Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/533769c8-002c-491c-9b99-324fe9f5743c.roa
File:                     533769c8-002c-491c-9b99-324fe9f5743c.roa (raw, json)
Hash identifier:          OTSem5P+mLO93KKoroP2NvzJyd6boviDpCMnA7thDIQ=
Subject key identifier:   B9:D8:E7:57:30:99:F0:98:61:03:7D:DB:9A:D2:E1:58:D5:F1:51:0E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       65043F2A8AEBF67D804A5D4F0B8884C8DA9D596F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/533769c8-002c-491c-9b99-324fe9f5743c.roa
Signing time:             Fri 26 Sep 2025 20:11:30 +0000
ROA not before:           Fri 26 Sep 2025 20:11:30 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d022::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:04:3f:2a:8a:eb:f6:7d:80:4a:5d:4f:0b:88:84:c8:da:9d:59:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 20:11:30 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=f37eb440abd5cfb2009a893d81b33b963495419f8ad873f1a17909e47a2e87ab, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ad:ef:43:4c:4a:ea:4f:0f:27:77:15:bd:fa:
                    d5:6b:84:04:49:70:7c:f6:ab:f1:57:89:64:a4:f4:
                    42:fd:4f:c7:9f:1d:73:94:98:af:5d:a2:1b:50:3a:
                    15:4a:1b:d8:b3:ba:5e:d7:92:a6:81:86:21:b3:87:
                    c9:4d:b9:f2:4a:da:ae:b3:c7:6d:db:6a:80:5a:0c:
                    55:b2:22:b5:2a:bd:4d:e3:de:b4:fb:8f:65:ad:22:
                    53:b0:19:7f:c5:89:cb:45:ec:7e:92:5a:45:b0:e0:
                    bb:fd:ac:0d:42:da:44:7f:50:95:f4:40:30:75:a3:
                    aa:97:cf:57:2d:a0:f5:20:a3:5d:af:3e:69:93:66:
                    71:8e:0f:6d:b5:53:a5:72:86:58:07:ab:52:62:95:
                    a5:e9:6d:f6:4c:a9:9f:1f:05:a8:fd:c7:c4:c7:b4:
                    e7:7f:e9:69:e3:4c:68:b7:a5:3a:54:49:27:6b:64:
                    ce:66:c6:7d:55:58:ad:74:2a:2d:8d:ed:f1:81:2e:
                    ba:97:03:e8:da:f2:a3:fe:01:92:96:e8:cc:42:88:
                    3e:bd:49:3f:6f:7c:32:9e:a1:95:95:54:fc:19:1d:
                    80:bb:9f:46:67:4d:bc:e3:f0:ed:39:c5:40:83:54:
                    bf:24:4d:9d:3a:0d:5d:b7:1f:e6:a9:ac:8b:92:8a:
                    7c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:D8:E7:57:30:99:F0:98:61:03:7D:DB:9A:D2:E1:58:D5:F1:51:0E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/533769c8-002c-491c-9b99-324fe9f5743c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d022::/36

    Signature Algorithm: sha256WithRSAEncryption
         4e:59:38:ad:c5:a5:14:9d:34:a6:f9:29:6f:e7:e0:9b:fb:4e:
         96:d1:31:eb:fb:8c:76:f8:77:fd:c7:3c:f1:6a:57:0b:10:31:
         ba:e3:85:19:50:e9:14:f4:7b:67:73:d3:c0:04:63:81:67:24:
         99:ed:a4:68:9d:f0:20:9c:a2:d6:06:97:78:ef:41:37:83:d8:
         51:6f:99:79:bf:60:9b:da:8b:d5:0c:33:9d:43:db:a7:fa:f8:
         0e:9b:21:ca:31:c2:f3:42:5a:e0:b6:2a:f1:e7:83:45:bc:56:
         d2:aa:34:5a:84:20:83:69:ce:ad:b3:41:c7:e5:cc:9a:f7:60:
         c7:04:0f:27:7f:ff:9d:a6:56:83:0e:6e:5a:c0:f3:4d:fa:7d:
         b3:6c:72:5b:ad:12:15:b4:6d:9f:e3:f0:49:6f:42:89:af:62:
         f3:d3:2a:b9:1b:fd:7e:80:fc:8f:07:3e:11:6b:f1:8e:41:f9:
         e8:1b:08:5e:ba:42:30:be:ce:1d:d9:81:01:14:5f:6d:2e:53:
         4f:8c:3f:22:13:c4:c2:9d:af:d0:be:a0:c1:89:32:fa:d4:bc:
         93:81:aa:7a:53:12:ee:cc:d0:c4:66:55:e3:a6:ad:11:4f:0e:
         66:ba:dd:cf:7c:39:58:0e:45:37:46:77:dd:d1:3d:49:f2:ca:
         d1:a7:2f:a4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZQQ/Korr9n2ASl1PC4iEyNqdWW8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDExMzBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGYzN2ViNDQwYWJkNWNmYjIwMDlhODkzZDgxYjMzYjk2MzQ5NTQxOWY4YWQ4
NzNmMWExNzkwOWU0N2EyZTg3YWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMmt70NMSupPDyd3Fb361WuEBElwfPar8VeJZKT0Qv1Px58dc5SYr12iG1A6
FUob2LO6XteSpoGGIbOHyU258krarrPHbdtqgFoMVbIitSq9TePetPuPZa0iU7AZ
f8WJy0XsfpJaRbDgu/2sDULaRH9QlfRAMHWjqpfPVy2g9SCjXa8+aZNmcY4PbbVT
pXKGWAerUmKVpelt9kypnx8FqP3HxMe053/paeNMaLelOlRJJ2tkzmbGfVVYrXQq
LY3t8YEuupcD6Nryo/4BkpbozEKIPr1JP298Mp6hlZVU/BkdgLufRmdNvOPw7TnF
QINUvyRNnToNXbcf5qmsi5KKfJMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS52OdX
MJnwmGEDfdua0uFY1fFRDjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTMzNzY5YzgtMDAyYy00OTFjLTliOTktMzI0ZmU5ZjU3NDNjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CIA
MA0GCSqGSIb3DQEBCwUAA4IBAQBOWTitxaUUnTSm+Slv5+Cb+06W0THr+4x2+Hf9
xzzxalcLEDG644UZUOkU9Htnc9PABGOBZySZ7aRonfAgnKLWBpd470E3g9hRb5l5
v2Cb2ovVDDOdQ9un+vgOmyHKMcLzQlrgtirx54NFvFbSqjRahCCDac6ts0HH5cya
92DHBA8nf/+dplaDDm5awPNN+n2zbHJbrRIVtG2f4/BJb0KJr2Lz0yq5G/1+gPyP
Bz4Ra/GOQfnoGwheukIwvs4d2YEBFF9tLlNPjD8iE8TCna/QvqDBiTL61LyTgap6
UxLuzNDEZlXjpq0RTw5mut3PfDlYDkU3Rnfd0T1J8srRpy+k
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:48 2025 by rpki-client