Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/546828d4-9f43-44c2-bff8-aafeddca4e25.roa
File:                     546828d4-9f43-44c2-bff8-aafeddca4e25.roa (raw, json)
Hash identifier:          DD4Xutlmeh9VWYCiR3cWGBgN+2K4j5s+fn2hL8Gi/Yw=
Subject key identifier:   75:4B:D4:0E:08:79:4B:1D:E6:9B:60:39:B5:55:01:7E:9C:00:95:12
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0532B17CFBE1E397D2F16EF524894ECE99C0D84E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/546828d4-9f43-44c2-bff8-aafeddca4e25.roa
Signing time:             Fri 26 Sep 2025 19:11:40 +0000
ROA not before:           Fri 26 Sep 2025 19:11:40 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:e040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:32:b1:7c:fb:e1:e3:97:d2:f1:6e:f5:24:89:4e:ce:99:c0:d8:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:11:40 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=ed625b8593f2ede9b46019de5a3df4d6602dc5a1073683d999a8d7e82b6b45c0, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:7f:f3:a3:e6:af:5c:27:83:c7:68:2b:10:f8:
                    5c:61:92:50:01:0d:7a:d9:93:20:39:71:37:94:ae:
                    9f:42:8e:23:55:d1:63:c4:cf:46:e5:c9:ad:ed:29:
                    33:b9:53:65:8f:87:5b:b5:b7:e7:ba:08:b2:af:55:
                    90:a9:75:e8:22:cc:14:5d:09:53:ef:63:22:4a:09:
                    ee:39:22:85:68:d3:26:dc:bd:99:3d:53:54:de:f3:
                    77:df:29:18:03:97:9c:e0:91:1d:bf:f9:79:c6:d2:
                    56:4b:cf:75:58:e7:a9:47:77:90:ff:f4:01:7e:d4:
                    3d:0d:ad:6b:ea:1d:fe:c0:1a:c6:ab:9e:3b:ed:ab:
                    01:6d:65:d2:b6:16:90:e6:5d:61:7e:a7:6c:4b:0f:
                    1b:a1:0e:c1:08:06:9e:17:28:4c:00:36:df:f9:1b:
                    a2:80:3b:24:52:60:a6:ea:a5:c1:c2:0b:54:20:88:
                    41:1c:4b:79:85:10:b0:7d:47:f4:ed:f4:fe:be:fa:
                    da:a9:16:3c:3c:82:ae:df:46:b7:bc:b0:bb:80:a4:
                    9c:11:d8:14:f6:2b:88:16:e1:60:1e:a5:e6:bd:a3:
                    74:81:46:72:aa:3e:b4:67:e1:34:60:50:67:db:92:
                    f3:23:7c:7c:c1:9d:22:bb:a5:bc:d8:05:dc:4d:29:
                    4f:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:4B:D4:0E:08:79:4B:1D:E6:9B:60:39:B5:55:01:7E:9C:00:95:12
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/546828d4-9f43-44c2-bff8-aafeddca4e25.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:e040::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:50:fb:ed:8c:a3:c8:72:18:2c:98:bc:d7:1f:0c:48:6c:d3:
         90:73:16:00:5d:7d:fc:d4:5e:4e:65:fd:3a:49:c0:36:1d:fa:
         37:7a:18:06:37:1a:9f:e0:2a:d8:8a:e2:47:e8:24:10:07:06:
         a6:ed:5d:f0:a4:5f:29:ea:b1:7a:75:4a:20:87:94:2f:60:c1:
         20:35:9d:eb:b7:5f:6a:4b:05:33:a2:17:99:be:aa:a4:54:04:
         17:a5:8d:d5:be:75:e3:27:8e:32:98:10:85:bf:de:81:3a:67:
         e3:73:15:53:3e:0c:7c:4d:81:c4:b7:24:50:39:57:58:c1:a4:
         80:95:5a:89:68:f9:a7:44:d9:c3:b7:50:78:82:72:08:b3:a0:
         e1:f2:27:9b:f9:22:f8:62:de:ea:bd:e5:7b:9e:0d:f4:e3:71:
         89:bd:94:b1:f3:73:60:b1:81:d8:cb:09:c4:db:1e:90:69:3d:
         92:b5:cd:be:a6:b4:16:09:2c:86:76:43:c4:c9:d5:ea:ff:57:
         61:7f:86:ff:6e:33:d3:c1:a4:f3:f2:11:40:0b:7f:09:cf:0f:
         1c:6d:42:7b:8b:aa:d6:8e:e8:3c:75:96:69:e3:cb:3a:f8:5a:
         1b:6c:7e:88:f7:c6:dd:46:ff:7c:59:c4:81:a3:78:44:6d:24:
         a3:86:d2:97
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUBTKxfPvh45fS8W71JIlOzpnA2E4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTExNDBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGVkNjI1Yjg1OTNmMmVkZTliNDYwMTlkZTVhM2RmNGQ2NjAyZGM1YTEwNzM2
ODNkOTk5YThkN2U4MmI2YjQ1YzAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKF/86Pmr1wng8doKxD4XGGSUAENetmTIDlxN5Sun0KOI1XRY8TPRuXJre0p
M7lTZY+HW7W357oIsq9VkKl16CLMFF0JU+9jIkoJ7jkihWjTJty9mT1TVN7zd98p
GAOXnOCRHb/5ecbSVkvPdVjnqUd3kP/0AX7UPQ2ta+od/sAaxqueO+2rAW1l0rYW
kOZdYX6nbEsPG6EOwQgGnhcoTAA23/kbooA7JFJgpuqlwcILVCCIQRxLeYUQsH1H
9O30/r762qkWPDyCrt9Gt7ywu4CknBHYFPYriBbhYB6l5r2jdIFGcqo+tGfhNGBQ
Z9uS8yN8fMGdIrulvNgF3E0pTy8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBR1S9QO
CHlLHeabYDm1VQF+nACVEjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTQ2ODI4ZDQtOWY0My00NGMyLWJmZjgtYWFmZWRkY2E0ZTI1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ADg
QDANBgkqhkiG9w0BAQsFAAOCAQEAplD77YyjyHIYLJi81x8MSGzTkHMWAF19/NRe
TmX9OknANh36N3oYBjcan+Aq2IriR+gkEAcGpu1d8KRfKeqxenVKIIeUL2DBIDWd
67dfaksFM6IXmb6qpFQEF6WN1b514yeOMpgQhb/egTpn43MVUz4MfE2BxLckUDlX
WMGkgJVaiWj5p0TZw7dQeIJyCLOg4fInm/ki+GLe6r3le54N9ONxib2UsfNzYLGB
2MsJxNsekGk9krXNvqa0FgkshnZDxMnV6v9XYX+G/24z08Gk8/IRQAt/Cc8PHG1C
e4uq1o7oPHWWaePLOvhaG2x+iPfG3Ub/fFnEgaN4RG0ko4bSlw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:32 2025 by rpki-client