Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5dca02e6-03a4-4251-b6d3-5c96d22af7cb.roa
File:                     5dca02e6-03a4-4251-b6d3-5c96d22af7cb.roa (raw, json)
Hash identifier:          /G3gfJJUzq5dvymf8kZkHdMYqfHXr7pTBo7hV7XRIBM=
Subject key identifier:   11:8D:6C:DC:0E:D8:FC:B1:09:A6:2A:6B:D9:3F:ED:5B:AB:00:AF:18
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       21F65975F448A366408118482D782A6579BB42A5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5dca02e6-03a4-4251-b6d3-5c96d22af7cb.roa
Signing time:             Fri 26 Sep 2025 20:10:23 +0000
ROA not before:           Fri 26 Sep 2025 20:10:23 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        79.125.24.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:f6:59:75:f4:48:a3:66:40:81:18:48:2d:78:2a:65:79:bb:42:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 20:10:23 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=031ded6d457591e9cfd306aae76fb9fdfd6b304504e015120e7ac489a9f83a36, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:67:c7:ae:c3:13:ad:50:b0:fb:d6:93:66:7e:
                    12:cd:66:d7:13:3e:94:c0:07:16:64:c1:35:b9:66:
                    e4:22:8e:39:8f:17:4b:4b:e3:5f:40:ce:fd:2e:5c:
                    be:6c:fb:9c:fd:25:29:22:0b:53:35:6e:f3:b8:6f:
                    53:2d:98:6c:7a:cc:ab:ac:46:7c:e4:86:59:47:60:
                    0c:9a:df:67:96:5a:ea:fa:7e:bf:d6:54:11:f3:5b:
                    00:c9:78:6a:5e:89:0a:f2:36:50:2a:63:67:e1:1b:
                    3b:8f:06:e8:e6:26:48:30:42:06:7c:61:e3:15:ab:
                    f5:29:8c:29:66:b9:d4:60:ee:27:65:e4:8c:ae:a0:
                    22:ef:52:a3:70:fc:94:3b:09:36:5b:14:3c:45:19:
                    82:70:90:59:69:6f:35:83:1b:f3:a7:46:60:e8:2c:
                    19:05:9b:bd:64:a8:2a:79:f1:56:31:6d:8f:71:ea:
                    2d:d9:e5:68:c0:3d:f0:e8:30:d9:df:20:06:14:5c:
                    24:e3:81:12:aa:de:d9:d2:b4:2e:c9:5e:13:aa:aa:
                    70:7e:d7:0a:c7:fe:23:f0:b0:1b:aa:ae:d1:9b:ec:
                    be:07:2e:0c:8f:10:9f:3c:84:ca:48:50:a1:96:d7:
                    d1:df:92:43:ec:a9:8d:e6:b6:5f:30:59:1b:5f:65:
                    af:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:8D:6C:DC:0E:D8:FC:B1:09:A6:2A:6B:D9:3F:ED:5B:AB:00:AF:18
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5dca02e6-03a4-4251-b6d3-5c96d22af7cb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.125.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:61:3c:a6:33:4b:30:4e:36:8b:9b:cf:72:a2:7b:82:9f:a0:
         23:0a:d6:5d:00:b7:29:83:ab:ce:50:5a:ab:92:68:21:4b:8d:
         8b:5d:1c:ae:2c:4e:e0:73:ea:7a:6a:d1:73:56:7d:85:46:d2:
         17:9b:f6:4d:38:2f:f9:42:b1:87:53:c0:dc:88:d6:93:74:8f:
         99:f5:df:3a:59:99:81:ef:4b:2b:74:28:cf:5b:b6:7d:d4:8a:
         c3:23:d0:a2:65:eb:c0:01:19:79:00:35:3a:6a:3a:7f:1f:5c:
         64:ea:c9:68:10:f5:1b:c9:f9:ed:50:58:7e:55:a7:b6:d5:62:
         6c:19:e3:14:95:90:50:af:49:78:ed:6f:71:3f:da:55:d5:cd:
         a9:f6:e5:9d:9d:3a:b0:03:8b:b2:bb:ea:1a:ac:10:73:46:3b:
         e3:1e:d1:83:1f:09:0d:26:2e:81:13:f7:f9:43:79:81:06:02:
         c1:14:a9:f6:a2:36:6a:4f:9d:86:33:37:79:ed:aa:8c:75:37:
         2d:75:d8:de:61:4b:b2:2a:8d:1c:11:3c:ff:9a:70:75:0c:44:
         f1:78:29:bd:19:3d:44:e1:86:d1:79:2b:db:60:c3:67:e9:82:
         11:35:f8:e5:91:a6:ca:01:09:d3:81:5d:96:13:66:a7:86:51:
         f0:c2:f1:18
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUIfZZdfRIo2ZAgRhILXgqZXm7QqUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDEwMjNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDAzMWRlZDZkNDU3NTkxZTljZmQzMDZhYWU3NmZiOWZkZmQ2YjMwNDUwNGUw
MTUxMjBlN2FjNDg5YTlmODNhMzYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK9nx67DE61QsPvWk2Z+Es1m1xM+lMAHFmTBNblm5CKOOY8XS0vjX0DO/S5c
vmz7nP0lKSILUzVu87hvUy2YbHrMq6xGfOSGWUdgDJrfZ5Za6vp+v9ZUEfNbAMl4
al6JCvI2UCpjZ+EbO48G6OYmSDBCBnxh4xWr9SmMKWa51GDuJ2XkjK6gIu9So3D8
lDsJNlsUPEUZgnCQWWlvNYMb86dGYOgsGQWbvWSoKnnxVjFtj3HqLdnlaMA98Ogw
2d8gBhRcJOOBEqre2dK0LsleE6qqcH7XCsf+I/CwG6qu0ZvsvgcuDI8QnzyEykhQ
oZbX0d+SQ+ypjea2XzBZG19lr3sCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQRjWzc
Dtj8sQmmKmvZP+1bqwCvGDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWRjYTAyZTYtMDNhNC00MjUxLWI2ZDMtNWM5NmQyMmFmN2NiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAk99GDAN
BgkqhkiG9w0BAQsFAAOCAQEAIGE8pjNLME42i5vPcqJ7gp+gIwrWXQC3KYOrzlBa
q5JoIUuNi10crixO4HPqemrRc1Z9hUbSF5v2TTgv+UKxh1PA3IjWk3SPmfXfOlmZ
ge9LK3Qoz1u2fdSKwyPQomXrwAEZeQA1Omo6fx9cZOrJaBD1G8n57VBYflWnttVi
bBnjFJWQUK9JeO1vcT/aVdXNqfblnZ06sAOLsrvqGqwQc0Y74x7Rgx8JDSYugRP3
+UN5gQYCwRSp9qI2ak+dhjM3ee2qjHU3LXXY3mFLsiqNHBE8/5pwdQxE8XgpvRk9
ROGG0Xkr22DDZ+mCETX45ZGmygEJ04FdlhNmp4ZR8MLxGA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:28 2025 by rpki-client