Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6a082d12-70e1-4005-8dd1-52b78c0c75af.roa
File:                     6a082d12-70e1-4005-8dd1-52b78c0c75af.roa (raw, json)
Hash identifier:          ZQxtccypCU8+RPBFyBjGXU/7UQtAy7KgfeIMKu8ZBqk=
Subject key identifier:   15:91:29:BF:14:76:E8:1B:FC:45:B6:36:D8:FC:7E:2D:51:EA:67:68
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       78E65705C711E398E10D0EAA3D8F4E276171CB72
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6a082d12-70e1-4005-8dd1-52b78c0c75af.roa
Signing time:             Mon 06 Oct 2025 18:00:39 +0000
ROA not before:           Mon 06 Oct 2025 18:00:39 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d073:a080::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:e6:57:05:c7:11:e3:98:e1:0d:0e:aa:3d:8f:4e:27:61:71:cb:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct  6 18:00:39 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=9d4603dd49f46336547b0c362f4e00bdd1e0228ac2595e460a7247b97ac4583e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:67:55:27:1f:07:b9:7b:0f:e3:6d:5b:74:8a:
                    80:20:4a:4e:4a:33:94:c0:71:a6:9c:66:82:5c:d3:
                    03:5a:e9:2d:ae:1c:02:98:8c:1a:58:a7:73:67:bd:
                    50:5b:68:06:e5:21:80:8f:5f:89:58:fe:3c:9b:2d:
                    d1:f9:29:45:88:d2:b8:2a:f7:45:4e:61:bc:6a:07:
                    ff:70:59:bc:1d:95:df:8e:8a:a3:4f:5e:4e:38:56:
                    08:f3:e5:6a:5a:c3:03:1e:9c:0d:d4:9a:28:a0:7a:
                    25:c2:6b:7a:ec:66:cd:41:3b:08:37:ee:b2:18:c1:
                    97:10:2f:de:62:c6:6d:d4:d1:54:41:ec:e2:f8:7c:
                    44:62:d8:99:cf:68:1b:9d:0d:1a:a4:83:9a:fd:58:
                    1c:76:40:9f:18:f3:04:dc:06:3c:6b:c6:69:68:55:
                    49:7e:9f:5e:4e:6c:d8:d8:a2:03:38:ed:ad:cf:38:
                    b4:d7:7f:51:d9:99:df:04:d5:c4:ad:52:20:51:8c:
                    0b:d2:11:ce:99:8a:32:98:ea:65:71:c9:87:55:06:
                    77:b4:e8:f6:a3:e3:f3:a6:73:fa:a6:9e:c8:3e:1d:
                    74:72:ad:df:ee:9f:1e:a0:b0:6a:13:d5:5a:4b:a9:
                    af:1d:a1:44:35:74:a3:de:7d:b1:9c:8a:5c:aa:5f:
                    8e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:91:29:BF:14:76:E8:1B:FC:45:B6:36:D8:FC:7E:2D:51:EA:67:68
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6a082d12-70e1-4005-8dd1-52b78c0c75af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d073:a080::/46

    Signature Algorithm: sha256WithRSAEncryption
         bf:6c:a7:07:04:00:91:e4:db:4c:18:c3:b1:5a:2e:64:ba:b3:
         45:38:70:b0:37:65:29:89:10:3e:fa:6c:14:b6:0d:30:12:e2:
         36:6b:e4:42:49:22:51:0a:a0:07:ca:91:cb:2e:1f:c0:70:3c:
         42:c3:3e:71:bf:f2:38:90:97:fd:77:d8:1f:e0:21:1f:30:75:
         3a:59:87:25:a7:7e:47:d5:75:82:44:83:25:67:f7:d8:af:fa:
         c7:2d:cb:7a:cd:1e:38:94:9d:e9:e5:b8:c5:45:13:13:1a:16:
         64:53:5c:84:f1:9b:32:3f:fb:7c:93:92:39:96:dc:23:51:93:
         8e:a4:04:01:97:01:6e:df:54:69:6d:dd:66:ce:fe:3b:c5:5f:
         01:4c:a6:6b:6a:52:8e:50:f1:78:c8:8b:e1:15:9a:1a:51:f6:
         ef:ac:a8:72:06:07:43:97:91:b3:4d:f2:2d:96:35:8e:2d:1c:
         86:86:5b:cd:2e:09:97:12:ea:7c:30:3b:6f:2a:24:95:c8:18:
         cd:ff:cb:9c:f3:9f:ec:8a:ab:53:81:21:9c:0f:39:9e:e3:4c:
         c5:f6:5e:a5:09:2b:d2:df:73:a7:48:81:0b:8b:0f:31:cb:ff:
         9e:b1:38:e2:3a:4b:0e:8d:7b:a7:9e:e5:9c:f1:95:88:98:77:
         0c:a2:d1:d3
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUeOZXBccR45jhDQ6qPY9OJ2Fxy3IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODAwMzlaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDlkNDYwM2RkNDlmNDYzMzY1NDdiMGMzNjJmNGUwMGJkZDFlMDIyOGFjMjU5
NWU0NjBhNzI0N2I5N2FjNDU4M2UxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKtnVScfB7l7D+NtW3SKgCBKTkozlMBxppxmglzTA1rpLa4cApiMGlinc2e9
UFtoBuUhgI9fiVj+PJst0fkpRYjSuCr3RU5hvGoH/3BZvB2V346Ko09eTjhWCPPl
alrDAx6cDdSaKKB6JcJreuxmzUE7CDfushjBlxAv3mLGbdTRVEHs4vh8RGLYmc9o
G50NGqSDmv1YHHZAnxjzBNwGPGvGaWhVSX6fXk5s2NiiAzjtrc84tNd/UdmZ3wTV
xK1SIFGMC9IRzpmKMpjqZXHJh1UGd7To9qPj86Zz+qaeyD4ddHKt3+6fHqCwahPV
Wkuprx2hRDV0o959sZyKXKpfjgECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQVkSm/
FHboG/xFtjbY/H4tUepnaDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NmEwODJkMTItNzBlMS00MDA1LThkZDEtNTJiNzhjMGM3NWFmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HOg
gDANBgkqhkiG9w0BAQsFAAOCAQEAv2ynBwQAkeTbTBjDsVouZLqzRThwsDdlKYkQ
PvpsFLYNMBLiNmvkQkkiUQqgB8qRyy4fwHA8QsM+cb/yOJCX/XfYH+AhHzB1OlmH
Jad+R9V1gkSDJWf32K/6xy3Les0eOJSd6eW4xUUTExoWZFNchPGbMj/7fJOSOZbc
I1GTjqQEAZcBbt9UaW3dZs7+O8VfAUyma2pSjlDxeMiL4RWaGlH276yocgYHQ5eR
s03yLZY1ji0choZbzS4JlxLqfDA7byoklcgYzf/LnPOf7IqrU4EhnA85nuNMxfZe
pQkr0t9zp0iBC4sPMcv/nrE44jpLDo17p57lnPGViJh3DKLR0w==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:46:58 2025 by rpki-client