Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5836d090-8999-43ab-a38c-f63a0e829c0b.roa
File:                     5836d090-8999-43ab-a38c-f63a0e829c0b.roa (raw, json)
Hash identifier:          bWAN8k8Hxvx96Py2ibmpnr16Sn7iuFLCCDM7VyfFnCk=
Subject key identifier:   32:40:BF:92:06:DF:34:D6:6E:4E:A5:71:8C:F4:60:88:65:49:95:9F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       188D3D8B89A9E66966ED4E28992E0DC303E8188D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5836d090-8999-43ab-a38c-f63a0e829c0b.roa
Signing time:             Fri 26 Sep 2025 18:41:22 +0000
ROA not before:           Fri 26 Sep 2025 18:41:22 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:5000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:8d:3d:8b:89:a9:e6:69:66:ed:4e:28:99:2e:0d:c3:03:e8:18:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:41:22 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=a1017376680e5409a6733e6b4097305529217162ff78628970daf358d02fc313, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:ec:62:79:7d:3d:db:09:7c:8b:6b:37:a8:f8:
                    4a:72:62:04:5c:da:ab:44:fc:49:ac:9b:b9:ec:6e:
                    3e:27:dc:2d:71:95:46:49:fe:b8:7e:f5:5b:10:6e:
                    8d:b2:20:24:57:85:0c:30:26:0f:e5:78:77:99:5e:
                    3f:77:c8:e9:7a:8e:25:bc:f6:98:50:27:b0:c7:5e:
                    0a:9e:ab:2d:ef:77:1b:b3:c1:28:86:58:ef:1e:b4:
                    f6:51:6b:e0:03:10:51:a7:fa:37:4a:c9:2a:78:ab:
                    e1:73:5b:e0:9b:5f:a0:68:9d:a2:9c:b9:99:5b:b4:
                    16:59:25:f1:40:05:2f:76:30:40:79:61:9e:7d:2c:
                    17:77:2a:31:e9:f4:2b:cc:5b:c3:99:3d:7f:df:c8:
                    08:17:36:d6:f8:f8:cd:05:5c:76:65:81:88:30:e5:
                    5c:fe:bc:9c:45:8c:88:95:68:92:cb:21:98:e3:93:
                    b8:7e:c7:79:f8:65:a6:11:1f:9f:1f:71:2e:19:6b:
                    37:53:25:1b:65:0c:d0:d1:b1:1b:6e:c9:0d:09:0a:
                    fb:f7:dc:6f:c9:a7:ce:2c:71:88:ba:85:67:f8:84:
                    9b:9c:04:a1:39:b4:d3:25:14:34:06:48:bd:5d:7d:
                    f5:ad:d6:38:20:2e:5f:65:02:5a:6b:e0:7b:d5:1e:
                    71:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:40:BF:92:06:DF:34:D6:6E:4E:A5:71:8C:F4:60:88:65:49:95:9F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5836d090-8999-43ab-a38c-f63a0e829c0b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7b:45:9f:c2:53:44:82:31:4a:11:c1:44:3f:0d:36:df:cf:a3:
         0e:7a:0d:81:df:d5:d3:72:8e:43:e1:db:ce:51:f0:aa:30:4c:
         8e:d3:ee:64:c1:45:fe:9e:cc:34:3e:5f:e4:26:d0:fd:96:f1:
         76:59:e5:1e:a1:3b:20:b9:04:7e:3d:df:25:e7:9e:53:5e:81:
         ee:13:8b:12:04:9d:32:db:90:aa:1f:78:d1:ee:18:10:8b:59:
         e3:50:4a:9d:ef:15:b4:5e:e4:65:38:a2:5d:1e:79:76:9a:3e:
         01:a2:65:e1:1a:65:a1:47:48:99:9c:b2:c4:54:f1:21:d5:9b:
         7e:db:0f:51:3d:ba:fe:7e:d5:5f:44:b6:c8:cd:ba:5b:85:9c:
         ee:ba:30:f2:5a:51:3b:0a:30:5d:87:ba:da:4e:e1:5f:fd:57:
         9c:ef:22:b7:be:a4:f0:41:cf:05:fd:88:de:39:4d:f9:ab:00:
         34:fc:24:b0:86:0d:aa:fc:4b:0e:2f:e6:dc:a7:4b:1d:82:04:
         25:64:0c:61:4c:3e:39:d3:af:02:3c:52:92:9d:84:02:c8:60:
         9c:44:24:b2:f6:02:45:49:35:60:53:ba:08:f2:20:94:45:3c:
         78:c4:06:9e:a9:6e:74:e9:f3:4b:ee:a4:79:6f:56:f3:e4:a0:
         8d:2f:eb:82
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGI09i4mp5mlm7U4omS4NwwPoGI0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODQxMjJaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGExMDE3Mzc2NjgwZTU0MDlhNjczM2U2YjQwOTczMDU1MjkyMTcxNjJmZjc4
NjI4OTcwZGFmMzU4ZDAyZmMzMTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANPsYnl9PdsJfItrN6j4SnJiBFzaq0T8SaybuexuPifcLXGVRkn+uH71WxBu
jbIgJFeFDDAmD+V4d5leP3fI6XqOJbz2mFAnsMdeCp6rLe93G7PBKIZY7x609lFr
4AMQUaf6N0rJKnir4XNb4JtfoGidopy5mVu0Flkl8UAFL3YwQHlhnn0sF3cqMen0
K8xbw5k9f9/ICBc21vj4zQVcdmWBiDDlXP68nEWMiJVoksshmOOTuH7HefhlphEf
nx9xLhlrN1MlG2UM0NGxG27JDQkK+/fcb8mnzixxiLqFZ/iEm5wEoTm00yUUNAZI
vV199a3WOCAuX2UCWmvge9UecacCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQyQL+S
Bt801m5OpXGM9GCIZUmVnzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTgzNmQwOTAtODk5OS00M2FiLWEzOGMtZjYzYTBlODI5YzBiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H9Q
MA0GCSqGSIb3DQEBCwUAA4IBAQB7RZ/CU0SCMUoRwUQ/DTbfz6MOeg2B39XTco5D
4dvOUfCqMEyO0+5kwUX+nsw0Pl/kJtD9lvF2WeUeoTsguQR+Pd8l555TXoHuE4sS
BJ0y25CqH3jR7hgQi1njUEqd7xW0XuRlOKJdHnl2mj4BomXhGmWhR0iZnLLEVPEh
1Zt+2w9RPbr+ftVfRLbIzbpbhZzuujDyWlE7CjBdh7raTuFf/Vec7yK3vqTwQc8F
/YjeOU35qwA0/CSwhg2q/EsOL+bcp0sdggQlZAxhTD45068CPFKSnYQCyGCcRCSy
9gJFSTVgU7oI8iCURTx4xAaeqW506fNL7qR5b1bz5KCNL+uC
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:29 2025 by rpki-client