Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6e11a1fd-46e4-4d91-84e8-f174e0774136.roa
File:                     6e11a1fd-46e4-4d91-84e8-f174e0774136.roa (raw, json)
Hash identifier:          BpH/wdIIE6XJl+pasXepPHXjO2vQbkAa1XTzWQFmBDQ=
Subject key identifier:   3A:4E:08:62:AF:CD:6E:9C:3E:C6:CB:2D:9A:FF:D5:1A:BE:3C:3F:0E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       65F703445009C3705EA8375DEE15020093BD44F3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6e11a1fd-46e4-4d91-84e8-f174e0774136.roa
Signing time:             Mon 06 Oct 2025 18:01:01 +0000
ROA not before:           Mon 06 Oct 2025 18:01:01 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d073:e0c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:f7:03:44:50:09:c3:70:5e:a8:37:5d:ee:15:02:00:93:bd:44:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct  6 18:01:01 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=6874beabb49710f1e9613962a02a4d540f4ace6f7dafc806b8ff3b4eeb743d70, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:fd:db:3f:da:e6:39:b6:01:ed:e1:43:c4:72:
                    f3:c1:85:bd:87:c7:ab:f0:84:39:0d:ac:92:ba:3b:
                    50:42:ae:6a:b3:dc:f3:4b:d8:36:28:90:64:22:6b:
                    50:4e:b5:e0:06:c5:35:98:78:32:2c:e6:0e:e8:4a:
                    d2:43:8a:a6:d5:db:27:96:c3:16:d4:c3:01:47:85:
                    9a:1e:d5:f5:bb:54:e7:71:fa:1c:42:cc:18:c3:13:
                    18:c3:f6:ec:9d:3d:fc:3f:53:9f:72:84:b6:14:0c:
                    46:78:8f:f4:60:90:3a:44:23:b5:7a:5e:34:a5:56:
                    4e:9f:fa:7f:e1:54:19:cf:58:df:f1:50:73:7d:00:
                    2f:a3:bd:1c:0a:8f:10:d0:3c:c5:7f:ca:7d:3f:26:
                    22:67:8b:44:da:09:6a:71:68:82:29:a4:14:22:55:
                    e1:09:b8:e0:b5:47:2d:34:27:4f:fb:8b:35:4e:ca:
                    14:92:0a:d5:2b:80:a1:0c:59:eb:82:a2:87:a3:c4:
                    37:e1:cd:5a:a6:7a:e2:6e:b1:8b:d5:cd:c7:fc:4e:
                    e5:e8:19:19:cb:24:bc:ef:11:8c:56:73:77:5e:3d:
                    0f:6c:90:79:24:ec:bf:31:ce:9c:59:e9:88:1d:42:
                    75:14:40:68:44:ea:a0:e9:94:8a:6d:48:ec:3b:ce:
                    64:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:4E:08:62:AF:CD:6E:9C:3E:C6:CB:2D:9A:FF:D5:1A:BE:3C:3F:0E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6e11a1fd-46e4-4d91-84e8-f174e0774136.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d073:e0c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         1e:e8:05:55:2a:7d:2f:2a:10:85:db:11:a0:4d:ec:46:ae:92:
         43:ee:76:cf:62:e9:bf:67:74:d0:79:7f:69:07:6d:82:ee:1b:
         98:67:1b:b3:ea:c0:ff:f5:a4:5f:eb:bc:4f:23:67:71:c6:5d:
         7e:76:93:60:a7:d1:4b:33:14:b2:db:34:da:7d:d7:ec:17:be:
         0a:4a:9b:e8:29:a5:ab:4a:d3:26:ec:0b:b3:05:0f:e1:29:83:
         1f:b7:73:47:d9:7d:34:59:60:4b:15:73:83:20:4c:b3:ad:1f:
         f2:da:fd:d0:85:b0:d1:99:9a:a5:ec:4a:d3:e7:14:ce:c3:67:
         0c:9e:6f:8e:59:cd:9a:1a:9d:df:81:a1:12:d6:02:3b:42:84:
         0c:03:7d:d8:81:6b:bb:28:95:b5:4e:1c:24:23:82:06:10:2c:
         ff:e3:10:71:08:f4:e9:7b:18:9f:0f:d9:e8:8c:ad:2e:c1:36:
         c6:7b:a9:a2:b8:17:15:8a:a3:7f:4f:4b:75:78:38:96:42:32:
         35:b9:3a:36:6b:ca:cc:4f:cf:5c:91:37:bd:76:fa:c7:09:36:
         e2:8f:e6:49:0a:99:df:07:b3:a8:cc:bc:8e:27:35:2f:79:34:
         b9:33:41:82:78:7b:86:77:6a:31:ab:51:b7:dc:92:01:e3:e8:
         cc:57:10:1d
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUZfcDRFAJw3BeqDdd7hUCAJO9RPMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODAxMDFaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDY4NzRiZWFiYjQ5NzEwZjFlOTYxMzk2MmEwMmE0ZDU0MGY0YWNlNmY3ZGFm
YzgwNmI4ZmYzYjRlZWI3NDNkNzAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJj92z/a5jm2Ae3hQ8Ry88GFvYfHq/CEOQ2skro7UEKuarPc80vYNiiQZCJr
UE614AbFNZh4MizmDuhK0kOKptXbJ5bDFtTDAUeFmh7V9btU53H6HELMGMMTGMP2
7J09/D9Tn3KEthQMRniP9GCQOkQjtXpeNKVWTp/6f+FUGc9Y3/FQc30AL6O9HAqP
ENA8xX/KfT8mImeLRNoJanFogimkFCJV4Qm44LVHLTQnT/uLNU7KFJIK1SuAoQxZ
64Kih6PEN+HNWqZ64m6xi9XNx/xO5egZGcskvO8RjFZzd149D2yQeSTsvzHOnFnp
iB1CdRRAaETqoOmUim1I7DvOZGUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQ6Tghi
r81unD7Gyy2a/9Uavjw/DjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NmUxMWExZmQtNDZlNC00ZDkxLTg0ZTgtZjE3NGUwNzc0MTM2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HPg
wDANBgkqhkiG9w0BAQsFAAOCAQEAHugFVSp9LyoQhdsRoE3sRq6SQ+52z2Lpv2d0
0Hl/aQdtgu4bmGcbs+rA//WkX+u8TyNnccZdfnaTYKfRSzMUsts02n3X7Be+Ckqb
6Cmlq0rTJuwLswUP4SmDH7dzR9l9NFlgSxVzgyBMs60f8tr90IWw0ZmapexK0+cU
zsNnDJ5vjlnNmhqd34GhEtYCO0KEDAN92IFruyiVtU4cJCOCBhAs/+MQcQj06XsY
nw/Z6IytLsE2xnuporgXFYqjf09LdXg4lkIyNbk6NmvKzE/PXJE3vXb6xwk24o/m
SQqZ3wezqMy8jic1L3k0uTNBgnh7hndqMatRt9ySAePozFcQHQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:26 2025 by rpki-client