Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/538037c5-70a6-4b45-b84c-b4af8015af39.roa
File:                     538037c5-70a6-4b45-b84c-b4af8015af39.roa (raw, json)
Hash identifier:          2OJCDwtYVWv8s+oZ+jYl/TXLEMez64Lfo8MIkB9d/hA=
Subject key identifier:   51:6D:19:01:B6:A0:24:EE:3D:4A:B5:8A:BE:90:0A:8C:FC:57:DF:46
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0F7F08F19EF37DC072FD9BBF9AB17E445E5700C3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/538037c5-70a6-4b45-b84c-b4af8015af39.roa
Signing time:             Fri 26 Sep 2025 20:11:25 +0000
ROA not before:           Fri 26 Sep 2025 20:11:25 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d029::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:7f:08:f1:9e:f3:7d:c0:72:fd:9b:bf:9a:b1:7e:44:5e:57:00:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 20:11:25 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=40a58b56fcbc95d51c471cb3269e7eb0eefec7afbcbb49c65ab4ebd2419c097d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:49:d4:4d:9a:5a:ae:27:8f:5e:25:52:37:89:
                    0e:86:da:a5:67:9d:5f:59:a9:78:da:6c:ba:3b:3b:
                    ba:ef:b8:6f:fc:e4:da:bf:8f:44:57:50:b9:95:fe:
                    6b:22:da:d6:3c:12:40:48:00:c2:13:18:9b:17:58:
                    22:7e:92:1d:ec:a3:a1:75:7f:10:2b:34:57:db:f3:
                    b5:a3:1f:48:a7:20:4a:25:4d:6f:14:3b:c9:8d:97:
                    d7:d1:ea:04:26:29:2f:6d:ca:f7:0e:6d:ec:06:d9:
                    eb:94:c7:78:27:88:af:05:7f:b9:60:89:b7:50:d6:
                    1a:6c:f7:3b:c7:e6:d2:9c:e3:76:2f:ec:b6:9b:aa:
                    fe:9f:d1:6d:83:63:2b:6d:96:2f:3b:e6:b1:93:01:
                    52:96:b3:a1:d4:f8:aa:60:91:4e:03:bd:c7:c0:9b:
                    b4:2a:4c:3e:a7:7b:7d:27:42:68:b0:a2:d5:98:33:
                    f5:7f:dc:0e:b9:0c:9f:d7:77:ee:bd:cb:2d:7f:1a:
                    6e:d7:27:ea:b8:57:1a:e9:e7:19:13:79:c1:73:de:
                    7d:61:a8:ce:1b:26:58:e9:18:d9:d7:aa:ec:cd:7f:
                    62:e9:fd:d5:50:36:cf:e3:75:c0:5d:46:3c:df:c7:
                    b9:2d:f0:5a:84:df:2b:54:84:12:16:33:e6:c1:59:
                    e8:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:6D:19:01:B6:A0:24:EE:3D:4A:B5:8A:BE:90:0A:8C:FC:57:DF:46
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/538037c5-70a6-4b45-b84c-b4af8015af39.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d029::/36

    Signature Algorithm: sha256WithRSAEncryption
         64:72:08:4d:c3:2f:cc:00:65:ba:74:2d:19:3b:2e:55:f8:19:
         7a:e1:16:3b:3c:43:61:e8:e6:7f:0b:4a:17:19:71:28:f4:c7:
         0d:b1:94:f4:b5:03:52:e9:f8:9d:a5:2b:6e:c9:00:a7:2e:e4:
         06:bc:bc:66:47:45:9c:af:ed:02:78:32:13:0f:d5:12:f0:ec:
         4d:08:a5:8a:8e:39:29:93:9b:9e:83:b8:cc:7c:0c:e9:58:18:
         7c:f3:74:12:22:43:85:39:ee:d2:57:d8:b5:ae:51:80:b9:c6:
         09:08:ae:1f:28:23:99:06:06:ef:43:96:e4:83:45:78:cc:af:
         dd:82:17:45:21:1f:0b:dc:4e:84:f0:40:61:04:62:ca:44:21:
         63:eb:08:df:16:b3:60:d8:51:46:d9:ca:4c:26:6d:d7:a4:64:
         a5:55:ce:df:37:04:76:7a:30:ce:32:ad:e2:aa:ac:29:cc:88:
         e8:58:17:a8:42:16:fa:f4:6c:45:83:05:98:8f:71:8c:5d:13:
         ef:b3:53:60:fb:6c:ee:0a:10:e7:c5:ef:c8:b0:ba:3f:8a:94:
         1a:ad:85:74:4d:8d:27:ea:ec:71:10:62:bf:14:71:3d:aa:d2:
         f4:1f:fb:76:6f:0b:9e:bc:b3:aa:19:fb:12:8a:1a:c2:6c:b5:
         f6:bf:fb:30
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUD38I8Z7zfcBy/Zu/mrF+RF5XAMMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDExMjVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQwYTU4YjU2ZmNiYzk1ZDUxYzQ3MWNiMzI2OWU3ZWIwZWVmZWM3YWZiY2Ji
NDljNjVhYjRlYmQyNDE5YzA5N2QxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIpJ1E2aWq4nj14lUjeJDobapWedX1mpeNpsujs7uu+4b/zk2r+PRFdQuZX+
ayLa1jwSQEgAwhMYmxdYIn6SHeyjoXV/ECs0V9vztaMfSKcgSiVNbxQ7yY2X19Hq
BCYpL23K9w5t7AbZ65THeCeIrwV/uWCJt1DWGmz3O8fm0pzjdi/stpuq/p/RbYNj
K22WLzvmsZMBUpazodT4qmCRTgO9x8CbtCpMPqd7fSdCaLCi1Zgz9X/cDrkMn9d3
7r3LLX8abtcn6rhXGunnGRN5wXPefWGozhsmWOkY2deq7M1/Yun91VA2z+N1wF1G
PN/HuS3wWoTfK1SEEhYz5sFZ6GsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRRbRkB
tqAk7j1KtYq+kAqM/FffRjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTM4MDM3YzUtNzBhNi00YjQ1LWI4NGMtYjRhZjgwMTVhZjM5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CkA
MA0GCSqGSIb3DQEBCwUAA4IBAQBkcghNwy/MAGW6dC0ZOy5V+Bl64RY7PENh6OZ/
C0oXGXEo9McNsZT0tQNS6fidpStuyQCnLuQGvLxmR0Wcr+0CeDITD9US8OxNCKWK
jjkpk5ueg7jMfAzpWBh883QSIkOFOe7SV9i1rlGAucYJCK4fKCOZBgbvQ5bkg0V4
zK/dghdFIR8L3E6E8EBhBGLKRCFj6wjfFrNg2FFG2cpMJm3XpGSlVc7fNwR2ejDO
Mq3iqqwpzIjoWBeoQhb69GxFgwWYj3GMXRPvs1Ng+2zuChDnxe/IsLo/ipQarYV0
TY0n6uxxEGK/FHE9qtL0H/t2bwuevLOqGfsSihrCbLX2v/sw
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:01 2025 by rpki-client