Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/45d0d709-7b92-4c46-9d95-6605e2a3d35e.roa
File:                     45d0d709-7b92-4c46-9d95-6605e2a3d35e.roa (raw, json)
Hash identifier:          ls13naPshxwM47k3WOCQ96vCohLcE4FWOW0NE+vURw4=
Subject key identifier:   AB:D1:18:92:51:05:8B:BC:A8:51:A9:43:86:E9:F9:17:40:82:0C:FD
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0C274944E00D3A94CBB5638A27CDF26C0BDD274D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/45d0d709-7b92-4c46-9d95-6605e2a3d35e.roa
Signing time:             Fri 26 Sep 2025 19:39:48 +0000
ROA not before:           Fri 26 Sep 2025 19:39:48 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d075:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:27:49:44:e0:0d:3a:94:cb:b5:63:8a:27:cd:f2:6c:0b:dd:27:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:39:48 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=263312d77c14a3b4edf16e59b7783b87bdd020986ab5aac1c1cb0c4e9811cee5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:33:7b:98:d3:ce:4b:eb:3e:72:ea:9e:40:67:
                    29:5a:e8:27:1a:9c:e2:24:78:63:bf:b8:96:16:a6:
                    1f:42:0f:85:10:f6:c3:47:c9:9f:fc:33:48:b2:04:
                    50:0e:79:c1:bb:bb:c8:ce:bf:7b:ba:e0:56:5b:81:
                    b9:ba:cd:e9:90:2c:6b:7b:eb:d3:a3:54:5c:1e:92:
                    1c:28:ea:73:52:77:ab:9f:7e:d4:27:d8:cf:07:c6:
                    18:73:ba:a6:f6:b4:c4:19:df:13:fe:3d:c6:fd:2b:
                    f7:45:c3:72:42:35:1c:d3:e9:dd:6c:7e:ec:07:ef:
                    2e:38:a1:1f:db:e9:0d:6f:58:53:b8:ad:5d:de:64:
                    ce:28:eb:4d:9f:f3:34:38:ed:cd:27:36:06:11:0b:
                    8b:5f:69:c4:21:72:45:2d:5f:a4:1e:a6:e9:78:09:
                    cb:75:44:35:52:94:f8:8f:2b:88:30:53:3a:68:94:
                    3c:b9:e1:58:de:03:fc:05:aa:08:b6:0c:7e:af:5c:
                    32:0d:51:74:e5:b3:81:d1:f8:5f:0c:c8:b0:91:b8:
                    ff:34:1a:6f:f0:1d:58:b5:6b:02:f9:56:eb:6f:ac:
                    84:92:6d:df:a4:14:24:d7:12:bf:b4:98:1b:ca:e4:
                    95:22:7e:dd:41:12:a5:d2:e8:fb:33:95:10:62:5b:
                    d1:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D1:18:92:51:05:8B:BC:A8:51:A9:43:86:E9:F9:17:40:82:0C:FD
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/45d0d709-7b92-4c46-9d95-6605e2a3d35e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d075:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         47:0c:55:ec:5c:a7:a7:42:23:d6:bc:f4:b1:68:3e:7d:e3:f9:
         a6:1a:6c:3b:bd:cc:d1:13:a4:96:13:d0:87:39:d1:5d:2e:fd:
         28:ce:0e:42:cb:3c:96:4c:af:97:36:74:dc:b3:ae:5c:04:00:
         05:ff:b8:9f:2d:af:ef:90:6a:7e:cd:03:27:04:fe:69:69:fe:
         b0:51:fb:2c:a7:30:7d:b0:51:95:1e:85:54:d8:79:6a:f3:b6:
         37:19:a9:3d:15:68:a7:7a:74:95:aa:ef:f1:f4:ec:38:62:17:
         4e:d0:5e:96:e9:cd:eb:81:08:31:33:e7:81:0d:cc:09:10:7f:
         9b:b9:1e:04:f2:23:f2:21:63:b2:3a:4c:93:77:4f:68:92:55:
         77:76:e1:35:bb:70:79:ff:f0:ae:52:ff:f9:73:64:18:0b:87:
         5a:ea:e3:e0:89:90:70:ce:3f:68:4a:84:a8:b8:d5:87:17:a4:
         be:ef:ee:9c:81:2e:27:74:b7:97:48:0b:4a:8e:88:b9:25:03:
         be:c2:41:08:d9:7e:7e:32:86:4f:43:40:b2:ae:c7:aa:ed:3c:
         da:6d:dc:3e:10:89:90:cf:a6:46:fd:92:7b:61:0e:56:1d:39:
         0d:0e:1a:ff:f7:52:97:fe:b9:e0:91:57:0c:8f:17:32:37:05:
         91:b8:b6:98
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDCdJROANOpTLtWOKJ83ybAvdJ00wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTM5NDhaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDI2MzMxMmQ3N2MxNGEzYjRlZGYxNmU1OWI3NzgzYjg3YmRkMDIwOTg2YWI1
YWFjMWMxY2IwYzRlOTgxMWNlZTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALwze5jTzkvrPnLqnkBnKVroJxqc4iR4Y7+4lhamH0IPhRD2w0fJn/wzSLIE
UA55wbu7yM6/e7rgVluBubrN6ZAsa3vr06NUXB6SHCjqc1J3q59+1CfYzwfGGHO6
pva0xBnfE/49xv0r90XDckI1HNPp3Wx+7AfvLjihH9vpDW9YU7itXd5kzijrTZ/z
NDjtzSc2BhELi19pxCFyRS1fpB6m6XgJy3VENVKU+I8riDBTOmiUPLnhWN4D/AWq
CLYMfq9cMg1RdOWzgdH4XwzIsJG4/zQab/AdWLVrAvlW62+shJJt36QUJNcSv7SY
G8rklSJ+3UESpdLo+zOVEGJb0W8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSr0RiS
UQWLvKhRqUOG6fkXQIIM/TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDVkMGQ3MDktN2I5Mi00YzQ2LTlkOTUtNjYwNWUyYTNkMzVlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HXg
MA0GCSqGSIb3DQEBCwUAA4IBAQBHDFXsXKenQiPWvPSxaD594/mmGmw7vczRE6SW
E9CHOdFdLv0ozg5CyzyWTK+XNnTcs65cBAAF/7ifLa/vkGp+zQMnBP5paf6wUfss
pzB9sFGVHoVU2Hlq87Y3Gak9FWinenSVqu/x9Ow4YhdO0F6W6c3rgQgxM+eBDcwJ
EH+buR4E8iPyIWOyOkyTd09oklV3duE1u3B5//CuUv/5c2QYC4da6uPgiZBwzj9o
SoSouNWHF6S+7+6cgS4ndLeXSAtKjoi5JQO+wkEI2X5+MoZPQ0Cyrseq7Tzabdw+
EImQz6ZG/ZJ7YQ5WHTkNDhr/91KX/rngkVcMjxcyNwWRuLaY
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:35 2025 by rpki-client