Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/730c632c-0510-4eef-8649-b29c7a1d089b.roa
File:                     730c632c-0510-4eef-8649-b29c7a1d089b.roa (raw, json)
Hash identifier:          e/wBOY4XgYnquQ0uOHI2XHtE8daPFIlvcn7Ca2v+57k=
Subject key identifier:   C5:7D:A4:C5:0F:B5:C6:6A:A9:F8:4F:E1:D6:93:EF:D6:FF:F8:EB:1A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4CEB2EED4EE0F7EC02BECD3907B8C4F32C5B7FF6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/730c632c-0510-4eef-8649-b29c7a1d089b.roa
Signing time:             Fri 26 Sep 2025 18:40:32 +0000
ROA not before:           Fri 26 Sep 2025 18:40:32 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:2040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:eb:2e:ed:4e:e0:f7:ec:02:be:cd:39:07:b8:c4:f3:2c:5b:7f:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:40:32 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=0a3cb34931b5e6cc6f975bb484f9e08d11398f73c0fab8aaf2bb9e3ac83b327a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:7f:29:44:32:b1:47:28:42:56:45:5b:23:89:
                    12:4b:20:1a:05:52:0a:10:2d:c0:31:7d:2a:b8:ec:
                    6f:af:4d:a7:63:71:af:8c:91:6a:94:b6:ac:44:d7:
                    e2:ac:34:2c:85:fd:b9:6e:9b:a8:4a:e7:4c:3c:42:
                    31:71:07:b2:6a:f3:e7:60:03:fb:19:25:79:b1:bb:
                    ed:8d:3a:fe:fa:a8:b2:0c:f1:03:46:a5:e5:6f:a0:
                    c8:f7:de:07:64:32:be:db:77:3a:5d:26:f7:02:dd:
                    83:ce:df:49:64:8d:46:dd:8e:a3:ba:f6:11:d5:71:
                    58:d0:50:e7:5f:d9:a0:ae:ed:b3:bc:fe:52:84:2f:
                    c8:0b:ae:57:b5:65:91:0e:03:54:5b:ec:9f:aa:00:
                    42:f2:bb:a6:e5:4b:e5:b4:16:a8:b3:72:1f:69:23:
                    5a:1b:7d:e9:9a:6f:86:62:6d:10:16:65:9b:62:91:
                    95:0d:a9:ee:b6:e4:31:08:ce:d9:4c:fc:3c:06:a6:
                    d4:14:23:a5:f1:ee:8d:ad:3b:10:83:83:a4:4f:d9:
                    df:e5:d5:b0:62:99:2d:b1:ca:b4:07:e6:34:a9:e6:
                    eb:6f:ea:c8:50:61:13:d9:2c:0f:4b:53:08:71:64:
                    6a:bb:a3:f6:fd:05:f1:73:73:ff:59:db:fa:c4:67:
                    48:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:7D:A4:C5:0F:B5:C6:6A:A9:F8:4F:E1:D6:93:EF:D6:FF:F8:EB:1A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/730c632c-0510-4eef-8649-b29c7a1d089b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:2040::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:9a:8a:35:c2:f5:7b:ae:6f:fe:b4:79:04:bf:72:72:e0:dd:
         ac:7c:39:ac:0f:c8:c7:6a:9a:b0:37:ba:e6:30:02:ae:a3:db:
         cb:39:08:bc:39:17:a5:fe:2a:e2:76:8a:a1:6a:d4:7b:4b:73:
         da:fa:8c:e7:c4:06:da:ea:33:8a:ef:10:3c:d3:69:df:94:c1:
         a4:a1:a5:53:42:ca:d3:e1:a2:f6:3d:1c:1e:9e:8b:7f:9e:9b:
         9c:ed:26:13:40:60:7b:f7:6b:54:ac:9f:d2:b2:f7:bc:3a:53:
         79:19:50:64:ef:de:88:5a:4f:84:1a:8d:db:44:0a:4d:70:ea:
         01:05:d8:9d:94:a0:76:42:a5:e9:9c:2d:fb:5c:5b:98:d7:16:
         8d:4e:42:bc:9a:fa:dd:53:f6:09:e6:3e:4d:70:f5:ed:5b:72:
         45:1d:a5:a9:29:71:dc:43:de:b7:e1:c4:65:0b:9f:0d:93:f4:
         78:3a:f0:23:db:fc:ec:a9:06:ff:0e:3f:78:df:e8:0f:e6:11:
         bd:c9:0c:04:e8:b1:82:01:f4:e9:a6:5f:5e:4f:c1:15:6c:2a:
         6b:bf:8f:37:2e:aa:28:bd:34:73:b6:49:ea:c2:29:ba:c8:a7:
         59:d2:ad:1f:1c:c9:fe:b1:2c:ea:73:f2:69:da:19:b4:e1:f7:
         02:f0:65:62
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUTOsu7U7g9+wCvs05B7jE8yxbf/YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODQwMzJaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDBhM2NiMzQ5MzFiNWU2Y2M2Zjk3NWJiNDg0ZjllMDhkMTEzOThmNzNjMGZh
YjhhYWYyYmI5ZTNhYzgzYjMyN2ExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKB/KUQysUcoQlZFWyOJEksgGgVSChAtwDF9Krjsb69Np2Nxr4yRapS2rETX
4qw0LIX9uW6bqErnTDxCMXEHsmrz52AD+xklebG77Y06/vqosgzxA0al5W+gyPfe
B2Qyvtt3Ol0m9wLdg87fSWSNRt2Oo7r2EdVxWNBQ51/ZoK7ts7z+UoQvyAuuV7Vl
kQ4DVFvsn6oAQvK7puVL5bQWqLNyH2kjWht96ZpvhmJtEBZlm2KRlQ2p7rbkMQjO
2Uz8PAam1BQjpfHuja07EIODpE/Z3+XVsGKZLbHKtAfmNKnm62/qyFBhE9ksD0tT
CHFkaruj9v0F8XNz/1nb+sRnSIcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTFfaTF
D7XGaqn4T+HWk+/W//jrGjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzMwYzYzMmMtMDUxMC00ZWVmLTg2NDktYjI5YzdhMWQwODliLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DEg
QDANBgkqhkiG9w0BAQsFAAOCAQEAjJqKNcL1e65v/rR5BL9ycuDdrHw5rA/Ix2qa
sDe65jACrqPbyzkIvDkXpf4q4naKoWrUe0tz2vqM58QG2uoziu8QPNNp35TBpKGl
U0LK0+Gi9j0cHp6Lf56bnO0mE0Bge/drVKyf0rL3vDpTeRlQZO/eiFpPhBqN20QK
TXDqAQXYnZSgdkKl6Zwt+1xbmNcWjU5CvJr63VP2CeY+TXD17VtyRR2lqSlx3EPe
t+HEZQufDZP0eDrwI9v87KkG/w4/eN/oD+YRvckMBOixggH06aZfXk/BFWwqa7+P
Ny6qKL00c7ZJ6sIpusinWdKtHxzJ/rEs6nPyadoZtOH3AvBlYg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:17 2025 by rpki-client