Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/62ff4e5e-9e65-44fc-af7f-4e44935ceb42.roa
File:                     62ff4e5e-9e65-44fc-af7f-4e44935ceb42.roa (raw, json)
Hash identifier:          spL5891MqZnUyBPoe/CI811u8uW8b1hf8/b9nqBwC4Q=
Subject key identifier:   92:F0:9F:FE:30:23:2B:AF:E3:A5:1C:09:D3:C1:81:EB:55:D0:12:2D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       565BBE525C6D7E491F1B3B7CC5444E83E27A2634
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/62ff4e5e-9e65-44fc-af7f-4e44935ceb42.roa
Signing time:             Fri 26 Sep 2025 18:50:13 +0000
ROA not before:           Fri 26 Sep 2025 18:50:13 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:1080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:5b:be:52:5c:6d:7e:49:1f:1b:3b:7c:c5:44:4e:83:e2:7a:26:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:50:13 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=d52e1706d4a0a19d1f8bea859d1832c114d34d4dec670e3f89ef35cc03d16a26, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b2:d4:fd:ab:49:17:0a:8e:b3:94:23:b3:eb:
                    25:b9:75:cc:a2:0f:6a:67:2c:0a:56:0b:b9:05:d1:
                    4f:cf:a9:78:ee:ee:27:b5:91:8c:c1:c2:fe:50:4e:
                    54:5c:0a:bd:f3:f9:5b:34:ed:99:6c:36:36:17:8e:
                    a5:f5:6a:ed:69:64:0c:17:8d:c5:eb:ad:1f:17:25:
                    fc:9b:96:4f:26:53:67:31:7b:89:99:97:56:86:63:
                    ad:06:a7:61:6c:fe:17:b4:be:0a:85:02:47:7f:3b:
                    30:ca:73:23:8a:68:2c:4a:37:cb:b6:cc:f9:77:78:
                    71:7a:42:07:1f:6d:ff:89:90:e2:72:e3:83:94:c0:
                    0e:9f:b8:25:34:db:f4:5f:e7:03:e1:95:b8:9e:3c:
                    11:10:8f:06:3f:f3:4c:36:5d:cd:26:f9:10:59:ac:
                    b1:6e:ac:ed:71:76:68:4b:0b:9d:4c:0d:81:53:47:
                    de:e7:14:b0:d9:24:f6:f5:05:72:d8:9f:e1:fd:a0:
                    df:c2:8d:31:47:6e:bd:78:19:82:ce:78:6c:76:32:
                    79:a4:cd:91:50:2c:27:9f:98:b6:22:9b:87:6d:3d:
                    e1:f1:fd:3f:6f:47:d6:3b:7e:81:30:27:81:88:be:
                    d8:49:4d:e3:38:b5:07:0b:83:a5:32:dd:97:d5:be:
                    d8:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:F0:9F:FE:30:23:2B:AF:E3:A5:1C:09:D3:C1:81:EB:55:D0:12:2D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/62ff4e5e-9e65-44fc-af7f-4e44935ceb42.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:1080::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:5c:5c:c2:c9:f6:b4:7e:a0:c0:0c:5d:53:e8:90:b9:38:b5:
         9e:e2:e9:dd:99:75:70:ad:19:fa:75:9b:d4:e2:ec:d1:ec:1c:
         59:52:60:c0:ef:73:5a:12:a6:87:3f:6e:08:9d:08:53:d4:9b:
         88:78:65:62:71:3b:d4:70:46:26:4d:97:42:8f:a5:59:c7:52:
         a6:57:ee:37:da:ac:d7:86:10:10:6b:23:ab:38:a1:df:51:22:
         f4:6c:bf:44:3a:21:a6:5d:73:0f:a0:d3:4f:00:44:e7:8f:f5:
         ad:3b:3d:35:0d:7c:fe:6e:8a:b6:34:16:bb:1d:5f:10:a0:21:
         22:8e:e1:71:b9:98:99:86:68:fe:11:5a:30:48:bc:20:8d:20:
         3c:4b:69:ff:31:77:27:2d:64:99:17:77:e2:f2:81:97:56:94:
         31:5e:fe:fc:1a:11:d4:55:11:b0:40:61:4f:c0:48:60:6e:ab:
         f5:37:9a:84:99:1c:8a:e4:af:0a:ce:e5:a1:3b:78:9f:ec:61:
         64:b7:fc:b4:1c:7c:63:5d:f6:71:e5:ae:d7:9f:ac:0d:9e:93:
         04:06:8e:65:8b:91:aa:2d:4a:3c:d5:9d:d4:9a:17:23:2a:0a:
         2b:2c:79:a8:ad:ab:a6:93:68:07:55:b4:22:e6:93:68:41:b0:
         fe:d8:df:0c
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUVlu+UlxtfkkfGzt8xUROg+J6JjQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODUwMTNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ1MmUxNzA2ZDRhMGExOWQxZjhiZWE4NTlkMTgzMmMxMTRkMzRkNGRlYzY3
MGUzZjg5ZWYzNWNjMDNkMTZhMjYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKyy1P2rSRcKjrOUI7PrJbl1zKIPamcsClYLuQXRT8+peO7uJ7WRjMHC/lBO
VFwKvfP5WzTtmWw2NheOpfVq7WlkDBeNxeutHxcl/JuWTyZTZzF7iZmXVoZjrQan
YWz+F7S+CoUCR387MMpzI4poLEo3y7bM+Xd4cXpCBx9t/4mQ4nLjg5TADp+4JTTb
9F/nA+GVuJ48ERCPBj/zTDZdzSb5EFmssW6s7XF2aEsLnUwNgVNH3ucUsNkk9vUF
ctif4f2g38KNMUduvXgZgs54bHYyeaTNkVAsJ5+YtiKbh2094fH9P29H1jt+gTAn
gYi+2ElN4zi1BwuDpTLdl9W+2CsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSS8J/+
MCMrr+OlHAnTwYHrVdASLTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjJmZjRlNWUtOWU2NS00NGZjLWFmN2YtNGU0NDkzNWNlYjQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HIQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAV1xcwsn2tH6gwAxdU+iQuTi1nuLp3Zl1cK0Z
+nWb1OLs0ewcWVJgwO9zWhKmhz9uCJ0IU9SbiHhlYnE71HBGJk2XQo+lWcdSplfu
N9qs14YQEGsjqzih31Ei9Gy/RDohpl1zD6DTTwBE54/1rTs9NQ18/m6KtjQWux1f
EKAhIo7hcbmYmYZo/hFaMEi8II0gPEtp/zF3Jy1kmRd34vKBl1aUMV7+/BoR1FUR
sEBhT8BIYG6r9TeahJkciuSvCs7loTt4n+xhZLf8tBx8Y132ceWu15+sDZ6TBAaO
ZYuRqi1KPNWd1JoXIyoKKyx5qK2rppNoB1W0IuaTaEGw/tjfDA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:06 2025 by rpki-client