Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35ae0aa1-bb4f-48d3-9926-1e5852d54c6d.roa
File:                     35ae0aa1-bb4f-48d3-9926-1e5852d54c6d.roa (raw, json)
Hash identifier:          QVysbUoeyVb8lcuUvEQPVkvqrQJaV1GuWFLrgYxl+dY=
Subject key identifier:   DC:15:CD:0F:B1:20:17:52:46:1D:75:78:BC:51:0B:72:9E:35:E6:09
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6ED0D7378D6659AA788F4CA01D28F07FFD0D34DC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35ae0aa1-bb4f-48d3-9926-1e5852d54c6d.roa
Signing time:             Fri 26 Sep 2025 18:39:00 +0000
ROA not before:           Fri 26 Sep 2025 18:39:00 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:40a0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:d0:d7:37:8d:66:59:aa:78:8f:4c:a0:1d:28:f0:7f:fd:0d:34:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:39:00 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=4a0795e16d83123ccd584365e6a642843bb697cab160bba3809337a2d1521905, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1e:43:1e:5f:b0:9a:e0:77:02:a0:69:99:70:
                    66:81:73:92:41:ad:f6:22:8e:15:24:a5:07:80:77:
                    4d:ae:89:3b:9b:57:d2:a3:34:86:16:98:fe:eb:91:
                    b0:97:c6:26:ce:ba:5b:8b:04:cf:6a:e3:3a:86:a5:
                    29:9c:31:1b:b1:91:2c:d6:c5:69:7b:11:ae:8b:7e:
                    71:54:ce:a5:a6:a1:d9:77:10:a8:04:55:d5:77:8f:
                    a3:3f:76:75:a2:6b:53:73:66:91:e1:d2:61:0b:cb:
                    97:cc:30:75:6d:2c:d0:b4:b6:34:30:cf:7e:99:a3:
                    94:34:48:6e:9d:a8:c4:81:d0:e9:0f:5d:d5:ee:cd:
                    c1:db:89:6b:b7:60:cc:7c:ad:c0:ce:02:dc:78:cb:
                    52:b7:02:a7:19:f4:7c:b7:2d:f2:c1:e4:82:9d:d6:
                    89:60:1e:df:5e:e9:75:3f:1f:80:18:ac:47:cf:28:
                    91:12:08:c4:5e:aa:db:6f:6f:89:a2:d6:92:ae:55:
                    39:23:2c:a9:4a:14:41:90:7d:ef:89:c8:5d:4c:93:
                    a4:a2:f8:d2:f4:75:6d:9f:42:59:34:93:74:23:05:
                    af:35:02:fa:ea:a9:93:08:2e:8e:18:5e:0e:43:70:
                    6b:a3:83:4d:7b:ae:2e:56:20:53:09:f6:51:25:bf:
                    d6:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:15:CD:0F:B1:20:17:52:46:1D:75:78:BC:51:0B:72:9E:35:E6:09
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35ae0aa1-bb4f-48d3-9926-1e5852d54c6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:40a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:a4:53:02:d5:85:3f:05:dc:1c:1b:39:1a:fb:7b:67:13:6f:
         23:25:52:57:60:09:4e:b8:d1:b1:ba:04:15:81:c0:60:9f:0d:
         3f:f0:b7:3c:97:b6:a4:ae:e2:9f:a8:ed:ca:6f:59:6c:64:d6:
         5b:cf:b4:e6:e2:1a:20:43:78:69:a9:63:63:af:4c:9d:77:33:
         60:31:90:6a:9e:b5:76:0e:bb:dc:fa:59:32:b0:b0:67:1f:b3:
         7f:97:f1:9b:63:a9:8a:4a:0f:9f:0c:43:ac:32:07:e4:4d:31:
         4d:53:71:b0:bd:d9:2b:1e:2a:f6:d3:56:4e:5f:fd:6b:ce:48:
         82:84:f3:81:42:a7:ee:3e:4b:39:9d:7e:13:ac:c0:f2:c3:7f:
         26:95:91:cc:ee:b8:bc:72:b9:1b:30:23:cd:d3:51:51:a3:4c:
         52:de:9b:e0:e9:5b:c5:62:58:4f:2d:7b:c0:90:42:54:59:67:
         da:f3:6b:4b:fe:ae:14:03:f2:ba:7e:2a:17:6c:b0:52:db:93:
         01:29:54:20:13:76:18:a1:41:d1:6b:1b:b0:b8:75:ee:ac:fa:
         33:ba:d2:d3:fc:5e:16:68:82:e4:f1:17:62:9a:36:92:6e:80:
         db:05:57:21:83:b0:e3:79:c7:05:bf:45:4f:07:b6:85:37:6b:
         75:87:40:87
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUbtDXN41mWap4j0ygHSjwf/0NNNwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODM5MDBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDRhMDc5NWUxNmQ4MzEyM2NjZDU4NDM2NWU2YTY0Mjg0M2JiNjk3Y2FiMTYw
YmJhMzgwOTMzN2EyZDE1MjE5MDUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALQeQx5fsJrgdwKgaZlwZoFzkkGt9iKOFSSlB4B3Ta6JO5tX0qM0hhaY/uuR
sJfGJs66W4sEz2rjOoalKZwxG7GRLNbFaXsRrot+cVTOpaah2XcQqARV1XePoz92
daJrU3NmkeHSYQvLl8wwdW0s0LS2NDDPfpmjlDRIbp2oxIHQ6Q9d1e7NwduJa7dg
zHytwM4C3HjLUrcCpxn0fLct8sHkgp3WiWAe317pdT8fgBisR88okRIIxF6q229v
iaLWkq5VOSMsqUoUQZB974nIXUyTpKL40vR1bZ9CWTSTdCMFrzUC+uqpkwgujhhe
DkNwa6ODTXuuLlYgUwn2USW/1k0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTcFc0P
sSAXUkYddXi8UQtynjXmCTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzVhZTBhYTEtYmI0Zi00OGQzLTk5MjYtMWU1ODUyZDU0YzZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H9A
oDANBgkqhkiG9w0BAQsFAAOCAQEAMaRTAtWFPwXcHBs5Gvt7ZxNvIyVSV2AJTrjR
sboEFYHAYJ8NP/C3PJe2pK7in6jtym9ZbGTWW8+05uIaIEN4aaljY69MnXczYDGQ
ap61dg673PpZMrCwZx+zf5fxm2OpikoPnwxDrDIH5E0xTVNxsL3ZKx4q9tNWTl/9
a85IgoTzgUKn7j5LOZ1+E6zA8sN/JpWRzO64vHK5GzAjzdNRUaNMUt6b4OlbxWJY
Ty17wJBCVFln2vNrS/6uFAPyun4qF2ywUtuTASlUIBN2GKFB0WsbsLh17qz6M7rS
0/xeFmiC5PEXYpo2km6A2wVXIYOw43nHBb9FTwe2hTdrdYdAhw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:23 2025 by rpki-client