Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e0cbb15-3cb7-449b-953a-b40949bdc32b.roa
File:                     4e0cbb15-3cb7-449b-953a-b40949bdc32b.roa (raw, json)
Hash identifier:          +0+6nGzJuhpdB01/IULfDv/gY8+rMW/BLpkMFvxZwho=
Subject key identifier:   26:E4:D0:7F:4F:E8:36:4C:E6:4F:C3:E4:8F:7D:08:1A:34:6C:04:1B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7D0FF7208FEE17F8C1761D40155C51E426331042
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e0cbb15-3cb7-449b-953a-b40949bdc32b.roa
Signing time:             Fri 26 Sep 2025 19:39:32 +0000
ROA not before:           Fri 26 Sep 2025 19:39:32 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d06f:9000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:0f:f7:20:8f:ee:17:f8:c1:76:1d:40:15:5c:51:e4:26:33:10:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:39:32 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=65a8a8daeba302bc069dcb360255d993dc3dd77e68e15ce2fa163d03393e6b0f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:31:4b:5c:50:f3:cf:e5:bd:81:86:20:32:ab:
                    00:0a:af:dd:3b:75:90:b7:eb:de:f3:e1:81:aa:bb:
                    28:d6:ad:8c:2f:79:63:b9:b3:de:98:d7:55:2e:59:
                    3e:03:a1:7c:8c:c5:dc:fb:ad:a9:56:95:aa:eb:c3:
                    9c:16:c5:b0:3c:f4:74:da:db:a0:75:b4:24:90:9f:
                    dc:10:33:76:d4:23:8e:a6:65:ec:5a:db:4e:24:e9:
                    65:e3:64:e8:8a:1b:37:bd:0d:9f:40:e3:dd:ee:54:
                    b4:b6:d5:02:c2:d3:2d:41:b4:0a:9b:dc:78:ce:82:
                    48:82:41:86:d8:dd:99:55:d4:4a:61:e5:02:16:c0:
                    cf:d6:cc:9f:4c:4a:69:9f:f3:a0:ff:54:98:b0:ee:
                    66:a2:d9:8f:8a:67:55:49:3b:ad:86:d6:c1:44:9c:
                    33:70:75:da:b8:a6:3f:95:73:0e:b4:9f:6d:dd:0c:
                    53:59:83:f7:79:c8:3d:62:86:59:4e:0f:e1:09:64:
                    1d:d9:95:da:8e:f8:b3:8c:7a:67:b3:cf:43:ea:6b:
                    8b:a5:8f:b7:8a:ad:69:14:21:8b:ff:dd:60:7a:cd:
                    36:d7:a0:b9:50:26:d2:c4:61:d1:a8:17:6f:14:48:
                    6f:e0:c8:6a:59:8a:8f:2b:31:74:8b:59:8d:5b:fe:
                    0f:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:E4:D0:7F:4F:E8:36:4C:E6:4F:C3:E4:8F:7D:08:1A:34:6C:04:1B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e0cbb15-3cb7-449b-953a-b40949bdc32b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d06f:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         09:2e:b5:8a:68:f8:81:e5:0d:41:07:13:fc:2f:50:50:61:0e:
         6d:e3:a5:4d:d5:a2:aa:51:2e:21:8e:67:92:21:2d:06:64:95:
         f3:1f:ca:a1:73:c1:b0:8c:45:53:a2:c1:c3:17:04:fc:c6:f8:
         e5:00:4b:a6:bc:b2:fb:66:42:90:97:50:d5:b5:fc:63:8b:15:
         68:41:a2:ec:92:6b:4d:51:40:e1:9e:59:b1:c5:bb:78:8d:c7:
         66:0a:ea:fd:b4:d1:9c:60:1a:2c:a5:71:b0:cd:3f:00:d6:44:
         24:54:fe:0e:14:1c:70:9b:c1:a3:ad:c1:76:fc:b5:ea:5c:a7:
         fa:97:97:f9:d2:34:47:7d:09:d9:0b:37:50:13:63:85:98:81:
         30:f4:95:37:a4:6a:3f:40:57:48:3e:fd:cd:6b:d1:93:fc:87:
         94:f7:64:9a:c4:cb:13:ba:16:23:2e:a2:32:eb:fb:e4:fa:4f:
         6f:4b:1e:97:74:c3:c4:f3:93:2f:f4:f1:45:de:9d:ce:c2:7f:
         4b:fd:11:3b:b8:36:b2:52:83:1a:f9:3b:21:f2:07:98:0d:75:
         ea:a0:29:32:b2:be:c6:1e:67:29:a7:25:aa:f7:77:77:ac:3a:
         f3:2a:0d:c4:e9:1e:9d:0f:da:ba:c9:64:f3:d1:57:eb:10:23:
         b1:41:57:74
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUfQ/3II/uF/jBdh1AFVxR5CYzEEIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTM5MzJaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDY1YThhOGRhZWJhMzAyYmMwNjlkY2IzNjAyNTVkOTkzZGMzZGQ3N2U2OGUx
NWNlMmZhMTYzZDAzMzkzZTZiMGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMsxS1xQ88/lvYGGIDKrAAqv3Tt1kLfr3vPhgaq7KNatjC95Y7mz3pjXVS5Z
PgOhfIzF3PutqVaVquvDnBbFsDz0dNrboHW0JJCf3BAzdtQjjqZl7FrbTiTpZeNk
6IobN70Nn0Dj3e5UtLbVAsLTLUG0CpvceM6CSIJBhtjdmVXUSmHlAhbAz9bMn0xK
aZ/zoP9UmLDuZqLZj4pnVUk7rYbWwUScM3B12rimP5VzDrSfbd0MU1mD93nIPWKG
WU4P4QlkHdmV2o74s4x6Z7PPQ+pri6WPt4qtaRQhi//dYHrNNteguVAm0sRh0agX
bxRIb+DIalmKjysxdItZjVv+DxkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQm5NB/
T+g2TOZPw+SPfQgaNGwEGzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGUwY2JiMTUtM2NiNy00NDliLTk1M2EtYjQwOTQ5YmRjMzJiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G+Q
MA0GCSqGSIb3DQEBCwUAA4IBAQAJLrWKaPiB5Q1BBxP8L1BQYQ5t46VN1aKqUS4h
jmeSIS0GZJXzH8qhc8GwjEVTosHDFwT8xvjlAEumvLL7ZkKQl1DVtfxjixVoQaLs
kmtNUUDhnlmxxbt4jcdmCur9tNGcYBospXGwzT8A1kQkVP4OFBxwm8GjrcF2/LXq
XKf6l5f50jRHfQnZCzdQE2OFmIEw9JU3pGo/QFdIPv3Na9GT/IeU92SaxMsTuhYj
LqIy6/vk+k9vSx6XdMPE85Mv9PFF3p3Own9L/RE7uDayUoMa+Tsh8geYDXXqoCky
sr7GHmcppyWq93d3rDrzKg3E6R6dD9q6yWTz0VfrECOxQVd0
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:11 2025 by rpki-client