Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/431d8e22-a384-419e-9218-32a80c0ce0e3.roa
File:                     431d8e22-a384-419e-9218-32a80c0ce0e3.roa (raw, json)
Hash identifier:          5W/RuDjh4duUKt2ygp+bgVivZCCxoMeTu/g5ewf+wRE=
Subject key identifier:   09:1C:82:4A:22:B9:FA:D3:F5:40:61:FE:C6:65:23:5B:5C:38:9D:45
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5212F95D0C5630984DBEA82D5C825DAA9EDED077
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/431d8e22-a384-419e-9218-32a80c0ce0e3.roa
Signing time:             Sat 18 Oct 2025 04:30:23 +0000
ROA not before:           Sat 18 Oct 2025 04:30:23 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d076:e000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:12:f9:5d:0c:56:30:98:4d:be:a8:2d:5c:82:5d:aa:9e:de:d0:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 18 04:30:23 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=5b886c89280af51e65271e36cde0826e86b2b5bb7c2308baf9eb3b5b2a11a61e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:cf:20:6e:8f:41:d5:a5:cb:9f:a3:32:a8:61:
                    03:d8:22:20:60:72:b6:51:cf:ad:b4:6a:26:f2:d2:
                    6f:22:34:da:77:7e:38:42:c4:9a:41:c5:da:50:71:
                    57:95:38:64:9a:8e:8a:10:ac:f8:57:03:a2:db:cc:
                    8a:8d:46:f1:8a:0e:f7:a7:84:ca:2d:81:ef:5a:2f:
                    1f:69:5e:f9:5f:23:7e:35:29:dd:84:04:ae:53:bd:
                    45:ec:32:e7:0c:33:07:0e:1c:53:3a:cc:59:d7:eb:
                    53:a0:4d:56:a5:dd:86:94:3d:4d:48:56:18:51:c1:
                    7c:7b:f8:65:b9:ca:db:39:23:61:84:c9:8b:6a:86:
                    6c:d3:e8:09:d1:d6:84:6f:f8:fc:06:2a:cf:ad:32:
                    70:d1:29:50:78:1d:99:00:2d:00:4c:35:c9:37:8d:
                    12:53:64:f6:ba:29:11:d5:d6:c1:34:ca:d8:2b:da:
                    c5:bc:80:f9:4d:b3:43:47:40:a9:78:0a:bd:65:df:
                    cd:95:f2:c6:2b:b4:5c:1e:61:f1:76:04:68:60:99:
                    63:49:b0:ab:5f:9a:0c:1c:8a:2f:b2:04:e7:da:95:
                    4b:cb:ab:8c:8c:a9:4b:26:ec:e7:e2:fc:48:ee:f9:
                    d2:55:6e:4e:11:1b:f8:c3:45:e1:af:fa:e1:bf:84:
                    a6:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:1C:82:4A:22:B9:FA:D3:F5:40:61:FE:C6:65:23:5B:5C:38:9D:45
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/431d8e22-a384-419e-9218-32a80c0ce0e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d076:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9e:f8:7f:ac:e8:91:83:d4:41:ff:68:45:6f:0a:4b:4e:7f:ff:
         af:8c:ab:78:ca:a9:fc:ae:6a:37:85:f9:8e:a6:69:d2:7b:66:
         1c:39:8a:17:fc:c0:01:dc:96:4f:da:7d:ae:17:41:2e:67:ec:
         6e:51:d3:1f:2e:a5:5d:98:23:ca:95:b7:0f:2c:35:bb:47:de:
         a2:0c:44:04:33:81:ed:f3:4b:bb:57:31:2a:5f:9e:3e:f9:37:
         a6:0e:e6:1d:fa:c3:e4:c9:25:19:4e:58:b9:57:2d:16:86:26:
         c7:57:7d:20:08:8f:f8:7a:06:d6:05:28:49:fa:26:45:c2:37:
         4e:41:45:35:fb:6a:c5:ef:b7:64:2e:ed:ae:50:04:ca:8c:14:
         22:67:13:3e:b5:3a:b7:5b:dd:26:6b:5e:93:ec:50:5e:a6:9b:
         de:56:c9:3d:0e:42:c5:49:92:ad:02:ee:72:a8:47:e0:c0:53:
         82:ca:1c:b5:35:86:19:6d:58:d1:98:0f:56:d8:7a:ea:75:77:
         ac:e4:a2:3b:7f:4f:16:bd:28:ce:63:c9:78:8a:71:52:ba:8b:
         b8:ad:cb:4a:98:01:a4:2c:ea:29:63:98:54:cf:4d:8b:07:d3:
         d9:0c:1a:45:de:33:3e:ed:5e:68:ae:9f:a4:ae:e9:c8:d5:4b:
         94:8f:60:0e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUhL5XQxWMJhNvqgtXIJdqp7e0HcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTgwNDMwMjNaFw0yNTExMjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDViODg2Yzg5MjgwYWY1MWU2NTI3MWUzNmNkZTA4MjZlODZiMmI1YmI3YzIz
MDhiYWY5ZWIzYjViMmExMWE2MWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIXPIG6PQdWly5+jMqhhA9giIGBytlHPrbRqJvLSbyI02nd+OELEmkHF2lBx
V5U4ZJqOihCs+FcDotvMio1G8YoO96eEyi2B71ovH2le+V8jfjUp3YQErlO9Rewy
5wwzBw4cUzrMWdfrU6BNVqXdhpQ9TUhWGFHBfHv4ZbnK2zkjYYTJi2qGbNPoCdHW
hG/4/AYqz60ycNEpUHgdmQAtAEw1yTeNElNk9ropEdXWwTTK2CvaxbyA+U2zQ0dA
qXgKvWXfzZXyxiu0XB5h8XYEaGCZY0mwq1+aDByKL7IE59qVS8urjIypSybs5+L8
SO750lVuThEb+MNF4a/64b+Epi8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQJHIJK
Irn60/VAYf7GZSNbXDidRTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDMxZDhlMjItYTM4NC00MTllLTkyMTgtMzJhODBjMGNlMGUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hbg
MA0GCSqGSIb3DQEBCwUAA4IBAQCe+H+s6JGD1EH/aEVvCktOf/+vjKt4yqn8rmo3
hfmOpmnSe2YcOYoX/MAB3JZP2n2uF0EuZ+xuUdMfLqVdmCPKlbcPLDW7R96iDEQE
M4Ht80u7VzEqX54++TemDuYd+sPkySUZTli5Vy0WhibHV30gCI/4egbWBShJ+iZF
wjdOQUU1+2rF77dkLu2uUATKjBQiZxM+tTq3W90ma16T7FBeppveVsk9DkLFSZKt
Au5yqEfgwFOCyhy1NYYZbVjRmA9W2HrqdXes5KI7f08WvSjOY8l4inFSuou4rctK
mAGkLOopY5hUz02LB9PZDBpF3jM+7V5orp+krunI1UuUj2AO
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:08 2025 by rpki-client