Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3cf7ae9d-d863-4db2-9635-fb86479cf09a.roa
File:                     3cf7ae9d-d863-4db2-9635-fb86479cf09a.roa (raw, json)
Hash identifier:          7Ksezee0wWzd5wvoQbLMgrvo31GJl+VGYa1VZ03E2EQ=
Subject key identifier:   00:F4:F7:D4:6B:DF:D2:AE:C4:B0:61:A3:BB:E6:35:FB:12:F1:E4:1E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4128BF0B82A7B8B6621C8EC4DE519104AF19DC25
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3cf7ae9d-d863-4db2-9635-fb86479cf09a.roa
Signing time:             Fri 26 Sep 2025 20:01:13 +0000
ROA not before:           Fri 26 Sep 2025 20:01:13 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d016::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:28:bf:0b:82:a7:b8:b6:62:1c:8e:c4:de:51:91:04:af:19:dc:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 20:01:13 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=3022a2285c49698283006551fe3591e3ff2d67a9d925ffddb4b0af5876702111, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:88:a5:f1:ef:a2:61:e1:d1:03:42:e9:11:b5:
                    df:8b:12:4a:84:b6:1d:d5:ea:cd:3f:5e:f5:8b:42:
                    ec:53:0d:af:45:97:04:fc:9f:91:52:da:7e:c4:f2:
                    0b:86:02:69:92:b4:c4:36:34:1c:85:7f:66:33:14:
                    c6:e0:c2:86:97:f0:b1:6d:02:01:cc:d8:2c:66:12:
                    5d:aa:fc:a2:94:8c:0f:63:33:a7:f0:db:28:87:02:
                    91:27:46:ad:31:9d:2d:be:36:f3:20:03:5e:1a:c7:
                    2c:d9:7b:bf:4c:cd:bd:87:45:e2:92:f2:0d:b5:95:
                    a2:51:c7:71:93:ec:c2:e5:5e:8a:4e:ba:6b:05:22:
                    ec:e9:22:d1:46:af:76:e0:f7:b3:66:76:ca:2e:7b:
                    3f:69:7f:36:06:ae:cc:98:77:88:b4:a7:45:06:a6:
                    78:cf:ff:bd:da:4a:f7:fc:29:c2:61:45:33:bb:5e:
                    be:62:65:ea:f3:1c:df:59:79:1c:72:df:39:11:0a:
                    15:93:20:64:be:da:6c:88:1f:1c:b8:0b:d8:f9:96:
                    e2:5a:78:f0:f6:61:50:bf:c6:73:45:24:07:48:82:
                    66:39:60:6e:91:a0:5c:27:e8:94:c4:44:a7:e8:cf:
                    30:0d:21:f3:99:e7:91:fd:ac:49:48:8d:b9:67:b6:
                    38:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:F4:F7:D4:6B:DF:D2:AE:C4:B0:61:A3:BB:E6:35:FB:12:F1:E4:1E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3cf7ae9d-d863-4db2-9635-fb86479cf09a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d016::/38

    Signature Algorithm: sha256WithRSAEncryption
         6e:60:28:81:1a:07:59:77:d0:98:47:63:4c:0b:25:96:24:91:
         b5:21:7b:ab:eb:ac:5e:54:6c:76:b1:ee:ac:17:a3:49:f4:f7:
         4f:0c:39:76:c6:26:01:6a:dc:11:d8:9b:47:e9:21:b8:ff:61:
         3b:15:7c:63:c4:f9:60:8d:10:5a:f6:05:a9:e7:67:cb:f0:a2:
         04:91:53:dd:1f:45:f6:6b:b0:91:c5:97:13:2d:f4:dc:df:a9:
         a3:7f:ec:4e:cd:62:41:e8:98:b6:40:c2:9a:e8:58:f1:04:46:
         0a:74:f8:06:7b:2d:32:f6:a2:7c:95:15:18:df:e8:47:61:bd:
         7b:f4:f5:da:0d:5a:29:62:79:25:d0:7f:01:71:b5:2f:cd:a0:
         0f:ff:b8:4b:55:64:54:e0:54:85:ea:58:3a:86:e2:8b:fa:61:
         c5:ae:0c:0f:e3:d8:da:c7:d6:90:6f:69:74:7a:f1:1d:99:81:
         a6:1d:13:ff:32:2d:9c:4a:fc:e4:06:7c:0e:d6:bd:c1:09:cf:
         61:d9:e2:59:fd:c1:9b:31:72:96:00:be:f3:f9:04:ce:2c:3b:
         dd:ae:cc:10:bc:04:ef:2a:a0:95:89:7f:c9:68:5e:a1:44:bf:
         c9:25:19:53:53:a7:a2:00:dd:38:29:05:9f:0a:16:f2:f6:e0:
         08:9b:8e:0e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQSi/C4KnuLZiHI7E3lGRBK8Z3CUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDAxMTNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDMwMjJhMjI4NWM0OTY5ODI4MzAwNjU1MWZlMzU5MWUzZmYyZDY3YTlkOTI1
ZmZkZGI0YjBhZjU4NzY3MDIxMTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM2IpfHvomHh0QNC6RG134sSSoS2HdXqzT9e9YtC7FMNr0WXBPyfkVLafsTy
C4YCaZK0xDY0HIV/ZjMUxuDChpfwsW0CAczYLGYSXar8opSMD2Mzp/DbKIcCkSdG
rTGdLb428yADXhrHLNl7v0zNvYdF4pLyDbWVolHHcZPswuVeik66awUi7Oki0Uav
duD3s2Z2yi57P2l/NgauzJh3iLSnRQameM//vdpK9/wpwmFFM7tevmJl6vMc31l5
HHLfOREKFZMgZL7abIgfHLgL2PmW4lp48PZhUL/Gc0UkB0iCZjlgbpGgXCfolMRE
p+jPMA0h85nnkf2sSUiNuWe2OPkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQA9PfU
a9/SrsSwYaO75jX7EvHkHjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2NmN2FlOWQtZDg2My00ZGIyLTk2MzUtZmI4NjQ3OWNmMDlhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BYA
MA0GCSqGSIb3DQEBCwUAA4IBAQBuYCiBGgdZd9CYR2NMCyWWJJG1IXur66xeVGx2
se6sF6NJ9PdPDDl2xiYBatwR2JtH6SG4/2E7FXxjxPlgjRBa9gWp52fL8KIEkVPd
H0X2a7CRxZcTLfTc36mjf+xOzWJB6Ji2QMKa6FjxBEYKdPgGey0y9qJ8lRUY3+hH
Yb179PXaDVopYnkl0H8BcbUvzaAP/7hLVWRU4FSF6lg6huKL+mHFrgwP49jax9aQ
b2l0evEdmYGmHRP/Mi2cSvzkBnwO1r3BCc9h2eJZ/cGbMXKWAL7z+QTOLDvdrswQ
vATvKqCViX/JaF6hRL/JJRlTU6eiAN04KQWfChby9uAIm44O
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:02 2025 by rpki-client