Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/758ab83f-3a25-48db-a214-04c27915b62e.roa
File:                     758ab83f-3a25-48db-a214-04c27915b62e.roa (raw, json)
Hash identifier:          LHC/PiUCXF2hgef5NTayk05JRm5VDL4VDX3GsH3921A=
Subject key identifier:   D3:38:80:68:B1:35:22:67:AA:A3:8C:00:36:70:34:D3:FA:2D:97:AA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7460734537794610063A0C976F8B30A8F19A994E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/758ab83f-3a25-48db-a214-04c27915b62e.roa
Signing time:             Fri 26 Sep 2025 19:40:44 +0000
ROA not before:           Fri 26 Sep 2025 19:40:44 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d06d:a000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:60:73:45:37:79:46:10:06:3a:0c:97:6f:8b:30:a8:f1:9a:99:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:40:44 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=2c05effef11b0848d5aaed41b1ef81b8adb09ac49f02ecb6bdb7cfcb2ce0ddc8, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:57:cf:b0:ef:51:3c:35:e1:24:41:42:e9:b5:
                    95:d7:cb:8a:a6:22:ff:1b:6f:04:3f:d1:3d:49:1a:
                    92:47:ab:2f:5b:41:af:b8:2c:34:12:63:2e:fe:92:
                    fd:1d:dc:1a:32:d5:60:61:b3:74:65:eb:6f:01:bf:
                    bb:b4:dd:71:19:3f:c8:5c:7a:aa:7d:91:69:19:80:
                    12:82:61:c5:e7:2d:00:0e:f3:27:39:22:34:d4:b6:
                    77:ca:39:f4:ff:20:ee:d8:42:74:5d:c0:e8:0d:50:
                    13:d5:e6:fb:3c:e9:b8:fc:7a:d3:12:10:91:3a:0c:
                    c2:3d:33:e4:93:7d:b0:01:71:be:63:bb:56:66:80:
                    ee:0a:3c:0e:52:86:cb:e6:76:fb:8a:4e:a3:2c:90:
                    d1:5a:12:cc:5b:2a:25:bd:08:7b:64:0b:e1:49:07:
                    87:8c:e9:b7:53:a7:16:cf:0f:06:c3:9b:cb:46:7f:
                    dc:4a:23:46:04:47:2a:c5:2e:0b:46:22:ea:a5:2d:
                    ce:80:76:00:a4:57:2f:ca:3e:d2:40:ab:d5:1c:85:
                    98:c3:ba:8d:c6:ff:36:72:4f:8e:2c:91:f9:c5:86:
                    46:a1:4d:7c:be:25:97:b7:ff:b2:b4:d6:b7:98:b2:
                    00:73:3f:cd:0b:a6:d7:9f:eb:e2:c9:5f:33:34:b8:
                    e8:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:38:80:68:B1:35:22:67:AA:A3:8C:00:36:70:34:D3:FA:2D:97:AA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/758ab83f-3a25-48db-a214-04c27915b62e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d06d:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         11:05:67:1e:ec:25:52:0e:f2:8d:a5:0a:a5:ef:4f:42:9c:45:
         0c:78:3a:77:6b:4e:80:9e:a8:a0:74:12:99:55:a5:5b:76:5c:
         e0:fd:01:d7:f4:3d:1a:74:f1:da:bd:da:b2:86:0a:c5:96:65:
         b7:0d:04:83:b4:8c:0b:82:d0:d6:61:a2:c6:14:7f:69:7b:ef:
         51:59:43:c2:03:86:02:f0:cb:78:ef:26:a7:3f:2b:3f:27:54:
         f2:92:f5:1b:16:34:4b:a3:27:f4:94:ac:c8:79:2c:0b:2d:df:
         e5:7c:df:f3:c7:37:b0:2b:8a:ba:23:fd:85:d7:68:31:1e:0f:
         d2:e1:68:3c:e9:c7:e8:19:41:b2:2f:f6:24:06:bf:f0:6f:e0:
         cc:1f:4a:2d:11:38:69:e1:1a:87:e6:44:48:a0:6d:4c:90:2e:
         dc:35:0a:ee:9d:dc:d9:ef:9c:65:33:a9:9b:24:4b:9b:42:98:
         0f:0c:ca:54:80:42:25:64:1c:49:c0:1e:51:6b:91:c3:9a:3d:
         9d:50:b6:84:63:cc:19:e2:89:93:f1:c7:83:27:27:bd:8f:ee:
         6c:96:47:72:9e:c0:e3:ac:01:9f:7b:f6:dd:63:81:65:2d:b6:
         44:dd:98:f4:fd:72:49:4d:e5:43:ee:1a:75:12:e8:8e:2b:60:
         ce:84:ae:c0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdGBzRTd5RhAGOgyXb4swqPGamU4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQwNDRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDJjMDVlZmZlZjExYjA4NDhkNWFhZWQ0MWIxZWY4MWI4YWRiMDlhYzQ5ZjAy
ZWNiNmJkYjdjZmNiMmNlMGRkYzgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANpXz7DvUTw14SRBQum1ldfLiqYi/xtvBD/RPUkakkerL1tBr7gsNBJjLv6S
/R3cGjLVYGGzdGXrbwG/u7TdcRk/yFx6qn2RaRmAEoJhxectAA7zJzkiNNS2d8o5
9P8g7thCdF3A6A1QE9Xm+zzpuPx60xIQkToMwj0z5JN9sAFxvmO7VmaA7go8DlKG
y+Z2+4pOoyyQ0VoSzFsqJb0Ie2QL4UkHh4zpt1OnFs8PBsOby0Z/3EojRgRHKsUu
C0Yi6qUtzoB2AKRXL8o+0kCr1RyFmMO6jcb/NnJPjiyR+cWGRqFNfL4ll7f/srTW
t5iyAHM/zQum15/r4slfMzS46BsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTTOIBo
sTUiZ6qjjAA2cDTT+i2XqjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzU4YWI4M2YtM2EyNS00OGRiLWEyMTQtMDRjMjc5MTViNjJlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G2g
MA0GCSqGSIb3DQEBCwUAA4IBAQARBWce7CVSDvKNpQql709CnEUMeDp3a06Anqig
dBKZVaVbdlzg/QHX9D0adPHavdqyhgrFlmW3DQSDtIwLgtDWYaLGFH9pe+9RWUPC
A4YC8Mt47yanPys/J1TykvUbFjRLoyf0lKzIeSwLLd/lfN/zxzewK4q6I/2F12gx
Hg/S4Wg86cfoGUGyL/YkBr/wb+DMH0otEThp4RqH5kRIoG1MkC7cNQrundzZ75xl
M6mbJEubQpgPDMpUgEIlZBxJwB5Ra5HDmj2dULaEY8wZ4omT8ceDJye9j+5slkdy
nsDjrAGfe/bdY4FlLbZE3Zj0/XJJTeVD7hp1EuiOK2DOhK7A
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:05 2025 by rpki-client