Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
File:                     68f2af14-43e2-4447-a8a7-f8fe713e249e.roa (raw, json)
Hash identifier:          Pf9NvNJQef5/T7cNAoSDKxYejH/MsIjhwZK2xVPtjSQ=
Subject key identifier:   4B:86:0F:D5:44:35:56:73:8A:30:1E:E3:F8:70:0B:01:6B:CC:70:EA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6D0A746B854DB5DA248D05B4D690ECB82752473B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
Signing time:             Mon 29 Sep 2025 15:24:40 +0000
ROA not before:           Mon 29 Sep 2025 15:24:40 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d01f:800::/37 maxlen: 37
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:0a:74:6b:85:4d:b5:da:24:8d:05:b4:d6:90:ec:b8:27:52:47:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 29 15:24:40 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=61e454ce26a133ee8f8578e77b47fa343dcf3fb72f503b2cd1f2232ca64ed828, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:89:56:56:35:fe:ad:7f:1a:fd:62:72:45:ab:
                    6f:ff:e7:20:7d:67:71:e6:d6:a9:6d:66:7f:4f:5b:
                    82:2c:4e:e5:e0:ac:65:64:bc:db:23:f3:9b:8f:7d:
                    43:5c:2a:7c:10:59:ae:57:3c:40:2f:72:58:9b:6b:
                    0e:52:52:fd:63:b0:43:9d:dd:e3:f1:46:04:13:11:
                    7c:7c:93:f6:72:4b:92:ff:63:6d:34:fc:6c:96:f4:
                    cc:14:8c:e8:46:8e:6e:f1:82:8c:ad:d4:c6:15:7a:
                    3f:ed:25:ee:87:49:94:81:b6:52:9e:14:ea:5c:71:
                    39:12:4c:7e:60:07:fb:aa:5a:81:6b:22:bf:5b:c5:
                    73:f4:63:a8:3c:db:ab:db:56:ea:bf:53:f9:49:bb:
                    bc:19:99:43:85:f3:05:2c:03:bc:9b:a2:44:11:73:
                    0a:54:42:49:fc:4e:c5:43:2e:ab:2c:ba:41:b4:aa:
                    49:45:f6:a1:d2:de:a3:c0:8f:22:5e:9f:91:19:92:
                    d3:3d:2d:b4:11:03:d0:d9:29:67:99:1c:f1:eb:a7:
                    09:63:02:04:1a:73:c4:e5:97:27:bd:0b:be:b6:3e:
                    0c:11:85:73:19:ca:00:f9:27:2b:10:f5:78:1f:36:
                    f3:6f:d9:ae:56:67:c4:47:c9:67:0a:ef:76:6a:92:
                    31:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:86:0F:D5:44:35:56:73:8A:30:1E:E3:F8:70:0B:01:6B:CC:70:EA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d01f:800::/37

    Signature Algorithm: sha256WithRSAEncryption
         93:eb:d6:5f:19:25:e7:eb:ba:ac:0e:44:f7:e6:83:5f:38:82:
         fc:6b:d0:76:74:0f:a2:b7:65:20:c7:c8:7b:5f:4b:88:5f:ef:
         3c:16:17:e0:db:b2:a5:d8:c6:e9:27:97:19:f6:86:4f:04:e4:
         a6:65:cf:a4:51:05:2c:31:cd:e5:0a:91:42:2f:ad:1a:8f:7f:
         63:6b:99:7c:aa:6e:b9:19:54:22:4f:d8:ea:3d:79:78:61:1b:
         9d:70:e2:09:c4:2f:93:43:90:f6:fd:ba:d2:70:cd:bb:d8:12:
         0b:47:ca:3b:95:8d:4d:28:c9:39:d6:cd:f4:00:1a:bc:c1:82:
         8a:36:9a:6f:a6:8f:ad:97:a3:15:83:e1:97:6e:f7:dc:87:04:
         75:0f:2a:32:25:b4:47:85:bd:5f:62:b9:75:7c:f7:b8:5c:80:
         12:53:25:97:67:85:f0:56:ec:fc:0a:6a:28:b2:61:48:c1:1a:
         33:af:29:03:48:e3:d3:7a:dd:c6:df:e2:61:35:66:d4:c8:ec:
         83:82:20:d3:8f:b1:30:a3:14:09:f4:a0:3f:ca:96:b2:7e:24:
         42:30:be:16:57:90:83:7c:f3:74:db:bb:5a:01:29:8e:1d:09:
         5e:20:33:da:a3:15:a6:91:55:1c:0f:97:66:6a:7b:9e:ae:3c:
         89:a2:50:d2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbQp0a4VNtdokjQW01pDsuCdSRzswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjkxNTI0NDBaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDYxZTQ1NGNlMjZhMTMzZWU4Zjg1NzhlNzdiNDdmYTM0M2RjZjNmYjcyZjUw
M2IyY2QxZjIyMzJjYTY0ZWQ4MjgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANSJVlY1/q1/Gv1ickWrb//nIH1ncebWqW1mf09bgixO5eCsZWS82yPzm499
Q1wqfBBZrlc8QC9yWJtrDlJS/WOwQ53d4/FGBBMRfHyT9nJLkv9jbTT8bJb0zBSM
6EaObvGCjK3UxhV6P+0l7odJlIG2Up4U6lxxORJMfmAH+6pagWsiv1vFc/RjqDzb
q9tW6r9T+Um7vBmZQ4XzBSwDvJuiRBFzClRCSfxOxUMuqyy6QbSqSUX2odLeo8CP
Il6fkRmS0z0ttBED0NkpZ5kc8eunCWMCBBpzxOWXJ70LvrY+DBGFcxnKAPknKxD1
eB8282/ZrlZnxEfJZwrvdmqSMZ8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRLhg/V
RDVWc4owHuP4cAsBa8xw6jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhmMmFmMTQtNDNlMi00NDQ3LWE4YTctZjhmZTcxM2UyNDllLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAyoF0B8I
MA0GCSqGSIb3DQEBCwUAA4IBAQCT69ZfGSXn67qsDkT35oNfOIL8a9B2dA+it2Ug
x8h7X0uIX+88Fhfg27Kl2MbpJ5cZ9oZPBOSmZc+kUQUsMc3lCpFCL60aj39ja5l8
qm65GVQiT9jqPXl4YRudcOIJxC+TQ5D2/brScM272BILR8o7lY1NKMk51s30ABq8
wYKKNppvpo+tl6MVg+GXbvfchwR1DyoyJbRHhb1fYrl1fPe4XIASUyWXZ4XwVuz8
CmoosmFIwRozrykDSOPTet3G3+JhNWbUyOyDgiDTj7EwoxQJ9KA/ypayfiRCML4W
V5CDfPN027taASmOHQleIDPaoxWmkVUcD5dmanuerjyJolDS
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:46 2025 by rpki-client