Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4cf83881-74f7-4033-977b-362e08e8d6d2.roa
File:                     4cf83881-74f7-4033-977b-362e08e8d6d2.roa (raw, json)
Hash identifier:          bfSYNuxuS1+BQnzDCIAA+Nl1NycYh/2TP5Ivue+u9zo=
Subject key identifier:   80:D0:C0:5C:CC:01:B1:5D:03:70:3B:44:58:02:2B:C7:FE:60:13:38
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0A9D3048D4432BF5D308566E2CEC913F5DCBD781
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4cf83881-74f7-4033-977b-362e08e8d6d2.roa
Signing time:             Sun 19 Oct 2025 23:50:10 +0000
ROA not before:           Sun 19 Oct 2025 23:50:10 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:840::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:9d:30:48:d4:43:2b:f5:d3:08:56:6e:2c:ec:91:3f:5d:cb:d7:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 19 23:50:10 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=d00e148990e14a2a121cd1a75e19ce22699c9c122bf5f97e38a7c534b5604c3c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:9f:7c:28:b2:29:64:63:51:18:49:6e:88:01:
                    ce:19:4e:b9:6f:e0:3b:18:dd:9d:bd:30:ba:36:d0:
                    f6:8f:8c:1b:e3:a9:3c:5e:52:0f:d0:72:c6:0d:b6:
                    cb:6b:53:7a:1c:1f:ce:9e:30:75:20:2e:58:59:e7:
                    09:37:a0:67:6e:49:bb:11:6c:3b:10:c1:5b:f3:b4:
                    e6:28:40:91:8a:16:bc:42:9b:5f:b3:24:08:c0:3f:
                    e9:4c:27:10:d4:b5:67:0c:e8:f3:e3:53:e9:62:56:
                    54:c9:ab:94:a1:c6:fe:04:a6:b1:75:f8:33:46:b6:
                    40:54:56:c8:7e:28:5a:71:e4:31:e8:19:1e:e7:63:
                    e9:16:e8:e9:29:03:a9:96:dd:b1:90:da:6e:4a:05:
                    7f:b4:26:18:c6:73:fb:2e:dc:6d:57:f0:1f:e4:e2:
                    d3:06:49:f9:2b:b9:0d:63:8a:a3:19:c7:b2:89:f5:
                    4e:7e:9d:28:a1:ef:c8:64:19:f8:70:e2:49:6f:49:
                    e1:4d:64:46:b1:58:ff:93:43:ae:ff:f1:99:81:a9:
                    a2:43:d9:a3:f7:93:0a:ee:e4:54:a3:c8:b4:3a:85:
                    89:20:b4:d3:13:2c:ef:79:22:55:30:d1:22:aa:53:
                    e3:90:7e:f0:79:53:cd:c7:00:5a:04:e4:04:a3:b6:
                    41:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:D0:C0:5C:CC:01:B1:5D:03:70:3B:44:58:02:2B:C7:FE:60:13:38
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4cf83881-74f7-4033-977b-362e08e8d6d2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:840::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:2b:4d:f6:43:26:8c:0a:10:07:83:4e:e8:bd:c3:a6:7b:b0:
         d5:ff:1b:57:c4:02:98:74:78:a6:8e:fa:b4:1f:81:f2:12:51:
         ff:91:a0:a1:23:9b:62:eb:25:d5:86:be:56:f3:60:8d:8e:dc:
         a6:06:bf:9f:76:db:dd:dc:9b:ed:08:5b:56:a4:c5:9e:ce:94:
         34:69:fc:57:df:a3:01:de:d2:0d:d2:d8:1a:18:3a:35:f0:bb:
         0d:cb:36:c0:97:0b:78:6d:8f:5c:04:91:25:df:bb:11:e8:f5:
         2e:3d:0b:58:ad:bd:87:76:18:09:78:d8:8c:b5:c3:85:fa:2b:
         26:30:bf:a8:0d:9c:c0:ef:37:d4:9f:c8:1a:7a:b8:49:18:77:
         b7:34:78:87:10:c8:32:58:9b:d3:b3:3a:36:28:6f:a7:48:5a:
         fc:5e:9c:b4:cf:78:98:42:2b:6f:58:6a:c4:b8:ed:9a:96:58:
         87:20:08:ad:d6:76:65:35:dc:cb:26:86:f6:7b:1c:ac:bc:5a:
         61:c1:a9:f5:88:7d:60:a1:57:ca:3d:61:1d:fe:c0:de:eb:16:
         d8:8c:77:a3:9a:39:fc:cf:92:68:97:84:32:b6:73:ed:cd:52:
         3c:a1:37:cb:16:d7:f0:39:4c:83:11:13:79:ef:e4:2e:87:8a:
         a6:13:ec:bf
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUCp0wSNRDK/XTCFZuLOyRP13L14EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTkyMzUwMTBaFw0yNTExMjMyMzU5NTlaMHoxSTBHBgNV
BAUTQGQwMGUxNDg5OTBlMTRhMmExMjFjZDFhNzVlMTljZTIyNjk5YzljMTIyYmY1
Zjk3ZTM4YTdjNTM0YjU2MDRjM2MxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPSffCiyKWRjURhJbogBzhlOuW/gOxjdnb0wujbQ9o+MG+OpPF5SD9Byxg22
y2tTehwfzp4wdSAuWFnnCTegZ25JuxFsOxDBW/O05ihAkYoWvEKbX7MkCMA/6Uwn
ENS1Zwzo8+NT6WJWVMmrlKHG/gSmsXX4M0a2QFRWyH4oWnHkMegZHudj6Rbo6SkD
qZbdsZDabkoFf7QmGMZz+y7cbVfwH+Ti0wZJ+Su5DWOKoxnHson1Tn6dKKHvyGQZ
+HDiSW9J4U1kRrFY/5NDrv/xmYGpokPZo/eTCu7kVKPItDqFiSC00xMs73kiVTDR
IqpT45B+8HlTzccAWgTkBKO2QV8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSA0MBc
zAGxXQNwO0RYAivH/mATODAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGNmODM4ODEtNzRmNy00MDMzLTk3N2ItMzYyZTA4ZThkNmQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HII
QDANBgkqhkiG9w0BAQsFAAOCAQEADitN9kMmjAoQB4NO6L3Dpnuw1f8bV8QCmHR4
po76tB+B8hJR/5GgoSObYusl1Ya+VvNgjY7cpga/n3bb3dyb7QhbVqTFns6UNGn8
V9+jAd7SDdLYGhg6NfC7Dcs2wJcLeG2PXASRJd+7Eej1Lj0LWK29h3YYCXjYjLXD
hforJjC/qA2cwO831J/IGnq4SRh3tzR4hxDIMlib07M6Nihvp0ha/F6ctM94mEIr
b1hqxLjtmpZYhyAIrdZ2ZTXcyyaG9nscrLxaYcGp9Yh9YKFXyj1hHf7A3usW2Ix3
o5o5/M+SaJeEMrZz7c1SPKE3yxbX8DlMgxETee/kLoeKphPsvw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:42 2025 by rpki-client