Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/37b00c63-4d48-46a2-a2ac-c6d3bf6953bd.roa
File:                     37b00c63-4d48-46a2-a2ac-c6d3bf6953bd.roa (raw, json)
Hash identifier:          d4CWNvLkGIiCzPkPXsxLu8eStknV9zHSaN1qt+SPn1c=
Subject key identifier:   D0:D6:BC:04:51:50:C4:2E:7F:3B:A9:DA:57:58:49:E5:DA:4F:79:E8
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       79EDCD9DE47FD0A31329A6CBC73E942B3316FF2A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/37b00c63-4d48-46a2-a2ac-c6d3bf6953bd.roa
Signing time:             Mon 13 Oct 2025 17:55:38 +0000
ROA not before:           Mon 13 Oct 2025 17:55:38 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d076:8000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:ed:cd:9d:e4:7f:d0:a3:13:29:a6:cb:c7:3e:94:2b:33:16:ff:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 17:55:38 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=00622325f4f4ec2170ae16c71e241bd1b5703d225707587d16e902cca1054b7d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:88:6d:a1:30:31:5b:49:47:f6:f8:5d:c7:fd:
                    20:6c:31:ec:cb:a2:ef:63:e5:4f:8a:d6:03:b4:de:
                    0b:b2:98:8d:17:ec:d9:1d:59:19:77:23:9f:c7:e4:
                    08:37:24:86:f0:76:8c:85:80:ce:83:32:9b:8a:d9:
                    75:05:f5:8c:5e:9f:39:28:63:40:8f:68:bc:56:0f:
                    c3:81:90:01:f5:a0:fa:c5:b4:cb:50:db:f3:48:b1:
                    40:34:d3:58:56:18:9a:b3:29:f9:39:95:19:32:0c:
                    f6:75:38:ea:f2:1d:95:d0:1e:ab:7c:6d:73:55:c9:
                    97:66:ab:d2:ae:d9:48:3d:11:c0:7a:20:f1:5f:35:
                    1e:7e:9a:fe:e3:c9:ff:a1:1d:9e:12:4f:34:4b:5b:
                    26:34:b6:0f:62:28:e9:0c:7a:ea:91:64:c7:b6:71:
                    94:44:2b:bf:95:41:33:06:69:05:fa:14:35:b2:41:
                    5e:eb:fb:4c:26:6a:9f:74:a8:1f:3e:7a:45:54:0c:
                    37:91:df:40:c7:e4:9a:f1:1a:c6:b7:8f:5b:96:a6:
                    03:30:f7:1a:8f:56:3a:84:27:61:7d:88:e6:60:08:
                    b3:f4:3b:a4:07:c7:71:9f:27:a7:36:8c:61:6d:8b:
                    e2:7a:85:7e:da:6e:68:3f:00:2c:41:73:21:4e:86:
                    db:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:D6:BC:04:51:50:C4:2E:7F:3B:A9:DA:57:58:49:E5:DA:4F:79:E8
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/37b00c63-4d48-46a2-a2ac-c6d3bf6953bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d076:8000::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:62:2f:69:1a:5e:a3:2c:7f:c7:80:f8:b9:3e:0d:46:c2:3e:
         95:df:cb:c9:e8:9d:28:1f:37:cd:62:22:78:8f:d9:35:82:c8:
         4c:95:5e:8b:35:6b:5f:a5:23:9e:89:cd:0e:96:92:df:a1:c6:
         79:af:8d:72:15:a5:50:b7:30:f2:79:cb:30:cd:4c:9c:0a:40:
         8b:53:b8:a7:a7:69:f2:d9:05:53:91:0d:a2:56:06:c3:56:17:
         5e:80:f0:f3:a7:a5:3b:9c:c3:72:a4:17:d1:dd:78:3d:1b:bf:
         d4:fb:e2:9b:2b:47:ee:a3:3a:86:a6:50:cf:bb:0c:fd:d6:0f:
         93:fe:0a:5a:a6:90:8f:11:68:d3:14:1d:7e:41:83:97:25:86:
         3f:c9:4c:c2:15:62:93:1c:a3:76:a3:7c:49:3f:18:04:e6:64:
         91:74:96:3c:18:c1:15:eb:76:d6:aa:47:06:72:33:c1:c8:a0:
         c9:13:c6:a3:0a:44:d0:9f:dd:f1:ec:eb:c6:38:7a:30:f6:45:
         96:d9:4c:34:9e:b7:bd:43:e8:dc:2c:4e:85:82:68:b8:05:ac:
         f9:ad:3a:8c:b9:3f:df:98:3d:5d:30:c8:35:f4:66:f5:b3:33:
         2e:1b:11:23:c4:01:b6:68:e8:fb:e9:6d:cf:99:7b:3c:79:08:
         22:ce:ec:44
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUee3NneR/0KMTKabLxz6UKzMW/yowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxNzU1MzhaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDAwNjIyMzI1ZjRmNGVjMjE3MGFlMTZjNzFlMjQxYmQxYjU3MDNkMjI1NzA3
NTg3ZDE2ZTkwMmNjYTEwNTRiN2QxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMWIbaEwMVtJR/b4Xcf9IGwx7Mui72PlT4rWA7TeC7KYjRfs2R1ZGXcjn8fk
CDckhvB2jIWAzoMym4rZdQX1jF6fOShjQI9ovFYPw4GQAfWg+sW0y1Db80ixQDTT
WFYYmrMp+TmVGTIM9nU46vIdldAeq3xtc1XJl2ar0q7ZSD0RwHog8V81Hn6a/uPJ
/6EdnhJPNEtbJjS2D2Io6Qx66pFkx7ZxlEQrv5VBMwZpBfoUNbJBXuv7TCZqn3So
Hz56RVQMN5HfQMfkmvEaxrePW5amAzD3Go9WOoQnYX2I5mAIs/Q7pAfHcZ8npzaM
YW2L4nqFftpuaD8ALEFzIU6G22cCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTQ1rwE
UVDELn87qdpXWEnl2k956DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzdiMDBjNjMtNGQ0OC00NmEyLWEyYWMtYzZkM2JmNjk1M2JkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HaA
ADANBgkqhkiG9w0BAQsFAAOCAQEAC2IvaRpeoyx/x4D4uT4NRsI+ld/LyeidKB83
zWIieI/ZNYLITJVeizVrX6UjnonNDpaS36HGea+NchWlULcw8nnLMM1MnApAi1O4
p6dp8tkFU5ENolYGw1YXXoDw86elO5zDcqQX0d14PRu/1PvimytH7qM6hqZQz7sM
/dYPk/4KWqaQjxFo0xQdfkGDlyWGP8lMwhVikxyjdqN8ST8YBOZkkXSWPBjBFet2
1qpHBnIzwcigyRPGowpE0J/d8ezrxjh6MPZFltlMNJ63vUPo3CxOhYJouAWs+a06
jLk/35g9XTDINfRm9bMzLhsRI8QBtmjo++ltz5l7PHkIIs7sRA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:39 2025 by rpki-client