Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/73488a43-875c-415a-9969-c278b245b9fb.roa
File:                     73488a43-875c-415a-9969-c278b245b9fb.roa (raw, json)
Hash identifier:          G4VDc8sq1e9Co+Bunmiua8jFGoiuaiDAlUAXutr7KvY=
Subject key identifier:   64:8A:44:8B:D1:32:D8:66:B3:3F:CA:96:F3:F0:07:A2:B7:5E:11:E5
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       024FEEA93FF97AA2320DCF9E49DE9A3E919025C8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/73488a43-875c-415a-9969-c278b245b9fb.roa
Signing time:             Fri 26 Sep 2025 19:10:21 +0000
ROA not before:           Fri 26 Sep 2025 19:10:21 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:e080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:4f:ee:a9:3f:f9:7a:a2:32:0d:cf:9e:49:de:9a:3e:91:90:25:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:10:21 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=248c9acd97208b4e4eb0123ebe1bffa00bbab9c5662b0841052d4433aaa40955, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d2:0d:4f:04:88:f6:ba:a7:76:2f:c5:fa:98:
                    ab:ee:d8:79:9b:4d:c9:8d:1b:33:c6:27:1b:5e:7b:
                    66:9b:52:18:c0:21:78:c0:96:5b:e2:d8:14:73:16:
                    d6:d4:4a:5e:7b:c3:e8:c3:74:67:2d:e8:b6:71:a6:
                    4e:47:2c:05:f2:ca:79:2b:62:16:82:ad:96:27:25:
                    c0:64:45:48:09:70:10:c8:1d:e2:e5:4c:0c:4e:ea:
                    09:f2:c5:38:66:c0:d5:e5:96:f7:e1:90:e2:22:a3:
                    2f:5d:65:ca:6e:db:e7:67:2b:86:c3:ff:7f:b4:db:
                    35:ab:be:47:ba:48:a3:f2:09:17:c6:ea:ea:1a:39:
                    5b:4c:f0:3e:a7:be:f0:d0:06:0f:41:89:61:71:de:
                    1b:34:e1:b3:72:98:3f:5c:31:25:cf:60:04:db:60:
                    c1:28:aa:67:12:ce:0b:c1:2d:c0:db:3e:4c:b9:ce:
                    6c:74:8a:24:44:aa:d9:9e:03:1b:fe:bc:6f:d4:b2:
                    df:77:f4:eb:e8:c4:fc:ba:bc:92:19:68:b7:9b:5c:
                    0a:ff:5c:cb:69:28:d1:32:a9:c0:87:57:4f:4f:31:
                    1e:6a:66:64:01:62:91:04:cb:be:9b:a3:99:07:d4:
                    53:a4:df:d2:2b:5a:b5:b8:78:04:18:6b:4a:ad:2a:
                    86:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:8A:44:8B:D1:32:D8:66:B3:3F:CA:96:F3:F0:07:A2:B7:5E:11:E5
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/73488a43-875c-415a-9969-c278b245b9fb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:e080::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:af:fa:7e:ec:a1:6e:09:fa:5a:81:ff:15:b5:aa:d7:46:09:
         96:ce:d3:88:d9:5b:4c:03:ce:a9:4e:a1:12:ce:23:32:85:36:
         8c:64:94:91:e2:70:36:84:5f:db:39:cc:35:24:c4:f5:96:a2:
         05:5a:3b:6b:89:b7:c6:bc:79:7e:36:fa:4a:1e:90:5f:23:88:
         8c:81:3b:db:55:13:cf:28:9d:4f:8b:83:3b:2b:bc:3d:82:1f:
         fc:2b:dd:f3:fa:e8:3f:1c:b6:da:b8:1c:12:99:ae:eb:97:cf:
         59:e7:5e:5a:bd:c8:5b:92:68:33:d8:a7:e4:93:74:e4:11:f5:
         1a:e1:c1:d5:58:16:06:89:9e:69:54:17:a3:92:07:c8:bb:19:
         0b:fd:e8:27:45:0e:f5:41:6c:1b:28:b3:2d:d4:72:de:8e:1b:
         b1:00:e3:fa:88:6e:8f:e6:f4:ab:d6:39:f2:3e:18:ab:ff:19:
         e9:c1:a7:fe:c6:ae:75:3e:a5:1e:e3:3a:4d:9b:77:e6:5b:6e:
         10:d6:9c:79:cc:24:e9:85:06:47:f1:45:6f:b0:6b:4a:7d:c0:
         a8:1c:31:fa:eb:bd:c1:a5:e4:7b:9e:56:5b:f3:78:fb:db:fc:
         77:76:d3:80:44:af:c7:1e:19:e9:83:5f:5b:29:61:09:c8:ce:
         9c:af:c0:e3
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUAk/uqT/5eqIyDc+eSd6aPpGQJcgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTEwMjFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDI0OGM5YWNkOTcyMDhiNGU0ZWIwMTIzZWJlMWJmZmEwMGJiYWI5YzU2NjJi
MDg0MTA1MmQ0NDMzYWFhNDA5NTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALnSDU8EiPa6p3YvxfqYq+7YeZtNyY0bM8YnG157ZptSGMAheMCWW+LYFHMW
1tRKXnvD6MN0Zy3otnGmTkcsBfLKeStiFoKtliclwGRFSAlwEMgd4uVMDE7qCfLF
OGbA1eWW9+GQ4iKjL11lym7b52crhsP/f7TbNau+R7pIo/IJF8bq6ho5W0zwPqe+
8NAGD0GJYXHeGzThs3KYP1wxJc9gBNtgwSiqZxLOC8EtwNs+TLnObHSKJESq2Z4D
G/68b9Sy33f06+jE/Lq8khlot5tcCv9cy2ko0TKpwIdXT08xHmpmZAFikQTLvpuj
mQfUU6Tf0itatbh4BBhrSq0qhkMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRkikSL
0TLYZrM/ypbz8Aeit14R5TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzM0ODhhNDMtODc1Yy00MTVhLTk5NjktYzI3OGIyNDViOWZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H/g
gDANBgkqhkiG9w0BAQsFAAOCAQEAv6/6fuyhbgn6WoH/FbWq10YJls7TiNlbTAPO
qU6hEs4jMoU2jGSUkeJwNoRf2znMNSTE9ZaiBVo7a4m3xrx5fjb6Sh6QXyOIjIE7
21UTzyidT4uDOyu8PYIf/Cvd8/roPxy22rgcEpmu65fPWedeWr3IW5JoM9in5JN0
5BH1GuHB1VgWBomeaVQXo5IHyLsZC/3oJ0UO9UFsGyizLdRy3o4bsQDj+ohuj+b0
q9Y58j4Yq/8Z6cGn/saudT6lHuM6TZt35ltuENacecwk6YUGR/FFb7BrSn3AqBwx
+uu9waXke55WW/N4+9v8d3bTgESvxx4Z6YNfWylhCcjOnK/A4w==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:07 2025 by rpki-client