Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5c8be1b1-5cc9-40dc-a0c1-98920cc293bd.roa
File:                     5c8be1b1-5cc9-40dc-a0c1-98920cc293bd.roa (raw, json)
Hash identifier:          s2MMveTZOI7RQ1l/ZK+GO40tmHfRyQSQllHXifjQe/c=
Subject key identifier:   A0:97:46:A8:21:E1:82:AC:77:34:F5:E9:43:A3:26:E8:39:2E:5A:1B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       219924363B3196396357F2E9A8609DEA608301FD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5c8be1b1-5cc9-40dc-a0c1-98920cc293bd.roa
Signing time:             Sun 19 Oct 2025 23:50:10 +0000
ROA not before:           Sun 19 Oct 2025 23:50:10 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:880::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:99:24:36:3b:31:96:39:63:57:f2:e9:a8:60:9d:ea:60:83:01:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 19 23:50:10 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=393544c71ab5db9f064a87c0280300babe16a112f7e72aa2e515a566e64594f9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:94:b4:2b:80:42:37:40:07:f7:c1:07:a2:bf:
                    2d:3d:7a:4f:5e:31:ba:5e:fe:35:34:5d:43:cc:e6:
                    65:d7:b8:9f:2b:71:3a:dd:f4:cd:90:d9:32:50:e7:
                    7f:16:96:dc:6e:31:3a:b5:14:f0:fc:31:2c:dd:34:
                    7e:7a:31:71:fb:59:e6:e6:54:3c:e9:e8:47:59:4a:
                    58:dc:02:ae:a6:4c:f7:e0:e6:c6:34:45:26:f8:7d:
                    a5:93:59:f7:a3:1e:ea:34:2d:53:52:06:07:71:cc:
                    b7:34:e0:21:75:d3:ab:e9:a1:be:83:11:b4:44:d7:
                    b1:28:61:d3:2b:06:49:f9:e1:47:84:f7:62:ac:b6:
                    49:6e:d4:c4:e8:1e:a2:f3:51:4a:0a:85:f9:01:a8:
                    ab:65:33:bd:a7:27:8a:a7:9b:41:79:90:47:a9:6c:
                    18:51:aa:f5:22:18:46:42:53:c0:e1:56:2f:62:11:
                    43:98:04:63:3b:e9:9b:29:e6:e8:51:3b:a0:d3:f8:
                    70:16:b7:cb:61:5a:98:ca:d0:30:e2:a6:02:ae:93:
                    91:9c:3a:32:73:a8:54:61:fe:8e:3c:6b:2e:3c:81:
                    9b:28:db:51:73:2f:01:79:d4:6c:7a:ba:a8:e1:7d:
                    87:f8:54:20:ae:3d:a9:2c:b0:8a:90:bd:a8:76:1c:
                    99:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:97:46:A8:21:E1:82:AC:77:34:F5:E9:43:A3:26:E8:39:2E:5A:1B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5c8be1b1-5cc9-40dc-a0c1-98920cc293bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:880::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:58:f6:da:31:95:e0:79:c1:4f:3c:f8:a4:13:1c:56:cb:8e:
         5d:57:37:3e:36:a9:4f:ed:bc:ed:25:06:f7:d1:80:3c:9a:6f:
         6c:91:b5:ad:41:9a:52:f8:0a:c7:8c:6f:b1:27:30:ea:09:9a:
         a7:3e:79:02:ec:b6:91:2c:78:ee:64:04:7b:b6:75:99:c5:67:
         ae:2c:e9:b1:78:24:f0:23:7f:a3:97:17:e8:35:cc:8c:1e:6a:
         ac:f4:4b:45:1c:f4:10:9f:10:44:e7:04:f9:01:58:c3:34:0a:
         53:f6:02:b1:21:6f:d1:9e:6a:6c:86:11:99:63:ec:31:25:ff:
         fc:f0:b0:73:8c:0a:73:df:37:e2:2b:86:f9:2e:90:33:17:3d:
         7f:d2:04:40:47:d3:6b:57:46:d2:11:2e:13:49:b8:21:fc:fe:
         b3:61:9e:54:e2:2a:84:4f:67:58:f3:60:f9:8a:8c:a7:e9:59:
         16:c7:b7:66:20:a0:dd:96:66:84:7c:d6:22:55:00:df:f5:98:
         74:09:fc:eb:c5:8c:27:c6:4f:0a:dd:35:cd:bc:0f:a5:72:5b:
         8c:c6:a2:00:d2:98:69:8c:c6:38:1b:2e:c6:9c:b1:42:5a:7e:
         42:1a:3b:d4:bd:4c:12:39:df:63:9c:e2:24:56:c9:2c:0e:72:
         33:14:b5:9b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUIZkkNjsxljljV/LpqGCd6mCDAf0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTkyMzUwMTBaFw0yNTExMjMyMzU5NTlaMHoxSTBHBgNV
BAUTQDM5MzU0NGM3MWFiNWRiOWYwNjRhODdjMDI4MDMwMGJhYmUxNmExMTJmN2U3
MmFhMmU1MTVhNTY2ZTY0NTk0ZjkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMWUtCuAQjdAB/fBB6K/LT16T14xul7+NTRdQ8zmZde4nytxOt30zZDZMlDn
fxaW3G4xOrUU8PwxLN00fnoxcftZ5uZUPOnoR1lKWNwCrqZM9+DmxjRFJvh9pZNZ
96Me6jQtU1IGB3HMtzTgIXXTq+mhvoMRtETXsShh0ysGSfnhR4T3Yqy2SW7UxOge
ovNRSgqF+QGoq2UzvacniqebQXmQR6lsGFGq9SIYRkJTwOFWL2IRQ5gEYzvpmynm
6FE7oNP4cBa3y2FamMrQMOKmAq6TkZw6MnOoVGH+jjxrLjyBmyjbUXMvAXnUbHq6
qOF9h/hUIK49qSywipC9qHYcmbsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSgl0ao
IeGCrHc09elDoyboOS5aGzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWM4YmUxYjEtNWNjOS00MGRjLWEwYzEtOTg5MjBjYzI5M2JkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HII
gDANBgkqhkiG9w0BAQsFAAOCAQEAjVj22jGV4HnBTzz4pBMcVsuOXVc3PjapT+28
7SUG99GAPJpvbJG1rUGaUvgKx4xvsScw6gmapz55Auy2kSx47mQEe7Z1mcVnrizp
sXgk8CN/o5cX6DXMjB5qrPRLRRz0EJ8QROcE+QFYwzQKU/YCsSFv0Z5qbIYRmWPs
MSX//PCwc4wKc9834iuG+S6QMxc9f9IEQEfTa1dG0hEuE0m4Ifz+s2GeVOIqhE9n
WPNg+YqMp+lZFse3ZiCg3ZZmhHzWIlUA3/WYdAn868WMJ8ZPCt01zbwPpXJbjMai
ANKYaYzGOBsuxpyxQlp+Qho71L1MEjnfY5ziJFbJLA5yMxS1mw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:31 2025 by rpki-client