Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5b65b415-a397-41d3-99dc-207c8689d0ee.roa
File:                     5b65b415-a397-41d3-99dc-207c8689d0ee.roa (raw, json)
Hash identifier:          Zbj/Pkr9aawbdNwW3OQi8lwioUXfAXzr+g+9cNY1SNo=
Subject key identifier:   A6:F3:64:10:8C:9E:56:A3:42:B9:8F:ED:01:FB:80:0B:F9:4F:75:68
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       33314325495AC26854A8659E47A54B64B5D6C7BC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5b65b415-a397-41d3-99dc-207c8689d0ee.roa
Signing time:             Mon 13 Oct 2025 17:55:53 +0000
ROA not before:           Mon 13 Oct 2025 17:55:53 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d076:6000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:31:43:25:49:5a:c2:68:54:a8:65:9e:47:a5:4b:64:b5:d6:c7:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 17:55:53 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=1fd9f72a7e9e55965565baeb11a23faf20517ca548181e1231961932a328316c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e9:17:36:70:98:b7:8f:cf:b5:45:bd:ea:e5:
                    8a:fd:b8:16:f7:41:a0:4d:16:3e:71:f9:ae:71:27:
                    f0:86:f2:54:f9:f5:74:50:26:5d:bb:db:35:23:60:
                    56:82:b5:f0:e4:aa:a0:41:d6:55:c6:ab:1d:9d:bf:
                    72:63:a9:c5:c0:b1:84:95:9e:48:f6:98:94:9a:f8:
                    da:98:f4:f8:e5:dc:e9:c2:79:3d:f6:e7:e1:86:5c:
                    49:b4:08:7a:5a:7e:6a:a5:f2:88:01:ef:4a:a1:7f:
                    46:2f:9e:c3:0f:d5:90:9b:12:7d:5c:50:cc:af:94:
                    28:96:2a:3a:60:3b:b6:59:6b:55:2b:29:ce:41:9a:
                    62:ab:73:3d:95:c5:2d:07:fa:95:9c:de:1a:13:7a:
                    91:89:0d:46:6f:bc:4f:ed:92:4b:78:89:9c:8e:49:
                    a7:9d:1b:60:1c:24:9c:25:37:82:e1:2b:02:37:c2:
                    5e:30:e0:bf:cf:c8:10:b2:c4:0d:ac:08:43:6d:f1:
                    15:9c:4b:61:25:c7:57:69:72:ae:ab:77:81:5f:c3:
                    f4:c1:44:1e:ea:16:37:dc:7a:47:11:09:95:75:47:
                    5c:5f:65:4f:59:5d:21:e3:bc:c4:0f:1b:66:4d:bb:
                    48:58:e4:13:6c:05:7f:d7:ae:f6:8d:75:d1:74:26:
                    bb:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:F3:64:10:8C:9E:56:A3:42:B9:8F:ED:01:FB:80:0B:F9:4F:75:68
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5b65b415-a397-41d3-99dc-207c8689d0ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d076:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c3:7d:f0:ec:79:41:d0:53:e8:c4:ae:e2:49:eb:3d:17:57:b7:
         82:c5:b5:43:55:5c:7c:62:86:e4:8b:e2:ad:7e:b6:3e:ca:60:
         ff:89:f5:b6:2f:97:b0:2d:df:d0:99:82:68:d6:a4:e7:bf:94:
         bf:1b:c3:da:c9:c6:5e:bc:9b:ed:ea:3a:60:3a:60:22:e1:1b:
         57:d0:41:a7:00:bd:ea:7d:69:e1:d7:fb:97:f1:6d:29:d3:70:
         b8:62:e4:b7:42:73:91:49:82:67:63:0e:ab:76:90:dc:b6:7a:
         6a:c1:35:f8:aa:fa:3c:00:c6:9f:93:2a:11:d2:96:f6:c6:c0:
         48:e0:6e:34:16:a9:a7:83:09:e5:8c:15:11:f3:c1:11:06:61:
         9a:9a:96:f7:18:cf:32:a6:a6:9f:54:42:e4:f4:9f:4e:d3:45:
         4b:38:f6:22:52:a6:9c:b2:67:fd:bb:9f:15:b7:7e:d9:2a:39:
         ab:9a:33:89:68:de:a2:64:96:63:83:78:ef:16:a2:aa:63:fb:
         d8:83:e0:22:e4:09:35:84:70:d0:27:d4:6c:e8:03:6d:32:87:
         4e:fd:57:46:d0:85:41:0a:80:9b:e0:d6:78:8b:ad:23:5f:ab:
         a2:0b:0e:5b:09:ba:6d:ff:27:f7:f2:39:04:4a:53:ab:48:b3:
         70:c3:16:58
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMzFDJUlawmhUqGWeR6VLZLXWx7wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxNzU1NTNaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDFmZDlmNzJhN2U5ZTU1OTY1NTY1YmFlYjExYTIzZmFmMjA1MTdjYTU0ODE4
MWUxMjMxOTYxOTMyYTMyODMxNmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALPpFzZwmLePz7VFverliv24FvdBoE0WPnH5rnEn8IbyVPn1dFAmXbvbNSNg
VoK18OSqoEHWVcarHZ2/cmOpxcCxhJWeSPaYlJr42pj0+OXc6cJ5Pfbn4YZcSbQI
elp+aqXyiAHvSqF/Ri+eww/VkJsSfVxQzK+UKJYqOmA7tllrVSspzkGaYqtzPZXF
LQf6lZzeGhN6kYkNRm+8T+2SS3iJnI5Jp50bYBwknCU3guErAjfCXjDgv8/IELLE
DawIQ23xFZxLYSXHV2lyrqt3gV/D9MFEHuoWN9x6RxEJlXVHXF9lT1ldIeO8xA8b
Zk27SFjkE2wFf9eu9o110XQmu2cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSm82QQ
jJ5Wo0K5j+0B+4AL+U91aDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWI2NWI0MTUtYTM5Ny00MWQzLTk5ZGMtMjA3Yzg2ODlkMGVlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HZg
MA0GCSqGSIb3DQEBCwUAA4IBAQDDffDseUHQU+jEruJJ6z0XV7eCxbVDVVx8Yobk
i+KtfrY+ymD/ifW2L5ewLd/QmYJo1qTnv5S/G8PaycZevJvt6jpgOmAi4RtX0EGn
AL3qfWnh1/uX8W0p03C4YuS3QnORSYJnYw6rdpDctnpqwTX4qvo8AMafkyoR0pb2
xsBI4G40FqmngwnljBUR88ERBmGampb3GM8ypqafVELk9J9O00VLOPYiUqacsmf9
u58Vt37ZKjmrmjOJaN6iZJZjg3jvFqKqY/vYg+Ai5Ak1hHDQJ9Rs6ANtModO/VdG
0IVBCoCb4NZ4i60jX6uiCw5bCbpt/yf38jkESlOrSLNwwxZY
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:03 2025 by rpki-client