Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/541034be-1844-4bf7-9c43-91bf5b83fa3d.roa
File:                     541034be-1844-4bf7-9c43-91bf5b83fa3d.roa (raw, json)
Hash identifier:          uGL7SiYjqpkL7YHdbGPJzm/M8K63+bsnJGTgjOlqqeI=
Subject key identifier:   9A:ED:94:C1:AD:5C:F4:5D:BD:BF:C2:EE:68:75:BA:F2:9C:D3:80:54
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       64C99448CA5EB230F6058043D441F1B680BA09A3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/541034be-1844-4bf7-9c43-91bf5b83fa3d.roa
Signing time:             Mon 13 Oct 2025 17:55:58 +0000
ROA not before:           Mon 13 Oct 2025 17:55:58 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d076:8000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:c9:94:48:ca:5e:b2:30:f6:05:80:43:d4:41:f1:b6:80:ba:09:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 17:55:58 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=f3981f68e84e3d20932d67c31cd7bbc7b746836840d2bcd01f1eacce8c2b04ed, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c6:ba:1f:08:5d:cc:39:ad:ba:26:63:82:19:
                    69:27:37:c1:42:b6:25:7d:1f:f6:0d:e7:aa:76:15:
                    f4:22:b4:a5:f7:9c:5c:6c:41:27:6b:3c:4c:86:a5:
                    e3:16:1d:65:0c:4c:69:03:e5:f0:68:ed:2d:6a:fd:
                    9a:d7:ba:91:ba:e8:a4:af:6f:c0:e6:44:15:00:79:
                    13:67:dc:e1:65:f3:3a:7d:66:18:ee:17:4b:7f:5b:
                    72:65:64:18:a5:20:d9:9e:e1:26:50:e6:71:66:8f:
                    b4:9d:5b:b7:07:89:8b:b5:fa:8e:a3:0f:4b:ff:24:
                    3e:e5:6e:da:36:b9:2b:f0:e2:3f:77:29:f8:10:4a:
                    b8:43:32:c0:b8:ad:34:63:2c:4d:05:89:e8:ec:6f:
                    8c:bb:ca:15:2e:39:93:17:bd:1e:2b:f1:22:d3:b3:
                    41:6d:05:29:f5:0f:0d:81:ef:25:52:3f:c2:1b:c3:
                    30:d3:85:a3:28:49:08:a1:2f:37:47:b4:7d:73:d1:
                    11:9d:1f:11:5b:aa:e8:24:7c:b7:00:87:77:90:53:
                    ef:d5:ab:2a:f9:b5:ef:28:9c:8c:cc:e6:d1:c9:e1:
                    b7:9f:3c:b4:a9:8c:d1:e1:3f:70:85:98:7c:97:72:
                    d6:b6:9b:13:1b:18:93:21:79:82:ab:f2:76:61:62:
                    98:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:ED:94:C1:AD:5C:F4:5D:BD:BF:C2:EE:68:75:BA:F2:9C:D3:80:54
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/541034be-1844-4bf7-9c43-91bf5b83fa3d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d076:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         2d:f5:24:6a:f1:29:34:0e:e4:22:7e:05:df:ab:a6:4b:09:51:
         a3:5d:be:91:41:b5:5a:b4:88:8e:ef:de:30:a7:51:d4:89:93:
         34:fa:2f:52:14:07:90:70:ef:e5:3f:f5:7b:bf:21:9f:7c:5c:
         56:88:a1:90:8d:49:4a:73:5b:82:8f:f1:06:0e:41:b8:28:77:
         f1:fd:19:7f:b8:cd:e6:5c:08:1b:e3:d0:7c:fa:34:44:ce:a6:
         18:de:1c:9a:5d:f4:a8:73:53:bc:85:90:4e:51:ad:07:50:1f:
         84:5e:0b:07:3c:a1:05:fd:1a:40:5f:eb:4d:e6:6f:3f:6b:86:
         fd:79:af:03:39:a4:f1:c0:da:c4:2e:66:be:0a:db:2a:00:92:
         7f:43:ba:68:12:7d:92:11:2b:48:f4:63:b9:50:2b:28:3c:f3:
         4c:50:f4:8b:43:f4:e2:92:ef:e7:0c:84:01:ef:9c:6c:5e:19:
         c7:16:56:43:cb:b6:52:d5:89:3d:7b:b9:a0:c2:4d:01:6f:c8:
         ea:91:70:6b:e6:a1:48:50:5e:9d:f1:e5:d9:03:dc:12:40:8c:
         35:65:2e:6a:35:de:a3:73:31:8f:f7:92:54:b4:e0:38:c8:c4:
         07:0e:90:82:20:2a:6c:55:6f:99:21:6c:90:59:be:3f:14:9c:
         9c:d9:27:99
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZMmUSMpesjD2BYBD1EHxtoC6CaMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxNzU1NThaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQGYzOTgxZjY4ZTg0ZTNkMjA5MzJkNjdjMzFjZDdiYmM3Yjc0NjgzNjg0MGQy
YmNkMDFmMWVhY2NlOGMyYjA0ZWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIrGuh8IXcw5rbomY4IZaSc3wUK2JX0f9g3nqnYV9CK0pfecXGxBJ2s8TIal
4xYdZQxMaQPl8GjtLWr9mte6kbropK9vwOZEFQB5E2fc4WXzOn1mGO4XS39bcmVk
GKUg2Z7hJlDmcWaPtJ1btweJi7X6jqMPS/8kPuVu2ja5K/DiP3cp+BBKuEMywLit
NGMsTQWJ6OxvjLvKFS45kxe9HivxItOzQW0FKfUPDYHvJVI/whvDMNOFoyhJCKEv
N0e0fXPREZ0fEVuq6CR8twCHd5BT79WrKvm17yicjMzm0cnht588tKmM0eE/cIWY
fJdy1rabExsYkyF5gqvydmFimJcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSa7ZTB
rVz0Xb2/wu5odbrynNOAVDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTQxMDM0YmUtMTg0NC00YmY3LTljNDMtOTFiZjViODNmYTNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HaA
MA0GCSqGSIb3DQEBCwUAA4IBAQAt9SRq8Sk0DuQifgXfq6ZLCVGjXb6RQbVatIiO
794wp1HUiZM0+i9SFAeQcO/lP/V7vyGffFxWiKGQjUlKc1uCj/EGDkG4KHfx/Rl/
uM3mXAgb49B8+jREzqYY3hyaXfSoc1O8hZBOUa0HUB+EXgsHPKEF/RpAX+tN5m8/
a4b9ea8DOaTxwNrELma+CtsqAJJ/Q7poEn2SEStI9GO5UCsoPPNMUPSLQ/Tiku/n
DIQB75xsXhnHFlZDy7ZS1Yk9e7mgwk0Bb8jqkXBr5qFIUF6d8eXZA9wSQIw1ZS5q
Nd6jczGP95JUtOA4yMQHDpCCICpsVW+ZIWyQWb4/FJyc2SeZ
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:54 2025 by rpki-client