Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5326a6e7-9660-4ae8-a80a-996863be862e.roa
File:                     5326a6e7-9660-4ae8-a80a-996863be862e.roa (raw, json)
Hash identifier:          73kQvfhcN+t06pPNz36Bcd8Ei4VDEyQFJ8MpjT4Nzyo=
Subject key identifier:   FE:2C:69:B1:36:72:86:EE:32:BB:D9:D5:C1:69:CC:C1:FA:55:72:FA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3886CE00E5765E79D34250AC547E24B795C56AD6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5326a6e7-9660-4ae8-a80a-996863be862e.roa
Signing time:             Sat 27 Sep 2025 00:53:37 +0000
ROA not before:           Sat 27 Sep 2025 00:53:37 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        79.125.64.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:86:ce:00:e5:76:5e:79:d3:42:50:ac:54:7e:24:b7:95:c5:6a:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 27 00:53:37 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=350c9d712d1140b923079cf05006cab63e0e7cf364f5e24e4e42e68fac841431, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:06:73:a0:d4:bc:90:14:0a:7f:b1:54:75:0c:
                    89:4b:51:32:57:7d:79:61:6d:8b:7b:a1:87:29:68:
                    51:42:7f:6a:43:41:bd:4a:b6:28:b6:45:d0:ee:78:
                    7a:de:ce:dc:5e:c0:48:9e:ce:d1:41:db:a6:81:64:
                    fb:bb:f3:ef:28:95:da:25:e3:e8:3e:ff:84:6b:e2:
                    42:56:40:61:a4:5c:b1:c7:c3:d5:23:bf:28:99:04:
                    9f:84:ff:74:74:f8:56:65:5c:6a:8a:09:88:53:e7:
                    0f:4c:96:7e:6d:6d:7a:75:c7:ed:ed:4d:69:f5:c9:
                    04:41:65:81:16:6e:1e:bb:af:60:50:02:b4:33:80:
                    1d:c1:93:95:4d:f1:b3:9f:8b:62:2a:5e:b6:44:2b:
                    df:6f:3a:9d:dc:77:a7:fb:cb:e2:9e:a8:79:08:15:
                    41:5c:d8:8e:f7:b3:93:ec:d9:c2:e3:76:2b:02:ba:
                    c4:9b:c5:fb:a3:fb:b8:94:15:d6:72:ef:4f:4d:f7:
                    8c:df:ec:4b:79:25:e5:5c:a3:06:10:95:4b:1b:a5:
                    a4:3f:97:39:eb:e8:6c:17:59:50:39:cb:76:c3:d9:
                    32:c7:1d:64:7d:e6:47:88:82:7f:cb:82:30:22:3f:
                    60:d3:bd:48:1f:82:0a:38:f8:f9:60:7f:66:07:89:
                    31:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:2C:69:B1:36:72:86:EE:32:BB:D9:D5:C1:69:CC:C1:FA:55:72:FA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5326a6e7-9660-4ae8-a80a-996863be862e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.125.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         07:47:13:9a:6c:d7:3e:06:58:23:cc:41:73:3e:f1:75:21:78:
         29:b6:7c:8a:53:2d:20:4f:a6:60:2b:52:e6:9b:76:36:99:c4:
         97:c3:82:b4:63:3e:70:4d:68:b2:bb:70:2f:3e:cc:c0:b7:09:
         5b:62:7b:3d:c2:50:7d:85:05:4d:e7:f1:a9:d0:3d:cd:71:6c:
         53:58:5b:d1:3d:aa:ec:bc:e6:5b:7c:84:20:53:4b:f5:cd:98:
         cd:e5:1e:f8:a8:98:34:31:9d:d1:50:30:e1:63:c5:33:60:6a:
         be:a6:06:f6:7c:9e:2d:50:b2:2f:21:b7:f4:f0:ac:3f:46:9f:
         0a:6d:b7:ca:a7:31:5a:05:c2:50:c3:57:dc:5a:80:22:8e:4b:
         49:32:62:1a:e8:58:d7:e6:a5:7d:32:c7:ee:8d:3c:d6:31:1f:
         8e:d6:25:61:97:0c:61:f9:27:c4:18:c3:c0:0f:85:96:e0:0f:
         cd:25:c5:6f:15:e6:16:e8:cd:4d:ae:f8:09:31:12:83:b3:14:
         02:b4:04:77:75:79:b9:23:f6:02:cc:b7:26:29:5b:a0:cb:f8:
         3d:11:cd:9c:b8:cf:fb:41:8f:b9:2c:91:23:fa:ba:06:d5:2d:
         7c:d2:f7:be:d6:a5:0c:a4:10:67:04:a6:18:77:0f:10:41:7a:
         65:3f:94:d2
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUOIbOAOV2XnnTQlCsVH4kt5XFatYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjcwMDUzMzdaFw0yNTExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQDM1MGM5ZDcxMmQxMTQwYjkyMzA3OWNmMDUwMDZjYWI2M2UwZTdjZjM2NGY1
ZTI0ZTRlNDJlNjhmYWM4NDE0MzExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALUGc6DUvJAUCn+xVHUMiUtRMld9eWFti3uhhyloUUJ/akNBvUq2KLZF0O54
et7O3F7ASJ7O0UHbpoFk+7vz7yiV2iXj6D7/hGviQlZAYaRcscfD1SO/KJkEn4T/
dHT4VmVcaooJiFPnD0yWfm1tenXH7e1NafXJBEFlgRZuHruvYFACtDOAHcGTlU3x
s5+LYipetkQr3286ndx3p/vL4p6oeQgVQVzYjvezk+zZwuN2KwK6xJvF+6P7uJQV
1nLvT033jN/sS3kl5VyjBhCVSxulpD+XOevobBdZUDnLdsPZMscdZH3mR4iCf8uC
MCI/YNO9SB+CCjj4+WB/ZgeJMRECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBT+LGmx
NnKG7jK72dXBaczB+lVy+jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTMyNmE2ZTctOTY2MC00YWU4LWE4MGEtOTk2ODYzYmU4NjJlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBU99QDAN
BgkqhkiG9w0BAQsFAAOCAQEAB0cTmmzXPgZYI8xBcz7xdSF4KbZ8ilMtIE+mYCtS
5pt2NpnEl8OCtGM+cE1osrtwLz7MwLcJW2J7PcJQfYUFTefxqdA9zXFsU1hb0T2q
7LzmW3yEIFNL9c2YzeUe+KiYNDGd0VAw4WPFM2BqvqYG9nyeLVCyLyG39PCsP0af
Cm23yqcxWgXCUMNX3FqAIo5LSTJiGuhY1+alfTLH7o081jEfjtYlYZcMYfknxBjD
wA+FluAPzSXFbxXmFujNTa74CTESg7MUArQEd3V5uSP2Asy3JilboMv4PRHNnLjP
+0GPuSyRI/q6BtUtfNL3vtalDKQQZwSmGHcPEEF6ZT+U0g==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:14 2025 by rpki-client