Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
File:                     68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa (raw, json)
Hash identifier:          h8QS9njwq/dFePKEzGL0u1rnoV5i1nqkiaLtN1qWxdQ=
Subject key identifier:   59:A4:3A:84:44:83:82:BF:3E:82:6F:E3:F2:25:3E:35:DC:CA:C2:87
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       57098EB66DE2777A9687F89FDD0F4ADD5D6A4D41
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
Signing time:             Fri 26 Sep 2025 19:39:43 +0000
ROA not before:           Fri 26 Sep 2025 19:39:43 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d058:a000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:09:8e:b6:6d:e2:77:7a:96:87:f8:9f:dd:0f:4a:dd:5d:6a:4d:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:39:43 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=4d38bfe29d2c5651600949521e144425e610e6b6d288b9960720b7140b97cdc7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:34:29:c7:71:c6:a9:fb:12:7c:f3:05:0e:47:
                    59:71:c9:19:60:d3:8e:30:7c:3a:27:b6:9d:91:c8:
                    ad:e7:36:30:d2:c4:1c:c3:c8:86:be:e0:70:e4:e1:
                    ca:f6:9e:2b:df:68:3e:3e:bc:2d:3c:db:54:c6:93:
                    59:ca:65:f8:a9:2b:dc:ad:e3:8f:2c:8b:e5:3b:15:
                    63:f5:98:39:a6:f1:e6:90:59:1c:2b:63:aa:5b:81:
                    90:17:d7:f2:8c:1c:59:25:7a:55:f4:16:46:eb:bd:
                    83:10:10:e9:ba:ea:80:1d:10:0a:da:83:13:ba:be:
                    e2:34:d8:0d:22:a4:41:17:4f:02:1a:5f:c9:61:45:
                    5b:0f:72:7b:35:96:49:95:75:03:2b:74:a8:a8:88:
                    14:0b:f6:7f:95:03:d3:0d:20:85:4f:cc:9b:54:e2:
                    50:b1:bf:87:18:9b:61:d4:c5:d7:25:eb:46:fe:ed:
                    2a:13:9f:e6:cb:b3:34:ea:e6:9e:62:db:0d:fd:b7:
                    b2:14:3f:0e:90:d1:97:ca:55:23:ec:6e:af:72:7f:
                    c2:15:58:b6:59:19:b8:a1:95:12:c7:82:6a:09:36:
                    4c:cf:50:c4:ec:fe:b6:ac:87:98:7c:d5:e9:c3:c2:
                    18:13:19:00:f2:ab:0f:f3:08:49:48:55:8b:1b:72:
                    97:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:A4:3A:84:44:83:82:BF:3E:82:6F:E3:F2:25:3E:35:DC:CA:C2:87
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d058:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:2d:8f:b9:0a:f9:7b:b5:7b:c6:ce:ca:31:a2:46:1b:10:39:
         9c:da:a9:78:82:51:ab:6c:c2:49:ff:16:eb:ad:c0:27:db:84:
         d9:91:5e:95:36:52:24:00:d3:99:b7:e8:2c:ee:57:b7:4e:d6:
         47:a7:55:2e:e9:ad:b4:91:8e:e5:c8:53:5f:a1:a5:3f:26:8f:
         44:2c:28:ce:40:81:d1:67:27:1e:e3:a7:0e:4a:e1:27:b0:db:
         b7:da:c9:38:1c:7c:3b:1e:16:c9:b3:68:97:97:cc:de:93:72:
         6e:7f:ce:76:b6:fb:22:67:3b:a5:de:31:a4:db:07:c4:6e:a9:
         87:5e:a2:17:d6:8b:42:4f:62:96:43:5b:10:41:10:04:8c:bc:
         e7:44:11:e1:43:a8:d0:92:3e:8c:7e:f8:05:54:20:e3:84:c9:
         2d:27:59:97:1f:ca:3d:ff:40:b1:fb:b7:09:02:83:ef:d4:12:
         3c:29:ff:86:57:83:8e:3a:8c:98:89:28:a8:05:49:9f:1a:b3:
         00:c8:e7:c0:d3:b1:2f:60:bd:67:a1:9e:6b:cc:65:a1:69:10:
         8a:9e:c2:5f:20:76:61:3e:0e:30:ea:34:c7:b8:63:36:2f:7b:
         e9:7a:9a:fe:f4:33:69:33:83:2f:7f:14:59:8c:64:44:50:8f:
         3d:ec:79:cf
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVwmOtm3id3qWh/if3Q9K3V1qTUEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTM5NDNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDRkMzhiZmUyOWQyYzU2NTE2MDA5NDk1MjFlMTQ0NDI1ZTYxMGU2YjZkMjg4
Yjk5NjA3MjBiNzE0MGI5N2NkYzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMA0Kcdxxqn7EnzzBQ5HWXHJGWDTjjB8Oie2nZHIrec2MNLEHMPIhr7gcOTh
yvaeK99oPj68LTzbVMaTWcpl+Kkr3K3jjyyL5TsVY/WYOabx5pBZHCtjqluBkBfX
8owcWSV6VfQWRuu9gxAQ6brqgB0QCtqDE7q+4jTYDSKkQRdPAhpfyWFFWw9yezWW
SZV1Ayt0qKiIFAv2f5UD0w0ghU/Mm1TiULG/hxibYdTF1yXrRv7tKhOf5suzNOrm
nmLbDf23shQ/DpDRl8pVI+xur3J/whVYtlkZuKGVEseCagk2TM9QxOz+tqyHmHzV
6cPCGBMZAPKrD/MISUhVixtyl5sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRZpDqE
RIOCvz6Cb+PyJT413MrChzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhkNWQ5MzQtZmVkNi00OWE1LWFlMDMtYTI4YTU4NmU5YzJlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fig
MA0GCSqGSIb3DQEBCwUAA4IBAQAkLY+5Cvl7tXvGzsoxokYbEDmc2ql4glGrbMJJ
/xbrrcAn24TZkV6VNlIkANOZt+gs7le3TtZHp1Uu6a20kY7lyFNfoaU/Jo9ELCjO
QIHRZyce46cOSuEnsNu32sk4HHw7HhbJs2iXl8zek3Juf852tvsiZzul3jGk2wfE
bqmHXqIX1otCT2KWQ1sQQRAEjLznRBHhQ6jQkj6MfvgFVCDjhMktJ1mXH8o9/0Cx
+7cJAoPv1BI8Kf+GV4OOOoyYiSioBUmfGrMAyOfA07EvYL1noZ5rzGWhaRCKnsJf
IHZhPg4w6jTHuGM2L3vpepr+9DNpM4MvfxRZjGREUI897HnP
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:56 2025 by rpki-client