Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6ee98048-5141-4b16-8b8c-269a397f53ce.roa
File:                     6ee98048-5141-4b16-8b8c-269a397f53ce.roa (raw, json)
Hash identifier:          KKMVZkQYo7u+IrvVb8nLWwYCcnA0DCl7NnVZ0TcD2S0=
Subject key identifier:   B7:80:21:0F:93:BF:04:EC:92:48:63:F5:B3:5C:B7:C1:3B:D1:FE:9F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2552F54A08C5D2435065B9F432F229FE0C2BFAB6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6ee98048-5141-4b16-8b8c-269a397f53ce.roa
Signing time:             Fri 26 Sep 2025 18:50:45 +0000
ROA not before:           Fri 26 Sep 2025 18:50:45 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:4080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:52:f5:4a:08:c5:d2:43:50:65:b9:f4:32:f2:29:fe:0c:2b:fa:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:50:45 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=9faf6a90431a0fa876a903aad2799e8a9cb6233c8ca445e9b592672b1dd875e3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:09:2d:c9:1d:8d:29:d3:cc:87:e7:21:3f:7d:
                    c4:ec:6f:23:7d:54:b3:b3:d1:37:23:c8:5b:21:fc:
                    04:fc:90:84:60:f5:85:7f:87:e5:22:0a:dd:97:50:
                    9a:c8:f7:8e:27:fa:44:71:21:91:96:b6:d7:2e:1e:
                    60:bb:4f:d6:5b:cd:5f:b7:bb:13:ef:9f:9d:80:bd:
                    d3:53:5e:af:8a:d8:e5:4a:3a:1b:d1:93:ca:5e:b3:
                    bd:56:dc:b7:c3:be:a4:b4:07:56:82:1a:48:1e:9a:
                    77:8f:03:60:88:ed:ed:92:d4:48:07:73:7e:19:d5:
                    18:4c:b3:65:2d:5a:8b:ab:5c:2d:78:80:dd:76:b3:
                    d9:77:6e:16:14:12:98:61:57:1d:6a:04:b9:42:ba:
                    c3:79:18:9b:2f:d1:1b:4f:7c:ee:36:a0:02:b2:9e:
                    60:15:bd:ab:d0:23:22:60:b3:bf:90:37:da:67:1b:
                    65:91:27:a6:33:4f:2a:f2:ae:35:12:d1:8c:36:92:
                    4d:8f:6b:82:ad:13:3d:14:07:f9:ae:e4:fb:9c:f7:
                    19:da:36:12:2b:93:7f:ba:23:6d:fc:52:17:3c:78:
                    5d:17:11:f8:ab:50:26:5a:68:1a:9d:72:e4:d0:23:
                    62:28:94:76:e9:99:c6:18:d9:c0:76:00:17:0f:c4:
                    da:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:80:21:0F:93:BF:04:EC:92:48:63:F5:B3:5C:B7:C1:3B:D1:FE:9F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6ee98048-5141-4b16-8b8c-269a397f53ce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:4080::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:83:7b:e0:5e:f2:2a:1d:fa:ae:68:cf:9e:68:4e:d5:64:5e:
         dc:31:7c:93:66:c0:e0:27:2b:09:ab:32:04:29:ad:a3:5a:d9:
         8f:e3:6e:39:4a:0f:ab:51:05:bd:a5:e6:9f:94:b2:49:37:ee:
         c8:86:03:44:af:02:6e:8e:56:ad:ac:28:4c:cc:6f:ec:f3:f4:
         bb:61:a8:0e:01:07:37:64:9c:1c:4b:51:83:f4:3f:51:e8:70:
         f3:36:e8:bf:9f:57:b1:87:b6:92:6a:ec:2a:84:0f:74:75:42:
         85:53:5e:2c:6f:05:ee:a7:92:b1:c5:eb:6c:e6:0d:2b:f1:58:
         8d:4c:ba:d3:ee:85:15:22:95:db:d9:5a:ec:f9:74:66:79:ec:
         d7:d0:9e:2c:7b:1c:98:12:04:d6:e1:f1:3c:49:aa:44:80:df:
         a3:96:92:cd:85:c1:1f:75:6d:9c:95:69:dc:56:72:30:66:6a:
         37:f9:9b:ee:66:62:a5:20:4a:17:67:3c:91:93:f1:e5:54:db:
         f1:bb:6a:b4:f3:a8:44:5b:96:30:75:61:78:1d:40:65:ee:ba:
         74:29:08:aa:d2:72:52:95:e9:a0:50:ce:eb:9a:36:29:90:d4:
         5f:a3:2e:b7:b4:d9:4b:65:3e:6e:5b:df:41:22:03:3c:8d:27:
         15:72:71:79
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUJVL1SgjF0kNQZbn0MvIp/gwr+rYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODUwNDVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDlmYWY2YTkwNDMxYTBmYTg3NmE5MDNhYWQyNzk5ZThhOWNiNjIzM2M4Y2E0
NDVlOWI1OTI2NzJiMWRkODc1ZTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALcJLckdjSnTzIfnIT99xOxvI31Us7PRNyPIWyH8BPyQhGD1hX+H5SIK3ZdQ
msj3jif6RHEhkZa21y4eYLtP1lvNX7e7E++fnYC901Ner4rY5Uo6G9GTyl6zvVbc
t8O+pLQHVoIaSB6ad48DYIjt7ZLUSAdzfhnVGEyzZS1ai6tcLXiA3Xaz2XduFhQS
mGFXHWoEuUK6w3kYmy/RG0987jagArKeYBW9q9AjImCzv5A32mcbZZEnpjNPKvKu
NRLRjDaSTY9rgq0TPRQH+a7k+5z3Gdo2EiuTf7ojbfxSFzx4XRcR+KtQJlpoGp1y
5NAjYiiUdumZxhjZwHYAFw/E2s0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS3gCEP
k78E7JJIY/WzXLfBO9H+nzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NmVlOTgwNDgtNTE0MS00YjE2LThiOGMtMjY5YTM5N2Y1M2NlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H9A
gDANBgkqhkiG9w0BAQsFAAOCAQEAsYN74F7yKh36rmjPnmhO1WRe3DF8k2bA4Ccr
CasyBCmto1rZj+NuOUoPq1EFvaXmn5SySTfuyIYDRK8Cbo5WrawoTMxv7PP0u2Go
DgEHN2ScHEtRg/Q/Uehw8zbov59XsYe2kmrsKoQPdHVChVNeLG8F7qeSscXrbOYN
K/FYjUy60+6FFSKV29la7Pl0Znns19CeLHscmBIE1uHxPEmqRIDfo5aSzYXBH3Vt
nJVp3FZyMGZqN/mb7mZipSBKF2c8kZPx5VTb8btqtPOoRFuWMHVheB1AZe66dCkI
qtJyUpXpoFDO65o2KZDUX6Mut7TZS2U+blvfQSIDPI0nFXJxeQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:21 2025 by rpki-client