Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3a6271c8-6f02-45f1-97d6-ce27b463d3b5.roa
File:                     3a6271c8-6f02-45f1-97d6-ce27b463d3b5.roa (raw, json)
Hash identifier:          CZh9QphqVG6uZ56XY9El3PNARW3lxtyvaQhX81lZkoI=
Subject key identifier:   FC:89:9D:A3:BC:5D:3D:72:0A:F9:5C:6C:A1:E0:18:98:FE:95:C1:1F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       664AB9E3C221BB1E89396D64C23DEA79AC29671F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3a6271c8-6f02-45f1-97d6-ce27b463d3b5.roa
Signing time:             Fri 26 Sep 2025 19:38:47 +0000
ROA not before:           Fri 26 Sep 2025 19:38:47 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d03a:a000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:4a:b9:e3:c2:21:bb:1e:89:39:6d:64:c2:3d:ea:79:ac:29:67:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:38:47 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=220f9877c8e4446554efa801e7483b285cd4a7f190a467fc0612efeceb3c864b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:de:5b:e7:da:bd:89:1c:4f:f7:68:45:c5:31:
                    8b:c1:ef:1b:7a:85:3a:25:1b:30:74:e5:e0:02:80:
                    20:2a:91:9a:fb:5d:cf:d9:b8:98:3f:71:aa:69:7a:
                    59:5f:af:52:5b:f2:a0:a4:a2:aa:dd:43:02:22:4b:
                    d7:93:47:74:bc:ff:34:d6:49:12:3f:35:be:11:92:
                    3d:cb:45:f9:e7:d0:2c:f9:30:88:64:e3:e6:f3:28:
                    86:62:49:7e:c8:c6:d7:4b:e9:0c:6a:fe:ba:ac:7a:
                    e3:ea:a3:a7:63:15:2d:29:02:4f:2d:4b:48:f0:2d:
                    68:bc:fb:d0:49:6b:cc:60:00:69:b4:0a:7d:fd:6e:
                    ac:e5:b4:ac:6c:55:29:43:64:f5:de:c6:de:2b:a7:
                    f0:30:d0:8f:05:83:b1:05:f5:63:ce:ee:aa:9a:0f:
                    fb:d4:ab:eb:a8:c4:6d:d4:81:14:f9:ac:7b:a5:03:
                    17:71:ab:38:58:8d:07:db:49:2a:1b:55:30:64:7d:
                    b4:28:ea:21:cf:49:fc:6d:91:e5:93:4b:21:ca:ea:
                    45:96:7b:df:30:26:7b:06:4e:e7:5f:45:3c:7f:7d:
                    ba:20:35:7d:5f:0d:76:a6:5a:b1:30:6d:3a:70:e5:
                    6a:a6:d6:03:38:f7:37:38:04:bd:15:e6:93:70:a7:
                    f2:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:89:9D:A3:BC:5D:3D:72:0A:F9:5C:6C:A1:E0:18:98:FE:95:C1:1F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3a6271c8-6f02-45f1-97d6-ce27b463d3b5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d03a:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         0d:de:48:7a:f2:a1:4c:de:22:9b:6f:12:e2:e6:98:23:ab:20:
         7b:80:af:85:e8:7d:a1:6a:16:79:eb:3f:6e:f6:46:3b:15:28:
         9e:1b:fb:c6:45:19:4d:4c:9d:00:1d:14:67:9a:01:96:56:dd:
         87:19:eb:79:f6:69:38:d9:bd:bb:e3:bc:94:94:73:cf:21:18:
         cf:6a:cb:a7:7b:d5:ba:df:15:7f:52:c1:46:3d:f9:05:d9:cc:
         fc:3e:47:5f:53:07:5e:db:98:61:9b:a9:27:84:2b:36:db:b3:
         4c:2f:3f:89:90:fc:1c:6a:b6:58:cf:ab:a2:6b:48:c2:11:d3:
         17:12:9c:2f:e0:a3:4c:a4:ba:54:ee:86:24:ea:33:41:39:4a:
         ef:63:33:6e:fd:bb:bc:b1:a1:d1:06:73:73:18:b4:70:68:9c:
         f4:73:b3:a3:35:98:78:c3:7b:2f:30:70:18:29:dc:b0:0d:63:
         c3:72:28:e0:7a:1a:f5:7e:16:5b:05:27:6c:28:f8:72:5a:6f:
         b2:94:ea:90:03:db:d8:30:9c:a2:ba:49:41:2a:fb:b1:e6:3c:
         26:2f:6b:8c:21:14:b8:74:e1:5a:67:4e:ca:b1:70:02:f0:3b:
         a8:e5:5b:d2:ea:00:29:22:d6:fe:71:d5:68:3e:7f:4f:01:a6:
         4e:73:51:e8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZkq548Ihux6JOW1kwj3qeawpZx8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTM4NDdaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDIyMGY5ODc3YzhlNDQ0NjU1NGVmYTgwMWU3NDgzYjI4NWNkNGE3ZjE5MGE0
NjdmYzA2MTJlZmVjZWIzYzg2NGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK7eW+favYkcT/doRcUxi8HvG3qFOiUbMHTl4AKAICqRmvtdz9m4mD9xqml6
WV+vUlvyoKSiqt1DAiJL15NHdLz/NNZJEj81vhGSPctF+efQLPkwiGTj5vMohmJJ
fsjG10vpDGr+uqx64+qjp2MVLSkCTy1LSPAtaLz70ElrzGAAabQKff1urOW0rGxV
KUNk9d7G3iun8DDQjwWDsQX1Y87uqpoP+9Sr66jEbdSBFPmse6UDF3GrOFiNB9tJ
KhtVMGR9tCjqIc9J/G2R5ZNLIcrqRZZ73zAmewZO519FPH99uiA1fV8NdqZasTBt
OnDlaqbWAzj3NzgEvRXmk3Cn8t0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT8iZ2j
vF09cgr5XGyh4BiY/pXBHzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2E2MjcxYzgtNmYwMi00NWYxLTk3ZDYtY2UyN2I0NjNkM2I1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dqg
MA0GCSqGSIb3DQEBCwUAA4IBAQAN3kh68qFM3iKbbxLi5pgjqyB7gK+F6H2hahZ5
6z9u9kY7FSieG/vGRRlNTJ0AHRRnmgGWVt2HGet59mk42b2747yUlHPPIRjPasun
e9W63xV/UsFGPfkF2cz8PkdfUwde25hhm6knhCs227NMLz+JkPwcarZYz6uia0jC
EdMXEpwv4KNMpLpU7oYk6jNBOUrvYzNu/bu8saHRBnNzGLRwaJz0c7OjNZh4w3sv
MHAYKdywDWPDcijgehr1fhZbBSdsKPhyWm+ylOqQA9vYMJyiuklBKvux5jwmL2uM
IRS4dOFaZ07KsXAC8Duo5VvS6gApItb+cdVoPn9PAaZOc1Ho
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:16 2025 by rpki-client