Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/73745b45-c65b-482b-9e7a-25a90d279147.roa
File:                     73745b45-c65b-482b-9e7a-25a90d279147.roa (raw, json)
Hash identifier:          MCTqtNsyUcnRLyr8kqSYjHAPU2yJ7I5ZY1D8BGzCoG4=
Subject key identifier:   DF:D4:BE:FB:4D:C8:2B:94:F6:4E:61:C1:AF:F4:63:12:EB:7A:61:AA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0FC7B7CA143DD50A42FF638371FFC7569F463BC9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/73745b45-c65b-482b-9e7a-25a90d279147.roa
Signing time:             Fri 17 Oct 2025 21:10:18 +0000
ROA not before:           Fri 17 Oct 2025 21:10:18 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07b:4000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:c7:b7:ca:14:3d:d5:0a:42:ff:63:83:71:ff:c7:56:9f:46:3b:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 17 21:10:18 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=eee50285db12d2cd86d5aa534baaf8f05f9bdb1b36bd37765d770f6820f251f2, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:df:4a:c3:89:f5:5f:46:a9:74:5f:89:62:c4:
                    91:2e:ac:d3:7b:7e:40:f9:f5:bb:df:d9:45:ad:9c:
                    de:53:50:de:c0:57:a1:08:a4:32:a4:1c:38:be:81:
                    73:e4:fd:46:8c:f8:8a:b5:ca:4c:89:d9:95:fe:27:
                    1e:68:e1:93:80:ae:d7:f3:b3:c5:d7:67:10:fa:71:
                    5e:c6:8f:e2:51:00:36:21:b9:7d:dc:18:af:99:45:
                    d2:4e:d0:26:7c:35:c2:9a:8b:a3:23:ae:82:70:db:
                    39:32:75:b3:29:16:21:aa:6b:a3:ef:f0:04:86:31:
                    b8:ab:27:33:c9:97:70:76:0c:80:69:fd:db:25:ab:
                    ad:89:49:78:b3:c7:ae:a5:59:89:b3:46:af:41:b1:
                    a7:0d:f5:ce:65:d1:ec:5d:be:23:13:c2:8e:0e:12:
                    72:ea:ed:43:81:7b:5d:ef:3f:ea:7f:91:96:f6:65:
                    20:9c:5b:cd:6e:b8:ba:fb:27:af:4a:db:e6:d1:13:
                    e2:35:c4:76:40:b3:a1:f3:f5:32:aa:94:dc:22:31:
                    5d:f6:d2:83:60:24:e4:4a:3d:70:0f:21:85:88:99:
                    c6:3a:dc:90:76:11:af:30:da:eb:b7:bd:2d:28:e3:
                    09:72:a0:43:27:68:ef:4c:2e:15:a6:3e:32:d3:f8:
                    b8:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:D4:BE:FB:4D:C8:2B:94:F6:4E:61:C1:AF:F4:63:12:EB:7A:61:AA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/73745b45-c65b-482b-9e7a-25a90d279147.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07b:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8f:31:c3:c5:68:5e:a3:ba:3b:ac:99:06:04:69:ea:8b:23:6f:
         91:e3:fc:32:15:0f:e5:a3:17:c6:20:06:21:85:e0:30:9f:d7:
         da:4d:b5:0a:64:be:15:f5:08:a4:12:a7:96:ce:ea:b3:90:36:
         14:1d:47:51:a6:2a:95:a5:72:3c:4d:ef:73:44:e0:e0:61:c5:
         19:ee:1a:5e:53:c4:41:18:f0:8f:6f:9f:e6:b1:2b:f0:18:af:
         0d:22:d3:5f:13:65:cf:8d:c8:6c:3e:f2:9b:a1:5e:89:ff:47:
         17:58:26:e2:e7:e0:90:1c:8e:9c:83:12:b1:79:b5:f4:cc:1d:
         a0:c3:b6:84:c4:1d:69:12:3c:65:9b:06:08:56:b4:0d:10:36:
         80:98:da:be:2c:ca:a7:41:d6:ac:95:d9:75:11:ff:a4:3d:d5:
         f8:99:a0:11:44:10:16:3a:97:65:84:f1:4e:01:68:f9:f6:d5:
         da:2c:4e:d5:24:bf:ae:79:61:4a:82:19:a7:56:df:00:e2:06:
         ba:54:c3:ed:e5:c6:ac:81:b6:48:dd:8f:14:30:24:b7:a3:0a:
         b9:d9:c2:74:fc:71:0b:f2:95:36:80:5f:1e:50:47:1d:8c:f4:
         c9:b8:99:4f:50:05:89:47:c7:2b:ac:7c:99:05:ab:db:07:c4:
         17:f5:ee:12
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUD8e3yhQ91QpC/2ODcf/HVp9GO8kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTcyMTEwMThaFw0yNTExMjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGVlZTUwMjg1ZGIxMmQyY2Q4NmQ1YWE1MzRiYWFmOGYwNWY5YmRiMWIzNmJk
Mzc3NjVkNzcwZjY4MjBmMjUxZjIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM3fSsOJ9V9GqXRfiWLEkS6s03t+QPn1u9/ZRa2c3lNQ3sBXoQikMqQcOL6B
c+T9Roz4irXKTInZlf4nHmjhk4Cu1/OzxddnEPpxXsaP4lEANiG5fdwYr5lF0k7Q
Jnw1wpqLoyOugnDbOTJ1sykWIapro+/wBIYxuKsnM8mXcHYMgGn92yWrrYlJeLPH
rqVZibNGr0Gxpw31zmXR7F2+IxPCjg4ScurtQ4F7Xe8/6n+RlvZlIJxbzW64uvsn
r0rb5tET4jXEdkCzofP1MqqU3CIxXfbSg2Ak5Eo9cA8hhYiZxjrckHYRrzDa67e9
LSjjCXKgQydo70wuFaY+MtP4uPsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTf1L77
TcgrlPZOYcGv9GMS63phqjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzM3NDViNDUtYzY1Yi00ODJiLTllN2EtMjVhOTBkMjc5MTQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HtA
MA0GCSqGSIb3DQEBCwUAA4IBAQCPMcPFaF6jujusmQYEaeqLI2+R4/wyFQ/loxfG
IAYhheAwn9faTbUKZL4V9QikEqeWzuqzkDYUHUdRpiqVpXI8Te9zRODgYcUZ7hpe
U8RBGPCPb5/msSvwGK8NItNfE2XPjchsPvKboV6J/0cXWCbi5+CQHI6cgxKxebX0
zB2gw7aExB1pEjxlmwYIVrQNEDaAmNq+LMqnQdasldl1Ef+kPdX4maARRBAWOpdl
hPFOAWj59tXaLE7VJL+ueWFKghmnVt8A4ga6VMPt5casgbZI3Y8UMCS3owq52cJ0
/HEL8pU2gF8eUEcdjPTJuJlPUAWJR8crrHyZBavbB8QX9e4S
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:37 2025 by rpki-client