Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4c5783ee-ddea-4cae-b6f4-3d26d328b36c.roa
File:                     4c5783ee-ddea-4cae-b6f4-3d26d328b36c.roa (raw, json)
Hash identifier:          prwWZhL9OxfgLF4QG9w7odE5hDcDlVyDSZsp9JqYvtw=
Subject key identifier:   D5:D5:2E:07:F4:D5:33:84:CD:91:BE:6C:EB:FA:FD:CC:D9:17:0C:FF
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6C57D80134C1C0170AF7BB17B773967B89597382
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4c5783ee-ddea-4cae-b6f4-3d26d328b36c.roa
Signing time:             Fri 26 Sep 2025 18:39:09 +0000
ROA not before:           Fri 26 Sep 2025 18:39:09 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:a0c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:57:d8:01:34:c1:c0:17:0a:f7:bb:17:b7:73:96:7b:89:59:73:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:39:09 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=c1df68747a39de156d1949508b27db28a8582f328e2af8a6febd392c9f4ef55d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:57:45:88:62:51:49:24:f7:49:26:0e:13:62:
                    b8:bb:e8:64:f0:2f:2e:93:40:86:5e:83:77:f4:bb:
                    84:56:8f:8d:fd:ca:75:05:74:7c:98:0b:65:1d:a2:
                    ce:db:b0:c4:89:8f:55:b4:06:fa:cc:bf:77:02:f6:
                    a8:55:83:f9:ca:12:48:9f:a7:d3:85:1f:ee:0b:72:
                    e8:f9:c1:a7:4c:fb:f8:35:52:b4:69:61:f3:57:12:
                    5c:8e:b2:c5:06:53:e2:de:93:b7:e6:49:f8:90:1e:
                    58:1a:bd:81:0d:c3:96:cd:2a:0f:35:7e:22:af:9c:
                    05:a9:3e:1e:ef:11:3c:0b:2c:7c:b7:3f:c2:dd:fb:
                    cd:dc:9c:b7:cc:57:d2:08:3e:15:d7:94:bf:bd:ee:
                    36:f0:2d:38:36:64:5f:d2:7f:9a:fb:c0:a7:e0:a0:
                    58:26:29:a9:f7:9c:84:3f:a7:09:10:20:4f:8f:a2:
                    29:81:12:04:a6:92:c8:5e:ac:be:1e:b1:f9:bf:84:
                    bd:93:36:17:6b:a8:bf:7c:f2:8f:dc:d5:0d:f3:86:
                    66:98:d2:65:e5:61:69:53:e3:b3:17:9b:7b:48:96:
                    7f:4d:37:9a:44:57:fb:7b:ce:48:a8:e2:6e:4d:e6:
                    ee:b3:5e:64:5d:0e:1b:79:50:10:58:f9:d5:37:e8:
                    c3:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:D5:2E:07:F4:D5:33:84:CD:91:BE:6C:EB:FA:FD:CC:D9:17:0C:FF
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4c5783ee-ddea-4cae-b6f4-3d26d328b36c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:a0c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:c8:1c:cb:67:19:fa:f7:30:e1:13:84:be:ce:96:08:dc:a8:
         69:4c:03:4c:71:75:f9:47:af:1e:34:96:c1:dc:cf:f6:69:78:
         f3:da:88:bb:a9:d9:6f:46:1a:41:bb:e2:bd:3b:a9:a3:49:d0:
         43:00:f5:b5:f6:eb:0f:d6:37:8a:bb:b8:d0:e6:0c:55:8d:5f:
         b5:16:a1:bf:3c:4a:4f:0a:c3:ec:92:fd:11:19:c3:ed:4d:ac:
         ba:b2:4e:a3:69:91:d5:22:19:20:7e:80:ef:64:b9:17:c3:41:
         4f:dc:84:d0:b2:17:b3:2b:b4:af:87:24:b6:05:a5:97:28:48:
         b0:16:2a:dd:cb:8f:db:d6:db:48:1a:2f:44:51:95:b0:de:74:
         32:0b:bb:18:ec:5c:9d:c5:07:0a:71:84:36:c5:7f:f9:4a:29:
         2d:cf:25:cc:28:6a:ee:23:69:c5:fc:94:10:a5:5d:cb:b1:bd:
         9b:a9:20:a3:7f:0e:b3:bc:b0:76:da:87:1c:fa:35:72:6f:1a:
         bf:3e:35:34:42:a9:0a:34:d1:d6:81:b0:7f:1c:d9:c3:c6:a8:
         fd:ae:e8:ce:40:fd:97:8e:60:fe:3f:d6:06:6c:2b:70:59:b9:
         2c:c2:3a:67:2c:6c:be:c7:28:11:8a:94:86:80:64:2f:c3:37:
         24:db:27:bb
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUbFfYATTBwBcK97sXt3OWe4lZc4IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODM5MDlaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGMxZGY2ODc0N2EzOWRlMTU2ZDE5NDk1MDhiMjdkYjI4YTg1ODJmMzI4ZTJh
ZjhhNmZlYmQzOTJjOWY0ZWY1NWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJJXRYhiUUkk90kmDhNiuLvoZPAvLpNAhl6Dd/S7hFaPjf3KdQV0fJgLZR2i
ztuwxImPVbQG+sy/dwL2qFWD+coSSJ+n04Uf7gty6PnBp0z7+DVStGlh81cSXI6y
xQZT4t6Tt+ZJ+JAeWBq9gQ3Dls0qDzV+Iq+cBak+Hu8RPAssfLc/wt37zdyct8xX
0gg+FdeUv73uNvAtODZkX9J/mvvAp+CgWCYpqfechD+nCRAgT4+iKYESBKaSyF6s
vh6x+b+EvZM2F2uov3zyj9zVDfOGZpjSZeVhaVPjsxebe0iWf003mkRX+3vOSKji
bk3m7rNeZF0OG3lQEFj51Tfoww8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTV1S4H
9NUzhM2Rvmzr+v3M2RcM/zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGM1NzgzZWUtZGRlYS00Y2FlLWI2ZjQtM2QyNmQzMjhiMzZjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DGg
wDANBgkqhkiG9w0BAQsFAAOCAQEABcgcy2cZ+vcw4ROEvs6WCNyoaUwDTHF1+Uev
HjSWwdzP9ml489qIu6nZb0YaQbvivTupo0nQQwD1tfbrD9Y3iru40OYMVY1ftRah
vzxKTwrD7JL9ERnD7U2surJOo2mR1SIZIH6A72S5F8NBT9yE0LIXsyu0r4cktgWl
lyhIsBYq3cuP29bbSBovRFGVsN50Mgu7GOxcncUHCnGENsV/+UopLc8lzChq7iNp
xfyUEKVdy7G9m6kgo38Os7ywdtqHHPo1cm8avz41NEKpCjTR1oGwfxzZw8ao/a7o
zkD9l45g/j/WBmwrcFm5LMI6ZyxsvscoEYqUhoBkL8M3JNsnuw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:12 2025 by rpki-client