Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5b8f9832-df9b-4fc8-94da-5e883e0d6e47.roa
File:                     5b8f9832-df9b-4fc8-94da-5e883e0d6e47.roa (raw, json)
Hash identifier:          HEO/EtUbePmzR1/cWKeD/pBBME3VZ4XeXDtRLzZp8dA=
Subject key identifier:   55:B6:A7:13:4A:07:EF:DD:97:68:98:1D:1C:77:6D:87:C1:02:A8:20
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4F13096FC242D18F7878B4BF02CD608252C5D056
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5b8f9832-df9b-4fc8-94da-5e883e0d6e47.roa
Signing time:             Mon 13 Oct 2025 18:00:04 +0000
ROA not before:           Mon 13 Oct 2025 18:00:04 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2a05:d030:8000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:13:09:6f:c2:42:d1:8f:78:78:b4:bf:02:cd:60:82:52:c5:d0:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 18:00:04 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=e03f099eb85e7c65a783c80a900894f1034ae1d1c28d5d0e2759c1fc3094a03f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ed:24:02:91:61:4d:07:b4:f3:0a:23:c5:f1:
                    62:5f:75:8e:73:d3:42:b3:ca:29:86:a8:37:11:69:
                    10:c3:a9:20:4d:bf:2e:95:90:5b:f0:08:96:48:c3:
                    13:d5:02:2f:78:a4:48:1d:97:7b:03:0f:aa:fe:15:
                    48:2a:be:fd:cb:9c:8c:ff:ff:27:fd:25:84:0a:1d:
                    e0:31:ab:46:1f:f5:93:90:d6:05:23:e4:a8:90:21:
                    c3:74:63:2e:6d:40:07:98:ef:32:19:17:ac:f3:5d:
                    12:09:94:a3:b6:57:97:ee:ef:b7:96:de:71:af:0c:
                    d1:44:7e:79:df:75:f4:03:e3:0f:17:9f:26:4b:65:
                    92:75:e3:9f:d0:d1:00:a0:28:18:15:76:12:40:bd:
                    76:a2:44:e8:32:e3:b3:48:fe:2c:da:ef:01:1d:3e:
                    fb:46:7d:42:cc:b2:5e:df:52:f3:cf:e2:1b:b2:06:
                    52:42:d7:0b:0b:b0:75:42:28:a3:35:2a:6d:24:fd:
                    48:15:9f:80:ca:fd:de:81:2b:5f:13:1d:7d:45:45:
                    75:95:be:3b:4b:5b:54:a6:de:21:3d:25:51:2b:e4:
                    d0:c9:0d:17:3b:5b:12:fc:93:f0:94:93:b3:e4:80:
                    b0:af:19:46:78:5c:0a:ec:b3:ae:04:19:00:91:92:
                    86:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:B6:A7:13:4A:07:EF:DD:97:68:98:1D:1C:77:6D:87:C1:02:A8:20
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5b8f9832-df9b-4fc8-94da-5e883e0d6e47.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d030:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         23:e9:41:cf:bb:a3:f9:66:4d:25:09:b3:73:f7:7b:5f:b6:c5:
         90:94:04:a2:96:9c:1c:72:28:ac:95:4c:c4:ff:0b:26:64:19:
         30:f7:a9:39:61:45:50:7e:d8:85:a9:6f:2a:5f:b6:d4:6b:e8:
         f9:58:c8:a7:cf:db:c9:ee:69:12:0c:2d:a8:16:be:87:c6:ae:
         8f:6e:91:19:0e:fe:4c:54:0d:81:6d:e7:7b:b2:f1:47:0f:72:
         4c:e4:b0:4e:29:fa:ad:ee:75:54:d4:83:32:39:f4:08:32:43:
         eb:60:12:10:c6:b8:1b:6b:6d:a4:c6:e0:08:ad:e7:17:fa:cd:
         47:14:b5:94:0a:51:64:b9:b1:69:9f:dc:4d:b5:85:74:93:4c:
         d9:0b:cf:82:18:2d:6b:0d:21:5f:45:5f:43:67:4f:15:05:4a:
         f1:f6:b5:6a:73:7c:8f:0c:e7:e8:2b:4a:91:2f:72:32:de:c1:
         03:30:52:a8:f4:0b:fd:e9:e0:58:e3:2b:54:5c:be:da:0d:3c:
         bc:d4:6d:54:18:59:5b:39:7c:1a:08:83:92:09:41:f4:05:b0:
         6c:4a:86:0a:02:84:7b:a6:e1:f9:ab:cd:eb:b0:79:4f:ea:85:
         56:d0:86:ca:b4:44:30:dd:55:d1:24:6f:c0:15:0d:0a:db:70:
         10:2b:1e:f9
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTxMJb8JC0Y94eLS/As1gglLF0FYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxODAwMDRaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQGUwM2YwOTllYjg1ZTdjNjVhNzgzYzgwYTkwMDg5NGYxMDM0YWUxZDFjMjhk
NWQwZTI3NTljMWZjMzA5NGEwM2YxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJztJAKRYU0HtPMKI8XxYl91jnPTQrPKKYaoNxFpEMOpIE2/LpWQW/AIlkjD
E9UCL3ikSB2XewMPqv4VSCq+/cucjP//J/0lhAod4DGrRh/1k5DWBSPkqJAhw3Rj
Lm1AB5jvMhkXrPNdEgmUo7ZXl+7vt5beca8M0UR+ed919APjDxefJktlknXjn9DR
AKAoGBV2EkC9dqJE6DLjs0j+LNrvAR0++0Z9QsyyXt9S88/iG7IGUkLXCwuwdUIo
ozUqbST9SBWfgMr93oErXxMdfUVFdZW+O0tbVKbeIT0lUSvk0MkNFztbEvyT8JST
s+SAsK8ZRnhcCuyzrgQZAJGShjMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRVtqcT
Sgfv3ZdomB0cd22HwQKoIDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWI4Zjk4MzItZGY5Yi00ZmM4LTk0ZGEtNWU4ODNlMGQ2ZTQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DCA
MA0GCSqGSIb3DQEBCwUAA4IBAQAj6UHPu6P5Zk0lCbNz93tftsWQlASilpwcciis
lUzE/wsmZBkw96k5YUVQftiFqW8qX7bUa+j5WMinz9vJ7mkSDC2oFr6Hxq6PbpEZ
Dv5MVA2Bbed7svFHD3JM5LBOKfqt7nVU1IMyOfQIMkPrYBIQxrgba22kxuAIrecX
+s1HFLWUClFkubFpn9xNtYV0k0zZC8+CGC1rDSFfRV9DZ08VBUrx9rVqc3yPDOfo
K0qRL3Iy3sEDMFKo9Av96eBY4ytUXL7aDTy81G1UGFlbOXwaCIOSCUH0BbBsSoYK
AoR7puH5q83rsHlP6oVW0IbKtEQw3VXRJG/AFQ0K23AQKx75
-----END CERTIFICATE-----
Generated at Mon Oct 20 06:42:44 2025 by rpki-client