Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/51a1ea71-75af-4bc7-8c05-1b2e3a562792.roa
File:                     51a1ea71-75af-4bc7-8c05-1b2e3a562792.roa (raw, json)
Hash identifier:          b4sn1fYrGSbeMkc+AcfjMHHWWSZ7BQ5NAzpFdnlkc30=
Subject key identifier:   69:0D:31:2B:92:EB:82:9E:1F:58:87:AD:4F:36:02:5F:40:27:09:A6
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2387BBBAE78549924887FBF82FB8BA56D91DDEA0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/51a1ea71-75af-4bc7-8c05-1b2e3a562792.roa
Signing time:             Fri 26 Sep 2025 19:01:44 +0000
ROA not before:           Fri 26 Sep 2025 19:01:44 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:80d0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:87:bb:ba:e7:85:49:92:48:87:fb:f8:2f:b8:ba:56:d9:1d:de:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:01:44 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=9e0748637e3d18552b9465912c60730f0b0eced937353f4647672f852f36bd8a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f8:25:28:60:d5:86:68:f7:cc:2a:56:b9:14:
                    ca:e4:b9:f1:0d:c4:90:6d:6e:94:7b:ed:2a:00:e6:
                    4b:f2:25:e1:b4:d6:a4:48:82:df:4d:a9:c7:2a:43:
                    3c:8d:3f:76:26:ea:b5:71:ac:d0:93:b6:0e:98:3e:
                    7a:91:da:14:dc:bd:2f:43:16:43:fe:d2:9c:d9:59:
                    7e:ef:6c:fc:36:04:5e:21:f4:a9:a5:79:b3:2f:36:
                    5b:b8:34:b4:64:38:26:a4:05:9f:b5:19:9c:91:78:
                    80:99:64:71:4d:fd:f4:56:70:cf:f1:6c:be:c3:14:
                    d8:be:bd:2c:30:3a:af:32:c7:38:7f:c3:f9:80:3e:
                    d3:aa:18:b9:c1:ee:5e:82:72:b5:8e:f6:d2:70:66:
                    9d:aa:66:80:c6:25:ee:af:28:29:f1:9a:32:97:13:
                    6a:30:35:31:30:9a:3c:82:42:c2:ce:ac:f3:00:c3:
                    ae:ae:0a:ff:86:66:57:c4:8c:2a:3c:e0:17:2c:cd:
                    54:22:b0:89:13:93:4c:a1:b7:3b:55:97:00:dc:51:
                    48:59:03:da:22:5b:7e:3c:3f:22:62:c7:94:7f:cf:
                    d6:e1:78:e9:92:3f:4a:a7:65:53:8e:09:78:88:78:
                    34:80:0d:7d:e5:23:17:a0:32:6e:dc:e0:b2:a5:23:
                    98:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:0D:31:2B:92:EB:82:9E:1F:58:87:AD:4F:36:02:5F:40:27:09:A6
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/51a1ea71-75af-4bc7-8c05-1b2e3a562792.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:80d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:d4:10:0c:7e:b2:94:61:3e:9b:5c:0a:16:9a:07:c9:34:5e:
         9f:2a:a1:88:f9:49:a4:5e:66:b2:79:c1:c3:88:31:30:5b:e7:
         a4:3b:6d:b8:09:a4:2d:a4:49:af:4e:86:a6:80:30:27:52:11:
         fe:c8:5b:e4:e2:b1:23:ad:02:72:58:c6:00:cc:d2:55:b5:32:
         40:e0:8c:cd:29:e5:f2:49:37:50:8e:6b:32:3d:14:48:42:b2:
         93:c6:66:87:ff:13:26:60:5b:45:eb:5a:e8:26:0a:1a:e4:f6:
         d4:f6:a5:bc:a2:a8:bc:2d:e1:40:45:33:79:38:31:20:69:23:
         5d:c4:60:66:53:66:da:80:f1:bc:a2:0c:7d:81:0b:65:c5:73:
         82:dc:c3:11:78:e5:fb:71:d2:1f:61:6b:c2:2c:59:76:60:46:
         41:22:26:91:83:9e:82:cc:c6:8b:f9:f4:68:f3:a7:95:f8:04:
         6b:1f:e5:ef:42:35:3c:9d:84:8c:40:c8:54:82:7a:10:e3:9e:
         78:e2:f4:81:3a:a0:b7:a5:95:28:11:88:83:31:3f:cb:1b:90:
         72:57:5a:31:f9:69:4d:35:6b:3d:2e:14:82:f1:58:ea:92:79:
         93:9c:27:80:c9:2e:3d:13:cb:5e:14:06:23:d8:1b:47:da:20:
         02:5f:53:c1
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUI4e7uueFSZJIh/v4L7i6Vtkd3qAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTAxNDRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDllMDc0ODYzN2UzZDE4NTUyYjk0NjU5MTJjNjA3MzBmMGIwZWNlZDkzNzM1
M2Y0NjQ3NjcyZjg1MmYzNmJkOGExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANT4JShg1YZo98wqVrkUyuS58Q3EkG1ulHvtKgDmS/Il4bTWpEiC302pxypD
PI0/dibqtXGs0JO2Dpg+epHaFNy9L0MWQ/7SnNlZfu9s/DYEXiH0qaV5sy82W7g0
tGQ4JqQFn7UZnJF4gJlkcU399FZwz/FsvsMU2L69LDA6rzLHOH/D+YA+06oYucHu
XoJytY720nBmnapmgMYl7q8oKfGaMpcTajA1MTCaPIJCws6s8wDDrq4K/4ZmV8SM
KjzgFyzNVCKwiROTTKG3O1WXANxRSFkD2iJbfjw/ImLHlH/P1uF46ZI/SqdlU44J
eIh4NIANfeUjF6AybtzgsqUjmMsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRpDTEr
kuuCnh9Yh61PNgJfQCcJpjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTFhMWVhNzEtNzVhZi00YmM3LThjMDUtMWIyZTNhNTYyNzkyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
0DANBgkqhkiG9w0BAQsFAAOCAQEAKdQQDH6ylGE+m1wKFpoHyTRenyqhiPlJpF5m
snnBw4gxMFvnpDttuAmkLaRJr06GpoAwJ1IR/shb5OKxI60CcljGAMzSVbUyQOCM
zSnl8kk3UI5rMj0USEKyk8Zmh/8TJmBbReta6CYKGuT21PalvKKovC3hQEUzeTgx
IGkjXcRgZlNm2oDxvKIMfYELZcVzgtzDEXjl+3HSH2FrwixZdmBGQSImkYOegszG
i/n0aPOnlfgEax/l70I1PJ2EjEDIVIJ6EOOeeOL0gTqgt6WVKBGIgzE/yxuQclda
MflpTTVrPS4UgvFY6pJ5k5wngMkuPRPLXhQGI9gbR9ogAl9TwQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:58 2025 by rpki-client