Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/543bc67d-08f9-4a99-bf5e-68100e034395.roa
File:                     543bc67d-08f9-4a99-bf5e-68100e034395.roa (raw, json)
Hash identifier:          demzPQM9SM2BfPbL4MBmbsDAALyWWsnRvWdRIVIwOjQ=
Subject key identifier:   FC:D5:72:6A:BE:1E:82:18:AC:DC:09:B4:65:CB:64:D7:6B:04:65:33
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5E4BBE371B0363E9111C200C6FED4D84C062B3BD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/543bc67d-08f9-4a99-bf5e-68100e034395.roa
Signing time:             Fri 26 Sep 2025 18:51:29 +0000
ROA not before:           Fri 26 Sep 2025 18:51:29 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:4080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:4b:be:37:1b:03:63:e9:11:1c:20:0c:6f:ed:4d:84:c0:62:b3:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:51:29 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=26724981316d5763a7e37e2a4fbd352d8bf4295bd6a46201185d261d878ef6bd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:0c:de:29:38:4b:28:91:f9:4e:f0:94:8c:47:
                    2a:6e:4b:53:a7:34:87:2a:ae:77:8e:dd:8e:37:9e:
                    07:39:94:de:8f:e7:b1:34:8c:00:f4:31:bd:15:87:
                    79:c3:ef:8f:a0:23:16:02:e4:08:8d:48:9c:85:83:
                    e9:b4:5c:f8:75:ac:8d:a2:4e:5e:f0:b8:d0:4a:52:
                    50:20:0a:c9:66:be:09:99:85:88:43:a7:59:be:fd:
                    98:6e:03:e4:32:59:76:e0:8f:47:11:8a:a0:ab:ba:
                    a7:2a:41:73:b7:0d:c0:97:29:0c:71:ac:44:02:9e:
                    35:e5:a2:fc:15:91:8e:c7:81:5a:22:d3:bc:e9:66:
                    cb:29:75:bd:52:83:56:7b:78:e1:a3:c7:ea:b9:d5:
                    6a:74:a3:87:e9:52:9d:a6:2e:66:12:5e:c3:2a:ee:
                    a1:35:d4:15:81:c2:9a:62:71:67:20:30:02:fd:76:
                    30:6f:6c:c1:80:c0:ea:c6:b3:28:7f:7d:01:1d:50:
                    34:5c:d0:b7:a6:dc:0c:d5:2d:bf:3a:6c:05:57:cc:
                    68:86:9a:45:14:e5:9c:26:51:2a:30:56:cb:39:49:
                    6a:eb:4d:09:e1:38:ac:e9:f7:67:d5:03:63:e1:af:
                    3c:bc:8b:80:0e:99:51:94:c7:69:d7:4c:ab:c6:5a:
                    ed:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:D5:72:6A:BE:1E:82:18:AC:DC:09:B4:65:CB:64:D7:6B:04:65:33
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/543bc67d-08f9-4a99-bf5e-68100e034395.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:4080::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:46:0f:ad:d9:db:66:4f:c6:6d:1a:f6:bd:17:da:81:c3:c2:
         a2:26:38:de:10:76:51:16:06:c7:3d:44:60:15:51:c6:56:76:
         ae:e1:0e:38:10:28:88:2d:e1:86:5d:55:76:dd:38:2f:88:6e:
         bf:c0:62:f9:7e:84:1b:4c:a4:a0:88:1a:1f:55:59:8e:95:22:
         ec:9a:a5:0f:12:df:d2:24:86:8a:0a:ff:b2:b6:c6:14:c9:43:
         88:00:ea:7b:d3:78:ef:c0:5e:0f:0c:0f:cc:15:ff:57:9e:2a:
         8f:66:47:2c:47:33:c4:55:bb:17:95:e5:0c:7d:3b:00:ad:b5:
         11:e8:b2:be:e5:59:05:0d:02:3a:e8:d8:a0:f2:6d:e2:aa:c8:
         81:69:98:7b:ff:fb:fc:17:19:02:cd:89:80:f5:40:ce:f7:48:
         7b:ea:3b:d4:03:43:94:3a:8c:68:be:38:82:07:52:62:ff:1f:
         13:fa:a3:ee:54:f4:f2:b9:50:cb:92:fb:b7:8b:64:3e:95:45:
         df:f8:54:df:c6:8d:02:1b:0a:b7:ab:b4:3d:9b:28:d1:d4:eb:
         70:fd:5c:6d:9a:b1:58:5e:00:99:d2:dc:0d:25:80:0b:00:80:
         c6:58:7a:12:fd:6f:1b:44:b3:f6:7f:e0:d4:f2:55:a8:dd:a9:
         39:85:f6:8d
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUXku+NxsDY+kRHCAMb+1NhMBis70wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODUxMjlaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDI2NzI0OTgxMzE2ZDU3NjNhN2UzN2UyYTRmYmQzNTJkOGJmNDI5NWJkNmE0
NjIwMTE4NWQyNjFkODc4ZWY2YmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOsM3ik4SyiR+U7wlIxHKm5LU6c0hyqud47djjeeBzmU3o/nsTSMAPQxvRWH
ecPvj6AjFgLkCI1InIWD6bRc+HWsjaJOXvC40EpSUCAKyWa+CZmFiEOnWb79mG4D
5DJZduCPRxGKoKu6pypBc7cNwJcpDHGsRAKeNeWi/BWRjseBWiLTvOlmyyl1vVKD
Vnt44aPH6rnVanSjh+lSnaYuZhJewyruoTXUFYHCmmJxZyAwAv12MG9swYDA6saz
KH99AR1QNFzQt6bcDNUtvzpsBVfMaIaaRRTlnCZRKjBWyzlJautNCeE4rOn3Z9UD
Y+GvPLyLgA6ZUZTHaddMq8Za7VsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT81XJq
vh6CGKzcCbRly2TXawRlMzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTQzYmM2N2QtMDhmOS00YTk5LWJmNWUtNjgxMDBlMDM0Mzk1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HJA
gDANBgkqhkiG9w0BAQsFAAOCAQEAr0YPrdnbZk/GbRr2vRfagcPCoiY43hB2URYG
xz1EYBVRxlZ2ruEOOBAoiC3hhl1Vdt04L4huv8Bi+X6EG0ykoIgaH1VZjpUi7Jql
DxLf0iSGigr/srbGFMlDiADqe9N478BeDwwPzBX/V54qj2ZHLEczxFW7F5XlDH07
AK21EeiyvuVZBQ0COujYoPJt4qrIgWmYe//7/BcZAs2JgPVAzvdIe+o71ANDlDqM
aL44ggdSYv8fE/qj7lT08rlQy5L7t4tkPpVF3/hU38aNAhsKt6u0PZso0dTrcP1c
bZqxWF4AmdLcDSWACwCAxlh6Ev1vG0Sz9n/g1PJVqN2pOYX2jQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:58 2025 by rpki-client