Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/404ef1af-e052-41b8-a0bf-70e3fa0aa052.roa
File:                     404ef1af-e052-41b8-a0bf-70e3fa0aa052.roa (raw, json)
Hash identifier:          StvNKZ8dJ4j7sbgAZIfvuFzr7ZV0oP1YX6mbUMTqtnc=
Subject key identifier:   2C:5C:D0:96:1A:40:F9:31:A6:A0:F1:E7:DC:CC:EC:D0:D0:61:62:5F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0ADC4907CDED86ED5B10885A0DE6E30D5B3A46BE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/404ef1af-e052-41b8-a0bf-70e3fa0aa052.roa
Signing time:             Fri 26 Sep 2025 20:10:11 +0000
ROA not before:           Fri 26 Sep 2025 20:10:11 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d017::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:dc:49:07:cd:ed:86:ed:5b:10:88:5a:0d:e6:e3:0d:5b:3a:46:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 20:10:11 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=337aa55c2f7337787d5ccc6a84a07314d65921adf636434e83358516eecf035d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:31:d1:46:f0:88:d3:ac:f4:28:7c:63:dc:42:
                    8e:a1:9f:72:ac:ea:f2:23:15:7e:4f:b9:3a:17:a9:
                    4b:48:af:1d:0a:e6:4e:af:3d:76:69:a0:a6:b9:ef:
                    b6:14:81:e1:dd:e4:b0:27:54:2c:41:7d:f8:c2:ab:
                    72:c8:8a:f1:76:56:1f:cf:52:aa:24:0e:9a:ed:12:
                    96:9b:be:f1:d0:b1:5a:30:43:7e:65:a4:e1:e0:76:
                    61:2e:2a:67:31:bc:1a:12:82:86:0a:62:4c:61:62:
                    7e:db:30:be:11:91:be:6a:fd:d2:52:fd:5a:b7:5d:
                    06:20:d7:42:9e:2e:bd:65:40:a9:18:d9:2e:1a:c7:
                    a0:4e:69:8c:fd:62:a9:7d:a0:e9:99:48:58:06:74:
                    ea:b0:44:09:56:e2:9e:d3:94:df:91:e9:90:77:93:
                    d5:4b:52:1c:f1:c7:88:45:26:4f:0b:29:c7:09:d0:
                    3f:23:20:d3:30:2f:58:6e:55:d1:7d:ba:d4:9b:ad:
                    c1:c7:fd:77:5d:76:52:81:18:3c:36:1b:28:4c:73:
                    d2:58:51:7a:81:67:1a:e4:b0:f9:32:a1:83:d3:24:
                    54:49:fb:22:9e:c9:12:08:94:3b:c2:e3:3d:73:96:
                    c6:a8:75:d4:12:f3:31:85:ed:3d:2d:e3:67:36:57:
                    38:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:5C:D0:96:1A:40:F9:31:A6:A0:F1:E7:DC:CC:EC:D0:D0:61:62:5F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/404ef1af-e052-41b8-a0bf-70e3fa0aa052.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d017::/36

    Signature Algorithm: sha256WithRSAEncryption
         ad:5b:99:78:66:07:8c:11:d2:e2:3d:66:e2:2d:f4:8a:f8:64:
         8e:81:b1:df:89:8c:63:3f:50:eb:e7:1b:2e:42:58:d3:5c:65:
         7f:a4:3d:9e:a6:c3:25:f1:14:ca:e1:73:0d:57:8f:a8:c6:ca:
         ac:ea:dd:50:23:b1:ab:ec:e6:98:ca:15:48:2b:14:3e:71:29:
         0f:3d:6e:d1:ed:ae:e3:3a:c4:1b:5d:ac:c1:96:e5:78:f9:ea:
         65:dc:e2:26:f3:72:c4:3c:58:fa:eb:a8:9d:bd:1e:a1:d2:69:
         8e:32:f1:6c:d6:a0:2d:40:3e:6e:71:a4:5e:c2:d4:76:58:70:
         77:6d:a2:fe:bc:c3:9f:70:8a:01:3f:22:6d:dd:aa:e7:87:57:
         fe:6d:a8:80:59:a2:a6:e7:fa:79:ca:39:f6:48:53:1e:a2:f3:
         a7:ca:a6:43:49:b0:ec:14:17:72:75:f1:85:10:7b:9c:c9:3d:
         26:8f:4d:4f:97:ec:fb:09:72:b0:5b:22:bc:1c:72:64:0c:63:
         4d:2d:4e:df:f2:fc:2f:a9:5e:84:a3:cb:3c:b5:ae:08:6a:66:
         0b:3e:b0:df:3e:ff:dd:73:f3:f7:96:7f:e2:c0:ca:34:07:60:
         ba:72:fa:c0:3f:00:c2:78:74:d5:f7:b0:15:44:75:0b:e1:e3:
         f5:79:f8:2f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCtxJB83thu1bEIhaDebjDVs6Rr4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDEwMTFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDMzN2FhNTVjMmY3MzM3Nzg3ZDVjY2M2YTg0YTA3MzE0ZDY1OTIxYWRmNjM2
NDM0ZTgzMzU4NTE2ZWVjZjAzNWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALkx0UbwiNOs9Ch8Y9xCjqGfcqzq8iMVfk+5OhepS0ivHQrmTq89dmmgprnv
thSB4d3ksCdULEF9+MKrcsiK8XZWH89SqiQOmu0Slpu+8dCxWjBDfmWk4eB2YS4q
ZzG8GhKChgpiTGFiftswvhGRvmr90lL9WrddBiDXQp4uvWVAqRjZLhrHoE5pjP1i
qX2g6ZlIWAZ06rBECVbintOU35HpkHeT1UtSHPHHiEUmTwspxwnQPyMg0zAvWG5V
0X261Jutwcf9d112UoEYPDYbKExz0lhReoFnGuSw+TKhg9MkVEn7Ip7JEgiUO8Lj
PXOWxqh11BLzMYXtPS3jZzZXOAUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQsXNCW
GkD5Maag8efczOzQ0GFiXzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDA0ZWYxYWYtZTA1Mi00MWI4LWEwYmYtNzBlM2ZhMGFhMDUyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0BcA
MA0GCSqGSIb3DQEBCwUAA4IBAQCtW5l4ZgeMEdLiPWbiLfSK+GSOgbHfiYxjP1Dr
5xsuQljTXGV/pD2epsMl8RTK4XMNV4+oxsqs6t1QI7Gr7OaYyhVIKxQ+cSkPPW7R
7a7jOsQbXazBluV4+epl3OIm83LEPFj666idvR6h0mmOMvFs1qAtQD5ucaRewtR2
WHB3baL+vMOfcIoBPyJt3arnh1f+baiAWaKm5/p5yjn2SFMeovOnyqZDSbDsFBdy
dfGFEHucyT0mj01Pl+z7CXKwWyK8HHJkDGNNLU7f8vwvqV6Eo8s8ta4IamYLPrDf
Pv/dc/P3ln/iwMo0B2C6cvrAPwDCeHTV97AVRHUL4eP1efgv
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:28 2025 by rpki-client