Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6f78d89d-1d32-4176-8f3e-9966f674843e.roa
File:                     6f78d89d-1d32-4176-8f3e-9966f674843e.roa (raw, json)
Hash identifier:          ieH/WASsJL1WC6QGCVLKWYrrYS9gs6L4zlaUkpypqHk=
Subject key identifier:   E0:28:1E:23:97:EE:99:21:FD:60:B1:40:DF:BE:58:74:C0:A3:4E:DA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       48AC9B8AB0F2E34DBBEEAD826EF1094250A00B68
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6f78d89d-1d32-4176-8f3e-9966f674843e.roa
Signing time:             Fri 26 Sep 2025 19:51:02 +0000
ROA not before:           Fri 26 Sep 2025 19:51:02 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d071::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:ac:9b:8a:b0:f2:e3:4d:bb:ee:ad:82:6e:f1:09:42:50:a0:0b:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:51:02 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=31ef5e678669d18c5da12f367ad2ae6af11d350ba54c1e9410c47cc5922a1c89, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ae:24:17:55:ec:e9:90:6d:a0:c7:0d:e0:58:
                    85:5b:c9:91:24:1d:57:53:c0:71:65:69:33:64:da:
                    84:0b:d3:bd:e6:80:91:d1:b7:23:7b:ee:ef:7f:4c:
                    2d:98:a1:75:fc:2e:ed:55:c3:d5:e5:df:14:92:d6:
                    43:9e:9c:bd:d0:28:71:ea:1e:5d:a8:4c:39:74:4f:
                    da:f2:8f:0f:94:e2:9e:a3:4b:d9:13:5e:c5:4c:20:
                    6e:e4:93:1f:66:d1:18:7b:b7:22:87:90:84:7b:fd:
                    1a:04:13:d1:7c:62:38:5a:af:e6:35:c0:2a:69:06:
                    ed:b3:ec:f3:27:87:1a:ae:64:a6:fc:36:41:21:e7:
                    29:5a:db:54:5e:bf:a1:e3:bb:62:c0:26:75:bd:30:
                    5d:c8:bb:c5:4c:1b:98:37:20:da:34:1a:92:88:1a:
                    a4:36:21:cd:57:38:45:24:31:ce:b9:a1:f2:02:78:
                    aa:73:41:3a:15:74:9c:56:0f:60:9d:0c:ab:c7:2e:
                    85:e4:a7:a2:af:50:98:9d:38:09:e2:5c:5b:31:b0:
                    38:3b:8c:48:24:e2:8a:2f:c0:d4:25:dc:81:d7:21:
                    b7:66:95:21:fe:72:5e:59:79:43:bc:ec:28:fa:58:
                    39:14:b9:92:9a:93:6b:6f:fd:1f:5e:ca:44:68:17:
                    9a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:28:1E:23:97:EE:99:21:FD:60:B1:40:DF:BE:58:74:C0:A3:4E:DA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6f78d89d-1d32-4176-8f3e-9966f674843e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d071::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:91:cf:c5:fa:c8:14:e2:ed:2f:50:ec:5b:06:86:c7:bf:c8:
         27:f8:51:a0:6a:57:4a:c4:b9:f7:4f:58:68:be:12:d4:4a:1f:
         c7:92:8a:62:b1:f2:f0:b1:a5:6e:d9:37:dd:d6:42:7d:eb:d3:
         ed:fb:87:d7:04:bf:4a:56:4d:e6:2a:0b:22:78:06:5a:7e:39:
         eb:6b:b4:c5:8c:d6:91:26:b4:c2:0d:48:30:30:76:29:8b:7f:
         41:4c:92:a7:72:18:bd:4a:ba:4a:77:7a:59:62:72:88:73:12:
         8a:df:97:67:2e:52:cc:e2:05:99:be:84:98:7a:4a:55:55:4e:
         8e:3d:1e:57:91:22:46:00:f1:6d:6a:69:e3:67:ba:eb:93:4a:
         00:a5:7c:77:ed:28:de:9b:30:92:9f:41:df:e3:12:24:c7:87:
         d2:8b:10:ed:e7:b5:78:fe:89:80:e4:88:a2:7b:83:62:8e:b7:
         ef:13:a5:3d:03:5c:51:df:67:71:5a:ed:83:1d:c0:19:45:be:
         97:e6:04:59:0f:cf:87:29:8a:18:9b:4f:00:31:b1:f1:63:75:
         8b:ef:e5:05:af:f5:c7:13:ff:e2:fd:15:aa:d2:12:c5:a4:70:
         aa:4e:d4:f3:4a:d6:04:e9:9c:cc:e1:22:3d:e9:98:da:59:82:
         f4:66:f4:b2
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUSKybirDy40277q2CbvEJQlCgC2gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTUxMDJaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDMxZWY1ZTY3ODY2OWQxOGM1ZGExMmYzNjdhZDJhZTZhZjExZDM1MGJhNTRj
MWU5NDEwYzQ3Y2M1OTIyYTFjODkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAImuJBdV7OmQbaDHDeBYhVvJkSQdV1PAcWVpM2TahAvTveaAkdG3I3vu739M
LZihdfwu7VXD1eXfFJLWQ56cvdAoceoeXahMOXRP2vKPD5TinqNL2RNexUwgbuST
H2bRGHu3IoeQhHv9GgQT0XxiOFqv5jXAKmkG7bPs8yeHGq5kpvw2QSHnKVrbVF6/
oeO7YsAmdb0wXci7xUwbmDcg2jQakogapDYhzVc4RSQxzrmh8gJ4qnNBOhV0nFYP
YJ0Mq8cuheSnoq9QmJ04CeJcWzGwODuMSCTiii/A1CXcgdcht2aVIf5yXll5Q7zs
KPpYORS5kpqTa2/9H17KRGgXmocCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBTgKB4j
l+6ZIf1gsUDfvlh0wKNO2jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NmY3OGQ4OWQtMWQzMi00MTc2LThmM2UtOTk2NmY2NzQ4NDNlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoF0HEw
DQYJKoZIhvcNAQELBQADggEBABeRz8X6yBTi7S9Q7FsGhse/yCf4UaBqV0rEufdP
WGi+EtRKH8eSimKx8vCxpW7ZN93WQn3r0+37h9cEv0pWTeYqCyJ4Blp+OetrtMWM
1pEmtMINSDAwdimLf0FMkqdyGL1Kukp3ellicohzEorfl2cuUsziBZm+hJh6SlVV
To49HleRIkYA8W1qaeNnuuuTSgClfHftKN6bMJKfQd/jEiTHh9KLEO3ntXj+iYDk
iKJ7g2KOt+8TpT0DXFHfZ3Fa7YMdwBlFvpfmBFkPz4cpihibTwAxsfFjdYvv5QWv
9ccT/+L9FarSEsWkcKpO1PNK1gTpnMzhIj3pmNpZgvRm9LI=
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:32 2025 by rpki-client