Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/72c1c04d-5c77-431c-825c-1633fac1964d.roa
File:                     72c1c04d-5c77-431c-825c-1633fac1964d.roa (raw, json)
Hash identifier:          jeS7yee5YCjBxPD8w+3IzVRDgDp7cJTct4H76rXOcH0=
Subject key identifier:   8D:A5:E1:B0:28:A6:1C:20:5B:2D:7B:A4:28:A4:A1:E0:F5:15:5B:84
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       18896BF844431E5069C20E539777AAC957AF7B18
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/72c1c04d-5c77-431c-825c-1633fac1964d.roa
Signing time:             Fri 26 Sep 2025 19:10:24 +0000
ROA not before:           Fri 26 Sep 2025 19:10:24 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:8030::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:89:6b:f8:44:43:1e:50:69:c2:0e:53:97:77:aa:c9:57:af:7b:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:10:24 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=7f3cfec1449b9232510a5bd8328ae16b4209a656181c32ea6b2cdf43229ae0a7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:7a:e6:bc:e9:4b:7b:d3:ba:4c:36:05:e5:9f:
                    4f:cc:e0:f6:a9:36:9c:42:18:8b:d4:49:25:7e:8a:
                    70:2d:da:cc:f1:25:28:9a:00:3e:a5:07:5a:19:05:
                    88:b3:d1:89:3a:e5:3e:f8:14:8f:c1:ce:3a:e1:49:
                    38:89:cf:16:45:37:78:a2:82:45:f7:9c:12:6d:2e:
                    2a:3c:a6:bf:d5:ed:b0:dc:e9:9d:af:97:b3:e6:7b:
                    dd:57:ee:b8:2c:22:8c:ef:25:84:49:0e:5f:5d:f3:
                    aa:82:ac:18:67:ec:29:1c:9b:14:e8:8c:dd:e9:17:
                    06:39:8f:e6:45:7f:30:46:8c:9c:3a:0d:39:9a:1a:
                    c9:d7:11:58:5d:61:b6:ec:2c:cc:3b:59:3f:e7:40:
                    58:49:76:dd:1f:8c:d7:12:91:cc:b5:93:01:4e:ff:
                    7c:b8:f1:ca:d8:ae:ca:45:ba:b2:43:af:17:ac:f2:
                    92:05:7b:5c:37:79:28:9f:0a:12:c4:f2:1d:3b:3b:
                    a6:f9:1f:5f:ba:09:e0:4d:76:9f:b0:09:c2:1b:21:
                    da:8b:d7:c8:45:5a:92:60:b4:01:4b:a6:26:aa:5b:
                    fa:aa:3c:67:84:3f:a2:72:fe:ee:f1:51:6a:dd:4f:
                    0c:ad:25:07:a4:df:d7:71:b7:9b:3a:1c:f6:da:38:
                    e4:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:A5:E1:B0:28:A6:1C:20:5B:2D:7B:A4:28:A4:A1:E0:F5:15:5B:84
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/72c1c04d-5c77-431c-825c-1633fac1964d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:8030::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:ec:e0:1a:fd:dc:be:07:b7:56:10:bb:d2:e4:9e:f1:48:fa:
         6e:19:66:7d:96:d5:1c:59:76:0c:60:6e:78:38:98:15:00:dc:
         a8:1b:77:25:ed:4f:09:54:ff:66:e1:f7:57:21:8b:7f:3b:73:
         4e:3b:25:00:5f:26:52:91:4c:a2:8f:e8:70:3c:32:0a:40:48:
         0d:ce:25:17:48:18:29:c8:4a:f3:b1:41:03:f2:17:8a:8e:71:
         4b:a6:dd:80:7b:fe:75:31:3b:dc:00:12:88:59:bc:f7:16:de:
         63:b0:97:7e:6b:54:d5:8a:9d:96:9e:e4:15:81:7e:bf:ec:0f:
         bc:70:52:ba:8e:c0:76:b6:e9:c7:b4:a6:fa:25:9f:e3:c0:91:
         5b:e1:bf:4a:9f:7b:76:60:7d:f4:9c:5b:9d:5f:e4:36:6c:24:
         c1:75:6a:8a:50:36:3c:c1:80:b2:b8:03:69:08:a5:56:9a:ed:
         80:75:94:18:37:5d:a1:58:28:37:41:33:fc:27:07:45:be:64:
         3d:8f:81:e6:46:74:bb:bf:31:88:19:e5:1f:5f:63:90:52:87:
         d9:56:91:45:8e:48:a9:0a:ca:f8:a9:c7:58:fc:10:d2:3a:5f:
         4e:8a:10:6d:96:e8:f0:2f:61:5e:44:07:11:86:17:5b:fb:80:
         4b:a0:68:12
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUGIlr+ERDHlBpwg5Tl3eqyVevexgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTEwMjRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDdmM2NmZWMxNDQ5YjkyMzI1MTBhNWJkODMyOGFlMTZiNDIwOWE2NTYxODFj
MzJlYTZiMmNkZjQzMjI5YWUwYTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMl65rzpS3vTukw2BeWfT8zg9qk2nEIYi9RJJX6KcC3azPElKJoAPqUHWhkF
iLPRiTrlPvgUj8HOOuFJOInPFkU3eKKCRfecEm0uKjymv9XtsNzpna+Xs+Z73Vfu
uCwijO8lhEkOX13zqoKsGGfsKRybFOiM3ekXBjmP5kV/MEaMnDoNOZoaydcRWF1h
tuwszDtZP+dAWEl23R+M1xKRzLWTAU7/fLjxytiuykW6skOvF6zykgV7XDd5KJ8K
EsTyHTs7pvkfX7oJ4E12n7AJwhsh2ovXyEVakmC0AUumJqpb+qo8Z4Q/onL+7vFR
at1PDK0lB6Tf13G3mzoc9to45BcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSNpeGw
KKYcIFste6QopKHg9RVbhDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzJjMWMwNGQtNWM3Ny00MzFjLTgyNWMtMTYzM2ZhYzE5NjRkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
MDANBgkqhkiG9w0BAQsFAAOCAQEAQuzgGv3cvge3VhC70uSe8Uj6bhlmfZbVHFl2
DGBueDiYFQDcqBt3Je1PCVT/ZuH3VyGLfztzTjslAF8mUpFMoo/ocDwyCkBIDc4l
F0gYKchK87FBA/IXio5xS6bdgHv+dTE73AASiFm89xbeY7CXfmtU1Yqdlp7kFYF+
v+wPvHBSuo7Adrbpx7Sm+iWf48CRW+G/Sp97dmB99JxbnV/kNmwkwXVqilA2PMGA
srgDaQilVprtgHWUGDddoVgoN0Ez/CcHRb5kPY+B5kZ0u78xiBnlH19jkFKH2VaR
RY5IqQrK+KnHWPwQ0jpfTooQbZbo8C9hXkQHEYYXW/uAS6BoEg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:42 2025 by rpki-client