Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6fbb7303-c6a4-43da-bcdb-d26ab78c366e.roa
File:                     6fbb7303-c6a4-43da-bcdb-d26ab78c366e.roa (raw, json)
Hash identifier:          kwA/L7vKlGLgRHV2vSd4m/Zna+wYVBB9XSeThhDdd1M=
Subject key identifier:   97:1D:67:49:BE:06:E6:72:7D:E7:57:E7:E8:A4:2E:C5:30:08:4C:6C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       110084E4EFCA05E70AC417F72F3F9A73C1FF0F7B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6fbb7303-c6a4-43da-bcdb-d26ab78c366e.roa
Signing time:             Fri 26 Sep 2025 19:10:12 +0000
ROA not before:           Fri 26 Sep 2025 19:10:12 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:2040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:00:84:e4:ef:ca:05:e7:0a:c4:17:f7:2f:3f:9a:73:c1:ff:0f:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:10:12 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=1257fa6f362e6b29db6d524ba60a42ae850b3109959ad0708b860ad48d1129e9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:16:22:e5:34:5f:fd:ed:23:21:a4:c9:3d:6e:
                    6f:38:87:cc:d9:89:40:7e:1b:90:79:6d:90:58:30:
                    16:98:00:65:23:8e:d8:18:dc:93:8e:4b:b8:b7:d2:
                    d4:fa:8a:7d:49:a4:7a:94:55:5c:37:8d:5b:2f:64:
                    a1:61:73:cc:9c:d6:be:47:20:8c:14:cc:76:89:8d:
                    70:47:aa:af:1e:7a:86:f4:8f:67:58:1a:9b:4b:bf:
                    14:fd:ee:ac:cc:cc:a2:9f:65:a3:e9:fc:fc:4a:b9:
                    4b:94:96:54:a2:05:37:3e:c9:9a:b6:62:5c:0e:39:
                    49:f1:48:3e:13:63:ea:92:03:c6:3d:6f:f8:4b:df:
                    5a:f3:03:22:b0:e4:67:ff:4a:71:1e:05:ea:a7:21:
                    2f:9f:5f:bc:78:4d:ac:37:88:2e:1d:44:94:ad:84:
                    1b:f4:94:56:90:73:58:eb:a5:76:9e:c8:84:dc:a0:
                    b5:c3:6c:5d:f5:08:ff:76:ee:be:31:a0:da:9e:bb:
                    de:3e:0e:e0:6d:f9:1b:bf:9e:a9:f6:0b:0f:4b:49:
                    4b:06:fd:f1:fb:76:b1:6a:66:e9:e7:00:c9:f7:35:
                    8c:c5:f7:44:71:f9:eb:c7:51:11:a3:1d:cf:6d:08:
                    19:14:71:c6:5b:7a:34:6e:cd:74:0c:2b:36:96:b2:
                    76:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:1D:67:49:BE:06:E6:72:7D:E7:57:E7:E8:A4:2E:C5:30:08:4C:6C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6fbb7303-c6a4-43da-bcdb-d26ab78c366e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:2040::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:e4:4a:73:03:db:22:77:81:7d:a8:78:f3:4e:63:91:ef:78:
         15:34:37:14:8f:85:fc:44:1f:d2:d6:fb:f3:62:0a:fb:7f:b9:
         ee:7d:57:6f:e1:f1:ba:02:cd:c8:72:02:a5:6d:14:b4:0e:71:
         f4:e4:57:91:ed:5c:8c:2a:8f:74:b8:28:f7:6f:a3:1d:ca:bc:
         bf:59:93:f4:5f:08:35:b7:6e:09:10:12:80:7d:07:36:48:73:
         54:f2:17:e4:f1:24:a8:64:16:65:36:61:16:10:c4:88:cc:69:
         ce:2a:e1:c1:d2:ec:df:01:2f:de:90:50:b8:0f:bc:5b:8f:72:
         4c:4f:6f:dd:e9:36:98:a3:46:20:75:38:43:4b:f2:6b:89:c6:
         f6:d1:f6:4a:01:57:c9:4a:a5:03:c4:46:58:23:9e:03:ea:90:
         34:0f:73:55:a5:f9:48:c3:e3:a3:81:a3:75:18:49:63:32:91:
         06:1f:80:13:e2:f9:11:88:64:24:1f:20:36:d4:9d:8b:a7:ce:
         cb:68:1d:ff:48:90:8d:e9:22:e5:f0:9d:27:0c:96:82:5b:e8:
         bc:ac:95:77:9b:f5:50:0f:80:30:f0:8d:06:fc:ed:b8:67:35:
         c9:ae:bc:ee:0a:1a:f2:53:6f:69:25:a9:a2:f8:6a:d9:ab:10:
         df:4d:c0:c9
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUEQCE5O/KBecKxBf3Lz+ac8H/D3swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTEwMTJaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDEyNTdmYTZmMzYyZTZiMjlkYjZkNTI0YmE2MGE0MmFlODUwYjMxMDk5NTlh
ZDA3MDhiODYwYWQ0OGQxMTI5ZTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKUWIuU0X/3tIyGkyT1ubziHzNmJQH4bkHltkFgwFpgAZSOO2Bjck45LuLfS
1PqKfUmkepRVXDeNWy9koWFzzJzWvkcgjBTMdomNcEeqrx56hvSPZ1gam0u/FP3u
rMzMop9lo+n8/Eq5S5SWVKIFNz7JmrZiXA45SfFIPhNj6pIDxj1v+EvfWvMDIrDk
Z/9KcR4F6qchL59fvHhNrDeILh1ElK2EG/SUVpBzWOuldp7IhNygtcNsXfUI/3bu
vjGg2p673j4O4G35G7+eqfYLD0tJSwb98ft2sWpm6ecAyfc1jMX3RHH568dREaMd
z20IGRRxxlt6NG7NdAwrNpaydmMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSXHWdJ
vgbmcn3nV+fopC7FMAhMbDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NmZiYjczMDMtYzZhNC00M2RhLWJjZGItZDI2YWI3OGMzNjZlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H8g
QDANBgkqhkiG9w0BAQsFAAOCAQEAH+RKcwPbIneBfah4805jke94FTQ3FI+F/EQf
0tb782IK+3+57n1Xb+HxugLNyHICpW0UtA5x9ORXke1cjCqPdLgo92+jHcq8v1mT
9F8INbduCRASgH0HNkhzVPIX5PEkqGQWZTZhFhDEiMxpzirhwdLs3wEv3pBQuA+8
W49yTE9v3ek2mKNGIHU4Q0vya4nG9tH2SgFXyUqlA8RGWCOeA+qQNA9zVaX5SMPj
o4GjdRhJYzKRBh+AE+L5EYhkJB8gNtSdi6fOy2gd/0iQjeki5fCdJwyWglvovKyV
d5v1UA+AMPCNBvztuGc1ya687goa8lNvaSWpovhq2asQ303AyQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:22 2025 by rpki-client