Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dc2c958-c749-4f2f-a83c-b419f7f45487.roa
File:                     4dc2c958-c749-4f2f-a83c-b419f7f45487.roa (raw, json)
Hash identifier:          zw6d5pW+N+CcPfpg+TjHe7GSlzNfke+DExbKIQZ/PcY=
Subject key identifier:   D3:D0:4F:63:13:E6:99:CB:84:77:58:72:71:54:87:4D:44:BD:61:DB
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       61653C3F3B4B9617DE2AA82052D17AF060A82C38
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dc2c958-c749-4f2f-a83c-b419f7f45487.roa
Signing time:             Fri 26 Sep 2025 19:41:49 +0000
ROA not before:           Fri 26 Sep 2025 19:41:49 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07a:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:65:3c:3f:3b:4b:96:17:de:2a:a8:20:52:d1:7a:f0:60:a8:2c:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:41:49 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=00231d3dc1e9ec77da7e3531175c3d5b9b9ed9480ffb324cfca1217e6da6677d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8e:be:68:f9:4e:1e:32:47:7d:3d:d3:91:2f:
                    9f:ca:b4:b4:e7:3b:8b:62:53:50:45:8e:f3:dd:f8:
                    fc:19:09:21:0b:dd:98:13:af:66:ae:95:1e:7d:28:
                    ef:5f:cc:80:47:b2:25:0a:0f:3a:07:b6:ae:51:55:
                    cd:45:7a:0c:e1:b4:eb:63:9e:5f:16:ed:3b:70:0d:
                    10:53:44:32:3e:73:0e:f0:1f:c8:b1:21:42:0b:15:
                    b7:ca:53:a5:0b:00:bd:7e:af:7d:34:20:71:47:00:
                    d9:06:03:6a:39:10:1b:1f:54:51:6f:ef:58:ec:89:
                    cd:39:c9:b7:44:d9:18:e4:6c:e1:99:c5:f3:45:8c:
                    1d:c4:d6:bf:b9:64:22:3c:a6:af:9a:2f:bd:34:cd:
                    8a:9e:86:ac:96:46:90:4f:ba:a8:bb:84:1e:69:47:
                    74:42:56:d0:e0:78:a7:96:56:9b:44:7a:c3:53:f4:
                    28:07:16:b7:26:1d:a4:41:36:37:d3:7b:9b:84:d2:
                    af:24:99:3a:3d:ae:59:b3:0d:05:37:a2:0a:d2:8e:
                    9e:78:1a:92:f8:15:7a:0f:16:90:0f:87:84:14:d7:
                    3c:28:13:1b:b2:d8:73:79:c6:23:f9:a9:49:a4:52:
                    a8:1f:1b:92:cb:db:f7:00:3a:72:4e:22:d7:3b:27:
                    c5:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:D0:4F:63:13:E6:99:CB:84:77:58:72:71:54:87:4D:44:BD:61:DB
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dc2c958-c749-4f2f-a83c-b419f7f45487.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07a:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         23:12:3a:2f:f3:b7:26:95:a7:88:70:7e:c8:47:cd:15:27:3e:
         e7:7a:13:d2:d9:c9:44:24:fe:b6:0e:8e:7f:59:1a:8a:17:08:
         07:fb:1d:8d:45:27:58:6c:12:f9:d8:9b:e4:e5:16:8b:29:c7:
         a4:da:fc:b4:4b:ed:4b:75:1c:d2:6e:73:a3:ad:a4:99:0c:13:
         f3:fa:6e:9c:e7:ee:e6:8a:b4:1f:db:0d:1e:44:6c:ba:47:1a:
         ad:4c:4b:a6:a4:d5:7b:c6:b5:50:e3:73:54:12:5c:e2:75:75:
         4b:f0:37:e9:84:7f:0b:d4:de:97:6f:7d:f2:76:52:aa:d0:f6:
         db:30:ef:5c:8c:8f:94:9a:a8:08:09:21:80:3e:fb:5b:62:3c:
         84:bb:31:e4:3e:44:d2:02:b1:4c:07:f8:80:f5:85:2c:0c:90:
         d1:0f:9a:88:53:e9:6d:df:8f:1c:b8:5b:13:89:c2:d6:f6:f5:
         04:25:5f:34:8a:3a:cb:61:3f:23:fe:e5:e7:3b:8b:eb:bf:8e:
         1c:b7:a0:1e:a8:25:e8:5a:68:3e:ba:0e:21:f2:3e:8a:61:75:
         4a:2b:13:85:d5:c1:37:0d:85:3c:94:d8:8c:e6:6b:75:af:28:
         7b:38:44:36:ce:5f:1e:58:7e:37:aa:24:c0:d7:b9:cb:88:82:
         88:c0:6e:45
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUYWU8PztLlhfeKqggUtF68GCoLDgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQxNDlaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDAwMjMxZDNkYzFlOWVjNzdkYTdlMzUzMTE3NWMzZDViOWI5ZWQ5NDgwZmZi
MzI0Y2ZjYTEyMTdlNmRhNjY3N2QxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALmOvmj5Th4yR30905Evn8q0tOc7i2JTUEWO8934/BkJIQvdmBOvZq6VHn0o
71/MgEeyJQoPOge2rlFVzUV6DOG062OeXxbtO3ANEFNEMj5zDvAfyLEhQgsVt8pT
pQsAvX6vfTQgcUcA2QYDajkQGx9UUW/vWOyJzTnJt0TZGORs4ZnF80WMHcTWv7lk
Ijymr5ovvTTNip6GrJZGkE+6qLuEHmlHdEJW0OB4p5ZWm0R6w1P0KAcWtyYdpEE2
N9N7m4TSrySZOj2uWbMNBTeiCtKOnngakvgVeg8WkA+HhBTXPCgTG7LYc3nGI/mp
SaRSqB8bksvb9wA6ck4i1zsnxVMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTT0E9j
E+aZy4R3WHJxVIdNRL1h2zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGRjMmM5NTgtYzc0OS00ZjJmLWE4M2MtYjQxOWY3ZjQ1NDg3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hrg
MA0GCSqGSIb3DQEBCwUAA4IBAQAjEjov87cmlaeIcH7IR80VJz7nehPS2clEJP62
Do5/WRqKFwgH+x2NRSdYbBL52Jvk5RaLKcek2vy0S+1LdRzSbnOjraSZDBPz+m6c
5+7mirQf2w0eRGy6RxqtTEumpNV7xrVQ43NUElzidXVL8DfphH8L1N6Xb33ydlKq
0PbbMO9cjI+UmqgICSGAPvtbYjyEuzHkPkTSArFMB/iA9YUsDJDRD5qIU+lt348c
uFsTicLW9vUEJV80ijrLYT8j/uXnO4vrv44ct6AeqCXoWmg+ug4h8j6KYXVKKxOF
1cE3DYU8lNiM5mt1ryh7OEQ2zl8eWH43qiTA17nLiIKIwG5F
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:16 2025 by rpki-client