Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/38f9c0f0-a109-485c-bd2d-2e1a440b864e.roa
File:                     38f9c0f0-a109-485c-bd2d-2e1a440b864e.roa (raw, json)
Hash identifier:          zEsDBggV63rLqqd57YIJ1ZJfqVTWt/FjmZN9Vy41OPA=
Subject key identifier:   36:CB:88:D9:D5:AB:29:8D:9A:0D:41:1E:85:16:01:68:E3:D9:E2:4A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       735CFCB3783788DD65DAB34C3780CF8CAAFF6B10
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/38f9c0f0-a109-485c-bd2d-2e1a440b864e.roa
Signing time:             Fri 26 Sep 2025 19:21:06 +0000
ROA not before:           Fri 26 Sep 2025 19:21:06 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d075:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:5c:fc:b3:78:37:88:dd:65:da:b3:4c:37:80:cf:8c:aa:ff:6b:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:21:06 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=992b19b8ea78b089f2aeec26d80836f0887bcd096339e0c0b98d277f463b3713, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:73:5b:2b:40:46:61:78:8f:20:98:de:e8:ab:
                    51:21:79:20:f0:02:ca:77:50:98:95:39:e3:fb:ae:
                    5e:f7:4d:c1:e5:8a:59:46:ae:4a:30:8b:a0:6d:8c:
                    f7:98:cb:c7:b4:05:b7:60:d7:26:5a:01:e6:37:e9:
                    d1:92:e0:5e:69:dd:63:72:ce:d6:74:2e:43:6c:3a:
                    78:35:45:c6:14:04:4f:88:b4:ee:e0:19:75:93:9e:
                    5f:7e:6a:e1:22:0f:64:aa:93:7c:bb:f1:5f:5c:54:
                    33:44:2e:09:82:90:f7:b1:86:4a:ea:37:ef:ae:55:
                    29:b6:c6:0c:bd:8f:de:bb:78:d6:6b:2d:d2:00:76:
                    81:f7:7b:09:d5:4d:5e:47:3d:f4:ec:56:0f:de:9a:
                    96:8e:b0:cd:42:30:62:24:48:80:1f:41:a2:22:90:
                    39:65:8e:9c:81:50:c2:39:bd:88:02:e4:65:e5:04:
                    22:e2:0e:64:26:10:0a:ae:3b:33:10:83:9e:a0:30:
                    01:0e:5a:28:fa:62:02:85:36:44:84:f2:52:87:5e:
                    4f:9e:07:ec:56:43:cc:61:8b:34:c8:5b:65:3f:71:
                    73:21:54:67:e3:8f:8c:bb:a6:70:f5:7a:22:7f:5a:
                    ad:a3:1d:92:6d:ab:5f:30:a4:43:73:c1:5a:5c:35:
                    51:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:CB:88:D9:D5:AB:29:8D:9A:0D:41:1E:85:16:01:68:E3:D9:E2:4A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/38f9c0f0-a109-485c-bd2d-2e1a440b864e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d075:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1a:c7:b7:45:8d:6f:47:24:d0:66:88:7a:e1:c6:2e:55:9c:93:
         96:08:73:78:2a:3e:50:ad:2f:6d:16:88:63:11:5b:27:38:45:
         7f:2c:81:1a:09:28:5e:c9:14:cb:e0:6a:e6:f9:35:53:18:e0:
         2c:a4:ab:a7:54:25:9e:b4:72:ef:3e:24:36:20:4f:82:ed:94:
         d6:50:0e:24:bf:c3:89:f1:6e:86:38:2d:56:00:42:79:3e:bb:
         e6:69:c4:28:dc:69:29:6f:c8:60:71:54:0e:da:e9:61:15:4d:
         e7:cd:c6:96:50:af:7b:1e:6e:5b:3e:8f:36:9c:22:98:80:d6:
         cb:48:1a:5b:c1:0a:61:cd:13:db:25:fd:7c:9f:62:c4:db:14:
         d7:a5:bf:92:ea:e6:9e:fc:0c:a7:bd:13:e5:01:91:49:c9:48:
         72:ad:dd:a4:05:b2:60:52:66:3d:5e:00:97:65:45:c3:50:4b:
         8e:4f:b2:16:3b:52:2f:e9:0c:ed:c8:37:46:99:33:8d:e4:40:
         bd:60:e8:0b:06:cf:85:72:8a:82:05:0d:7c:e9:53:95:a3:21:
         37:51:c2:25:39:22:76:f4:11:3c:7a:95:01:b7:db:7f:a7:73:
         4b:fa:59:aa:bc:69:86:83:75:df:6d:52:94:50:0b:85:f8:77:
         05:fe:17:df
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUc1z8s3g3iN1l2rNMN4DPjKr/axAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTIxMDZaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDk5MmIxOWI4ZWE3OGIwODlmMmFlZWMyNmQ4MDgzNmYwODg3YmNkMDk2MzM5
ZTBjMGI5OGQyNzdmNDYzYjM3MTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOVzWytARmF4jyCY3uirUSF5IPACyndQmJU54/uuXvdNweWKWUauSjCLoG2M
95jLx7QFt2DXJloB5jfp0ZLgXmndY3LO1nQuQ2w6eDVFxhQET4i07uAZdZOeX35q
4SIPZKqTfLvxX1xUM0QuCYKQ97GGSuo3765VKbbGDL2P3rt41mst0gB2gfd7CdVN
Xkc99OxWD96alo6wzUIwYiRIgB9BoiKQOWWOnIFQwjm9iALkZeUEIuIOZCYQCq47
MxCDnqAwAQ5aKPpiAoU2RITyUodeT54H7FZDzGGLNMhbZT9xcyFUZ+OPjLumcPV6
In9araMdkm2rXzCkQ3PBWlw1Ua0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ2y4jZ
1aspjZoNQR6FFgFo49niSjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzhmOWMwZjAtYTEwOS00ODVjLWJkMmQtMmUxYTQ0MGI4NjRlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HVg
MA0GCSqGSIb3DQEBCwUAA4IBAQAax7dFjW9HJNBmiHrhxi5VnJOWCHN4Kj5QrS9t
FohjEVsnOEV/LIEaCSheyRTL4Grm+TVTGOAspKunVCWetHLvPiQ2IE+C7ZTWUA4k
v8OJ8W6GOC1WAEJ5PrvmacQo3Gkpb8hgcVQO2ulhFU3nzcaWUK97Hm5bPo82nCKY
gNbLSBpbwQphzRPbJf18n2LE2xTXpb+S6uae/AynvRPlAZFJyUhyrd2kBbJgUmY9
XgCXZUXDUEuOT7IWO1Iv6QztyDdGmTON5EC9YOgLBs+FcoqCBQ186VOVoyE3UcIl
OSJ29BE8epUBt9t/p3NL+lmqvGmGg3XfbVKUUAuF+HcF/hff
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:10 2025 by rpki-client