclTGTnlxSWONavihZsZXrGP/YQSfb07z2HMNhnrfdDZhdHyr5
SdBNBaNu7yhaOjKbfAt2NrWT3dRoRtz8dTSF+jSAQ46FHx1xdwmHRiUbQDACFqN8
47mqNKXEm+QhXz2yTzziIN65Bz8jhHxkE+WPI0P0mCRTPUdEqeZ5pjc1z3PV5GRh
CadVx9PkIbONiYOMkwzCwiGio4vXMn6iVNR8pcYzs99U2JPl
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:07 2025 by rpki-client