Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5c57a644-0d1c-4126-9684-e345f93c1560.roa
File:                     5c57a644-0d1c-4126-9684-e345f93c1560.roa (raw, json)
Hash identifier:          5fDsu5o5aFwf5gcLiGUS+CokYHRmHE3kgbOyNnAw9As=
Subject key identifier:   E8:E9:ED:EB:FB:BF:F9:60:A4:EC:02:C7:8D:6E:04:16:D5:C6:1D:DA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       553ED15DF80237AE412EA85B8F96D9BB2DB61725
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5c57a644-0d1c-4126-9684-e345f93c1560.roa
Signing time:             Fri 26 Sep 2025 19:01:39 +0000
ROA not before:           Fri 26 Sep 2025 19:01:39 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:9040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:3e:d1:5d:f8:02:37:ae:41:2e:a8:5b:8f:96:d9:bb:2d:b6:17:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:01:39 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=cf8817bb8efb7e01956ac2baf9980b77bad3ecd6bcba64bdbcacc126cd2cafa7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:86:c1:db:e0:c1:f2:25:a7:8e:be:7e:5b:01:
                    59:df:df:e6:23:c0:9f:57:3e:95:c4:61:b3:31:07:
                    05:07:2d:80:e8:33:22:a5:e6:cd:90:59:77:55:2b:
                    99:19:db:37:0e:9a:0c:b7:aa:3d:ce:45:6e:53:13:
                    4d:81:7b:06:8c:02:f9:bc:f0:5b:ad:5e:85:1b:95:
                    23:1d:8f:b2:4c:5c:c7:09:ee:0d:ba:2e:1b:18:86:
                    64:3e:85:68:c4:55:4e:94:65:74:2c:cb:16:a1:e8:
                    15:7d:46:8b:ab:95:2e:ce:9c:d6:7c:2b:0b:c1:f9:
                    7b:f4:02:20:05:83:ab:c4:b5:b8:8f:26:41:fe:ab:
                    e0:a2:ed:7e:e4:62:77:de:f8:10:38:38:7f:66:6e:
                    82:30:ea:97:f1:81:c5:c4:18:34:10:06:52:cb:f3:
                    81:c4:33:11:52:62:b5:c2:5a:ca:c4:7e:da:ef:cc:
                    f0:87:20:6d:2e:70:f2:ed:14:d4:fe:53:b6:28:4f:
                    e0:fa:37:7c:b2:85:b2:ff:18:aa:6f:cf:8a:5c:4d:
                    6e:11:ec:4f:85:f4:f2:72:42:82:4f:03:7f:d4:a4:
                    af:9f:83:e9:80:0a:c2:95:13:b7:df:67:53:0a:2c:
                    ed:1e:ac:81:5f:0e:0f:2f:45:56:c4:44:d2:3f:97:
                    2b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:E9:ED:EB:FB:BF:F9:60:A4:EC:02:C7:8D:6E:04:16:D5:C6:1D:DA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5c57a644-0d1c-4126-9684-e345f93c1560.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:9040::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:af:dd:2b:a3:8d:a8:f6:98:22:22:76:5e:a1:3a:07:e8:59:
         c8:9e:0a:44:41:aa:4d:e1:21:ed:ed:8f:69:03:c2:31:f9:2b:
         bd:11:21:6e:3c:31:16:89:fe:df:9c:c8:0e:bc:0b:1c:c9:9c:
         4f:79:ea:1d:9c:74:58:d9:a8:57:be:7b:40:b2:e3:d1:fa:00:
         c5:c3:3d:a8:41:04:a3:ce:3a:09:e0:36:ee:cc:26:2b:49:6e:
         09:1a:a3:ec:10:e4:4e:75:55:52:93:82:17:8c:7c:dd:3c:28:
         00:42:9c:67:49:68:ea:ab:1d:63:84:d0:77:2c:87:30:a7:8e:
         76:d6:96:20:20:76:dd:73:be:23:91:da:33:15:58:ba:8a:91:
         8a:9a:94:0d:eb:a6:ba:e5:a1:23:0d:96:a9:ab:cf:5b:ca:66:
         7c:eb:bc:7b:93:48:46:25:37:1d:15:6b:79:ea:50:70:b6:b5:
         d1:b6:c0:56:fe:13:59:35:42:6b:37:05:be:6e:f0:46:31:4f:
         ac:25:2c:cc:fa:ed:ff:76:bb:29:6c:99:2b:ff:69:21:a5:79:
         be:b7:49:40:f0:0b:17:a8:72:ab:13:ad:48:2f:21:42:ab:48:
         d7:ba:22:e1:09:f6:b5:9d:51:83:d3:da:11:35:1a:95:cb:77:
         c6:33:f9:af
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUVT7RXfgCN65BLqhbj5bZuy22FyUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTAxMzlaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGNmODgxN2JiOGVmYjdlMDE5NTZhYzJiYWY5OTgwYjc3YmFkM2VjZDZiY2Jh
NjRiZGJjYWNjMTI2Y2QyY2FmYTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMuGwdvgwfIlp46+flsBWd/f5iPAn1c+lcRhszEHBQctgOgzIqXmzZBZd1Ur
mRnbNw6aDLeqPc5FblMTTYF7BowC+bzwW61ehRuVIx2PskxcxwnuDbouGxiGZD6F
aMRVTpRldCzLFqHoFX1Gi6uVLs6c1nwrC8H5e/QCIAWDq8S1uI8mQf6r4KLtfuRi
d974EDg4f2ZugjDql/GBxcQYNBAGUsvzgcQzEVJitcJaysR+2u/M8IcgbS5w8u0U
1P5TtihP4Po3fLKFsv8Yqm/PilxNbhHsT4X08nJCgk8Df9Skr5+D6YAKwpUTt99n
Uwos7R6sgV8ODy9FVsRE0j+XK/8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTo6e3r
+7/5YKTsAseNbgQW1cYd2jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWM1N2E2NDQtMGQxYy00MTI2LTk2ODQtZTM0NWY5M2MxNTYwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HKQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAPK/dK6ONqPaYIiJ2XqE6B+hZyJ4KREGqTeEh
7e2PaQPCMfkrvREhbjwxFon+35zIDrwLHMmcT3nqHZx0WNmoV757QLLj0foAxcM9
qEEEo846CeA27swmK0luCRqj7BDkTnVVUpOCF4x83TwoAEKcZ0lo6qsdY4TQdyyH
MKeOdtaWICB23XO+I5HaMxVYuoqRipqUDeumuuWhIw2WqavPW8pmfOu8e5NIRiU3
HRVreepQcLa10bbAVv4TWTVCazcFvm7wRjFPrCUszPrt/3a7KWyZK/9pIaV5vrdJ
QPALF6hyqxOtSC8hQqtI17oi4Qn2tZ1Rg9PaETUalct3xjP5rw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:28 2025 by rpki-client