Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/57c971db-5779-4af6-9c2f-2c7cd904e742.roa
File:                     57c971db-5779-4af6-9c2f-2c7cd904e742.roa (raw, json)
Hash identifier:          gCbEmt5pnD4/P7bXUDAsVTELZ8LhLKaHlf6RIzqIVbM=
Subject key identifier:   CA:07:23:FB:78:06:20:FD:14:7D:D4:CA:BF:84:21:0A:63:6F:C0:CE
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       16EFD9BF1D5F6047F8FEE6C134BB29BE764E48F7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/57c971db-5779-4af6-9c2f-2c7cd904e742.roa
Signing time:             Fri 26 Sep 2025 18:51:03 +0000
ROA not before:           Fri 26 Sep 2025 18:51:03 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d076:c000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:ef:d9:bf:1d:5f:60:47:f8:fe:e6:c1:34:bb:29:be:76:4e:48:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:51:03 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=7bc28b2fa7bf3bd87f0afa92e39f4aa6392635a927a9619b24c2c30e7595de29, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:2f:d1:6d:07:81:59:4b:86:18:57:ac:15:66:
                    ca:8f:14:73:fa:f0:87:4c:a3:6e:1b:30:16:b3:27:
                    13:d3:33:0a:64:87:b6:43:0d:ec:1b:a1:4a:70:4f:
                    4c:71:b9:94:ab:1a:fd:cc:60:3c:66:b4:84:d9:05:
                    d4:18:9f:e8:2d:1b:d1:2a:50:9a:71:55:a5:a0:84:
                    3a:b7:c0:f3:9a:c0:8c:39:29:75:da:a0:e6:4c:78:
                    3b:b2:27:6c:e0:b9:e6:3c:37:29:8e:a7:9f:37:72:
                    10:9d:5d:c0:13:7d:88:ca:bb:83:bb:06:c2:17:6d:
                    14:37:5a:6a:a1:14:59:2f:78:db:c6:d5:ae:7c:0f:
                    0b:da:8a:21:0c:6b:16:0c:4d:0c:b9:15:f2:c6:82:
                    b8:12:69:b0:61:d3:10:d0:b6:7f:c5:e9:8c:92:f9:
                    8c:3d:c4:a3:35:8c:e2:4c:02:ae:58:c4:a0:bd:d3:
                    8c:db:6e:aa:78:41:57:0c:35:62:ab:6a:b8:8a:92:
                    07:7b:26:64:09:9c:2d:de:86:f9:ad:59:72:7a:d8:
                    d8:ee:9b:c8:2d:6e:81:2b:47:46:df:7c:2d:0b:df:
                    0e:0e:c6:15:5b:0c:5a:f0:d3:f3:bf:ae:86:1e:01:
                    29:60:72:2c:76:ef:07:23:be:48:b6:79:a3:9d:8b:
                    7f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:07:23:FB:78:06:20:FD:14:7D:D4:CA:BF:84:21:0A:63:6F:C0:CE
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/57c971db-5779-4af6-9c2f-2c7cd904e742.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d076:c000::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:7a:2b:5d:59:b8:87:6b:72:86:e7:6a:ef:d0:56:5f:33:5b:
         25:1a:fe:3a:24:21:c7:53:a3:c8:fa:27:f0:13:1b:5d:dc:eb:
         69:da:72:bb:72:11:7e:5e:dd:38:8d:c7:72:89:70:2c:d8:79:
         aa:e3:e9:86:a6:52:5d:9b:70:c4:dd:1f:08:08:a8:05:9a:83:
         a8:c7:ad:cb:57:ba:37:ae:bc:6c:45:9d:15:67:1b:74:ae:69:
         be:53:9c:7e:70:c6:b6:4b:16:6a:e7:a7:43:b1:f1:62:f8:ad:
         c7:ed:00:8a:ca:9a:56:e6:28:3e:cf:1d:8a:b5:22:f6:f3:71:
         d2:56:3f:33:ce:df:cd:d0:6c:ac:4e:eb:2b:fa:a1:a7:60:38:
         5f:60:e9:42:85:9b:49:16:55:6e:54:8d:67:ac:33:6b:f5:54:
         6b:c1:db:09:33:6a:5a:68:8b:9b:48:6b:d9:43:73:91:17:b7:
         55:b4:c7:25:e8:0a:a3:0e:f8:9b:36:49:51:60:34:57:51:7b:
         e4:04:95:04:89:e4:6c:63:8a:d5:10:67:c9:8b:2a:a6:3a:85:
         a3:23:d8:5f:f1:ca:ef:be:1c:65:2f:da:3b:51:3d:78:65:4a:
         d5:03:79:e0:f7:4f:5e:0e:27:b1:99:0b:ab:20:47:fb:1b:0a:
         9d:9c:ef:3b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUFu/Zvx1fYEf4/ubBNLspvnZOSPcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODUxMDNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDdiYzI4YjJmYTdiZjNiZDg3ZjBhZmE5MmUzOWY0YWE2MzkyNjM1YTkyN2E5
NjE5YjI0YzJjMzBlNzU5NWRlMjkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN8v0W0HgVlLhhhXrBVmyo8Uc/rwh0yjbhswFrMnE9MzCmSHtkMN7BuhSnBP
THG5lKsa/cxgPGa0hNkF1Bif6C0b0SpQmnFVpaCEOrfA85rAjDkpddqg5kx4O7In
bOC55jw3KY6nnzdyEJ1dwBN9iMq7g7sGwhdtFDdaaqEUWS9428bVrnwPC9qKIQxr
FgxNDLkV8saCuBJpsGHTENC2f8XpjJL5jD3EozWM4kwCrljEoL3TjNtuqnhBVww1
YqtquIqSB3smZAmcLd6G+a1ZcnrY2O6byC1ugStHRt98LQvfDg7GFVsMWvDT87+u
hh4BKWByLHbvByO+SLZ5o52LfyMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTKByP7
eAYg/RR91Mq/hCEKY2/AzjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTdjOTcxZGItNTc3OS00YWY2LTljMmYtMmM3Y2Q5MDRlNzQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HbA
ADANBgkqhkiG9w0BAQsFAAOCAQEAPnorXVm4h2tyhudq79BWXzNbJRr+OiQhx1Oj
yPon8BMbXdzradpyu3IRfl7dOI3HcolwLNh5quPphqZSXZtwxN0fCAioBZqDqMet
y1e6N668bEWdFWcbdK5pvlOcfnDGtksWauenQ7HxYvitx+0AisqaVuYoPs8dirUi
9vNx0lY/M87fzdBsrE7rK/qhp2A4X2DpQoWbSRZVblSNZ6wza/VUa8HbCTNqWmiL
m0hr2UNzkRe3VbTHJegKow74mzZJUWA0V1F75ASVBInkbGOK1RBnyYsqpjqFoyPY
X/HK774cZS/aO1E9eGVK1QN54PdPXg4nsZkLqyBH+xsKnZzvOw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:21 2025 by rpki-client