Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68ece0e7-075e-4bcd-873e-0c74882a8546.roa
File:                     68ece0e7-075e-4bcd-873e-0c74882a8546.roa (raw, json)
Hash identifier:          x+ZvN7+tgQxCZlNi5s3ne+WPuYWJAjCZ/CRfRy8+6So=
Subject key identifier:   8B:48:3F:74:F9:BF:94:45:6D:56:0D:61:D3:72:90:2E:A5:07:BA:98
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4678A7AD46905D4BD213A62C5240EFD464DFC668
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68ece0e7-075e-4bcd-873e-0c74882a8546.roa
Signing time:             Fri 26 Sep 2025 19:00:12 +0000
ROA not before:           Fri 26 Sep 2025 19:00:12 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:8080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:78:a7:ad:46:90:5d:4b:d2:13:a6:2c:52:40:ef:d4:64:df:c6:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:00:12 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=ab72f7f4d90b40b9f42f53afea8a838a4ec50895b5ca3fb57e81998f55e1b629, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f5:88:77:12:1b:6e:38:68:35:40:71:87:58:
                    47:90:ec:03:b7:c4:c2:29:c1:d0:ea:d3:35:bf:96:
                    4b:ff:7e:1b:c6:06:c2:3f:99:30:51:4d:bf:a1:92:
                    64:ea:3c:f2:a0:0a:b1:29:61:75:ce:fa:6c:12:0e:
                    70:24:de:bd:36:7e:30:b2:23:42:cf:3b:c0:f5:af:
                    3e:7b:c7:53:87:be:8b:9e:23:4e:29:b9:89:7d:57:
                    bf:43:0b:dd:61:89:6b:62:a5:96:7e:ca:e3:f8:59:
                    14:12:45:92:e0:30:12:3d:66:d8:bc:33:ce:63:da:
                    92:a1:b7:88:f7:34:22:e1:fc:17:30:82:ad:a9:3b:
                    b5:2e:f7:f6:bb:79:d6:e8:ab:d7:b3:a0:d2:dc:ae:
                    15:2d:ac:3d:9f:77:2c:43:66:2b:df:0c:d2:00:13:
                    f9:52:ed:77:74:cf:87:85:10:69:a4:1d:6c:1b:4d:
                    73:e2:10:8a:24:7e:28:22:5b:b9:d9:de:cd:39:cd:
                    ac:79:36:45:78:8d:f0:d1:47:ce:1a:5f:82:7b:87:
                    40:1e:fa:29:44:f5:14:39:e6:05:50:e6:26:8b:f7:
                    fc:86:4f:5b:19:be:b6:6c:a0:27:78:55:2f:85:c5:
                    54:bc:5a:93:14:aa:1d:0e:94:ab:87:78:92:84:30:
                    6d:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:48:3F:74:F9:BF:94:45:6D:56:0D:61:D3:72:90:2E:A5:07:BA:98
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68ece0e7-075e-4bcd-873e-0c74882a8546.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:8080::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:fc:48:8a:9a:7d:8a:f1:e7:82:3b:40:91:61:bf:cb:a4:5f:
         e4:62:41:6e:de:57:eb:73:5c:4b:a7:c3:33:cb:65:49:2c:a7:
         99:da:50:b0:5e:9f:27:fb:b6:7c:57:0d:7d:1d:92:4c:fb:5b:
         88:24:05:8c:77:5e:21:85:87:8a:0c:db:0b:70:f1:1f:45:c0:
         30:bc:4a:97:57:43:77:b7:01:98:47:39:19:0a:db:78:92:57:
         a2:f0:d0:c0:f9:93:f5:44:9d:b1:e8:69:c8:29:37:be:46:d1:
         36:8e:4e:ca:f2:4b:58:27:6e:13:a5:cf:19:f2:ad:a8:70:dc:
         47:e3:7d:65:9b:a0:24:8f:4d:94:de:6c:f6:4f:03:ef:a9:00:
         ec:4a:66:66:9a:bf:ce:dd:2c:5a:2f:6d:16:3a:75:a6:7d:c0:
         5f:e4:f6:3e:a0:9c:4a:3f:c1:48:84:a4:25:bd:e7:eb:03:17:
         76:70:31:fc:5a:38:fb:46:1e:d2:2f:d1:b2:b0:bd:51:df:44:
         d1:6e:94:c8:ea:a6:2a:a3:9e:e8:ae:8e:80:28:29:1d:c4:72:
         1a:f0:8a:01:bc:df:92:d6:73:bb:19:9b:d1:b3:df:61:f7:9b:
         a7:4c:83:fe:8d:76:f0:4a:ad:f7:e2:8e:ee:21:aa:02:fd:4b:
         38:83:c6:e4
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIURninrUaQXUvSE6YsUkDv1GTfxmgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTAwMTJaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGFiNzJmN2Y0ZDkwYjQwYjlmNDJmNTNhZmVhOGE4MzhhNGVjNTA4OTViNWNh
M2ZiNTdlODE5OThmNTVlMWI2MjkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALr1iHcSG244aDVAcYdYR5DsA7fEwinB0OrTNb+WS/9+G8YGwj+ZMFFNv6GS
ZOo88qAKsSlhdc76bBIOcCTevTZ+MLIjQs87wPWvPnvHU4e+i54jTim5iX1Xv0ML
3WGJa2Klln7K4/hZFBJFkuAwEj1m2LwzzmPakqG3iPc0IuH8FzCCrak7tS739rt5
1uir17Og0tyuFS2sPZ93LENmK98M0gAT+VLtd3TPh4UQaaQdbBtNc+IQiiR+KCJb
udnezTnNrHk2RXiN8NFHzhpfgnuHQB76KUT1FDnmBVDmJov3/IZPWxm+tmygJ3hV
L4XFVLxakxSqHQ6Uq4d4koQwbaECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSLSD90
+b+URW1WDWHTcpAupQe6mDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhlY2UwZTctMDc1ZS00YmNkLTg3M2UtMGM3NDg4MmE4NTQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
gDANBgkqhkiG9w0BAQsFAAOCAQEAjPxIipp9ivHngjtAkWG/y6Rf5GJBbt5X63Nc
S6fDM8tlSSynmdpQsF6fJ/u2fFcNfR2STPtbiCQFjHdeIYWHigzbC3DxH0XAMLxK
l1dDd7cBmEc5GQrbeJJXovDQwPmT9USdsehpyCk3vkbRNo5OyvJLWCduE6XPGfKt
qHDcR+N9ZZugJI9NlN5s9k8D76kA7EpmZpq/zt0sWi9tFjp1pn3AX+T2PqCcSj/B
SISkJb3n6wMXdnAx/Fo4+0Ye0i/RsrC9Ud9E0W6UyOqmKqOe6K6OgCgpHcRyGvCK
AbzfktZzuxmb0bPfYfebp0yD/o128Eqt9+KO7iGqAv1LOIPG5A==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:11 2025 by rpki-client