Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7381c075-d96b-43bf-8a89-25dbab9a1a8d.roa
File:                     7381c075-d96b-43bf-8a89-25dbab9a1a8d.roa (raw, json)
Hash identifier:          qRVcs3L08O4yPqLKBuJxCeKpag5ii8Ocba7VifmIJbE=
Subject key identifier:   88:2A:95:EF:87:5C:A6:04:9F:5A:B9:84:14:13:B9:AD:1C:86:1F:D3
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       34F3C1CB1C3072D1D614A0CB2EBF41EDFEF5FEB9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7381c075-d96b-43bf-8a89-25dbab9a1a8d.roa
Signing time:             Mon 29 Sep 2025 15:24:40 +0000
ROA not before:           Mon 29 Sep 2025 15:24:40 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d010::/28 maxlen: 28
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:f3:c1:cb:1c:30:72:d1:d6:14:a0:cb:2e:bf:41:ed:fe:f5:fe:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 29 15:24:40 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=505c7f1fdc4ea2e797316ab5dfc1add7bd51ca24913349050619759d1a404112, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:9f:8e:bd:d9:a5:19:37:38:ba:33:b9:4f:0d:
                    67:ea:09:42:5d:0c:6f:e6:8c:dd:55:72:0b:3e:70:
                    0e:43:b9:06:06:66:c5:68:49:7d:96:cd:63:2b:e3:
                    8a:75:b6:3f:e7:04:14:db:99:c6:a0:f4:42:f0:0e:
                    a6:ca:b7:44:f9:ec:f5:80:02:16:40:5a:65:47:20:
                    2e:61:63:2b:f8:7c:b9:70:48:a6:7d:85:01:95:70:
                    9a:b9:37:ed:b8:12:a6:6f:19:6d:66:57:8d:49:e6:
                    6f:d0:a6:cb:a1:e2:65:de:49:ea:07:b1:bf:02:51:
                    aa:eb:4d:f6:a0:89:26:26:93:08:d1:c0:4f:ec:19:
                    ba:ca:e5:9b:0e:4a:b3:9f:40:1a:1e:21:86:2a:86:
                    49:a9:1e:ca:50:80:88:40:80:a5:1b:db:6c:a9:13:
                    53:1f:cd:65:7b:f4:b1:9b:58:66:9e:6c:58:ed:3e:
                    72:7a:5b:9e:42:96:9f:86:a3:dc:9b:26:59:60:29:
                    41:e6:1b:99:c1:9c:2c:8b:b1:df:d7:58:3a:1c:84:
                    93:40:ec:bf:b8:1e:47:77:36:ef:4c:2a:51:fb:d6:
                    94:28:80:b6:cd:f1:bd:44:11:1e:13:47:7e:f8:7a:
                    98:ba:8d:3c:d5:3d:66:6b:5b:38:ce:cf:09:6c:38:
                    94:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:2A:95:EF:87:5C:A6:04:9F:5A:B9:84:14:13:B9:AD:1C:86:1F:D3
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7381c075-d96b-43bf-8a89-25dbab9a1a8d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d010::/28

    Signature Algorithm: sha256WithRSAEncryption
         84:6e:46:5d:65:30:64:2a:74:84:e1:e2:96:0e:79:4a:d4:84:
         9c:a1:ef:8a:94:4a:1e:6f:c7:9c:c7:14:5c:3e:24:2e:88:7b:
         a7:45:80:63:55:5a:81:e0:ab:f9:6e:8e:ad:9e:b2:dc:66:53:
         b5:81:5c:7d:bc:3c:db:56:73:f0:21:41:01:72:54:6c:b9:b7:
         68:02:4b:e7:7a:b7:62:c1:76:32:e4:36:38:4b:38:ae:e9:cc:
         1e:9c:cb:5f:ae:dc:6e:16:d3:bf:47:88:28:91:56:89:24:d3:
         69:08:a3:aa:2e:6c:32:1d:bf:36:2c:6e:dd:ae:cb:dc:2c:74:
         26:4e:6f:93:f2:cf:23:9e:16:cd:14:1d:75:c2:d6:e4:5b:25:
         9f:5c:6f:8d:0a:d0:85:1a:b0:fd:17:44:d0:75:0e:ba:d8:a0:
         7e:c5:e6:ca:0b:f1:f3:4f:0f:ee:1d:68:18:20:17:2d:4a:56:
         89:c1:b1:1d:ec:26:ff:f8:fa:49:8d:01:ef:33:a9:f8:bb:37:
         44:ef:ee:34:93:62:fa:05:1d:a1:ff:f5:8b:e2:b7:71:7d:b9:
         fb:26:5b:8e:e8:e5:15:be:3e:2b:65:67:d2:1d:f0:7b:4d:9f:
         85:78:c1:70:1a:15:81:5f:3d:ad:db:f3:73:52:68:36:29:2d:
         89:a0:6a:2b
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUNPPByxwwctHWFKDLLr9B7f71/rkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjkxNTI0NDBaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDUwNWM3ZjFmZGM0ZWEyZTc5NzMxNmFiNWRmYzFhZGQ3YmQ1MWNhMjQ5MTMz
NDkwNTA2MTk3NTlkMWE0MDQxMTIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ+fjr3ZpRk3OLozuU8NZ+oJQl0Mb+aM3VVyCz5wDkO5BgZmxWhJfZbNYyvj
inW2P+cEFNuZxqD0QvAOpsq3RPns9YACFkBaZUcgLmFjK/h8uXBIpn2FAZVwmrk3
7bgSpm8ZbWZXjUnmb9Cmy6HiZd5J6gexvwJRqutN9qCJJiaTCNHAT+wZusrlmw5K
s59AGh4hhiqGSakeylCAiECApRvbbKkTUx/NZXv0sZtYZp5sWO0+cnpbnkKWn4aj
3JsmWWApQeYbmcGcLIux39dYOhyEk0Dsv7geR3c270wqUfvWlCiAts3xvUQRHhNH
fvh6mLqNPNU9ZmtbOM7PCWw4lMsCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBSIKpXv
h1ymBJ9auYQUE7mtHIYf0zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzM4MWMwNzUtZDk2Yi00M2JmLThhODktMjVkYmFiOWExYThkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFBCoF0BAw
DQYJKoZIhvcNAQELBQADggEBAIRuRl1lMGQqdITh4pYOeUrUhJyh74qUSh5vx5zH
FFw+JC6Ie6dFgGNVWoHgq/lujq2estxmU7WBXH28PNtWc/AhQQFyVGy5t2gCS+d6
t2LBdjLkNjhLOK7pzB6cy1+u3G4W079HiCiRVokk02kIo6oubDIdvzYsbt2uy9ws
dCZOb5PyzyOeFs0UHXXC1uRbJZ9cb40K0IUasP0XRNB1DrrYoH7F5soL8fNPD+4d
aBggFy1KVonBsR3sJv/4+kmNAe8zqfi7N0Tv7jSTYvoFHaH/9Yvit3F9ufsmW47o
5RW+PitlZ9Id8HtNn4V4wXAaFYFfPa3b83NSaDYpLYmgais=
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:08 2025 by rpki-client