Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7802179a-c80f-42f1-a50b-a0af1df078c2.roa
File:                     7802179a-c80f-42f1-a50b-a0af1df078c2.roa (raw, json)
Hash identifier:          0hIm5amZ4jYXRQAEnyBI4E1xlu57n0PmNkrDTJKuR0s=
Subject key identifier:   19:D9:5C:48:2B:FE:BD:E0:0E:D2:CD:07:C8:E1:F0:C9:0E:7C:E0:8C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       595438BD6AED8BD989241A977522C4B3977AD0A6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7802179a-c80f-42f1-a50b-a0af1df078c2.roa
Signing time:             Fri 26 Sep 2025 19:38:44 +0000
ROA not before:           Fri 26 Sep 2025 19:38:44 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d059:4000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:54:38:bd:6a:ed:8b:d9:89:24:1a:97:75:22:c4:b3:97:7a:d0:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:38:44 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=2a224469f7bd5d9a5e950ae3597a963cbf5a21b32b6aa437bd5d9aafdc163914, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1c:14:5c:60:18:5e:3d:fc:00:34:1b:e5:0b:
                    2c:ac:55:8b:2c:5a:d1:99:a5:e7:16:e6:5d:8c:9c:
                    d7:1d:20:69:3f:0f:8f:79:1d:be:91:dd:b9:b6:f1:
                    8c:88:e8:8e:e2:05:16:d0:5d:03:2c:d9:9c:bf:cf:
                    72:25:68:1e:e5:82:a0:7c:32:5c:94:da:de:d6:83:
                    0f:cf:a1:26:9c:7c:0d:02:5d:be:32:d2:6a:ef:a1:
                    ba:67:88:b0:06:85:0f:f4:96:a1:dc:a2:1a:cd:78:
                    7f:1b:5b:2a:52:82:f1:9b:ab:5a:3f:43:62:01:24:
                    19:a4:ba:b6:a1:0d:4f:46:f4:2c:5c:8e:20:f6:7a:
                    e9:d9:ed:9a:66:5a:fe:32:af:1c:d2:1d:36:87:11:
                    85:32:aa:99:47:f2:47:b3:42:32:d1:72:ba:2d:0c:
                    41:87:d5:ba:a1:01:be:c2:4a:f8:f0:62:14:d3:0e:
                    92:40:c0:07:ec:54:f9:b9:89:a6:2a:38:9d:42:a8:
                    ee:38:c8:68:8e:69:52:1a:18:19:fe:dd:23:1a:39:
                    65:05:95:e6:c0:76:59:d7:60:de:29:ad:d3:8c:8c:
                    4d:39:84:c5:35:55:ff:38:e0:da:55:65:cc:76:b4:
                    af:0c:c9:da:41:4f:ce:7a:41:23:31:2b:b2:a5:5d:
                    1b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:D9:5C:48:2B:FE:BD:E0:0E:D2:CD:07:C8:E1:F0:C9:0E:7C:E0:8C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7802179a-c80f-42f1-a50b-a0af1df078c2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d059:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         52:48:08:d9:a3:08:d5:a3:a3:5c:76:dd:b2:c6:e4:89:46:42:
         3c:25:cd:e0:cc:4f:dc:95:7b:2f:c6:2a:97:eb:11:b2:a3:f2:
         38:e2:a9:4c:b7:2e:0d:36:6c:05:51:42:74:81:f4:9c:82:c3:
         62:57:65:f2:c8:e4:80:0d:f4:a5:51:35:b7:a4:72:f8:0e:d4:
         89:b0:87:c1:f4:5c:e7:09:b7:a4:c4:45:70:1f:6d:ed:59:83:
         07:85:73:00:f1:84:0e:60:c1:c2:84:ae:60:90:e9:91:15:b2:
         9b:34:cd:64:6e:f9:18:90:75:e0:bd:a7:b8:1d:64:c8:3f:a3:
         1f:ed:34:6f:98:6a:b7:fb:68:75:a1:fb:0e:f8:5d:7f:97:15:
         84:8d:0b:62:51:83:ae:56:6b:74:de:75:72:e8:c8:13:9c:4b:
         be:0b:c8:e8:ad:f4:be:71:11:29:8c:c6:a8:a0:d3:9b:f0:93:
         d1:5a:2e:a3:28:ee:b9:8a:e1:0e:7e:3f:6c:9a:57:81:48:22:
         73:e1:57:ae:fa:35:e0:9f:0b:19:3f:8d:28:61:be:f3:93:8d:
         e2:53:dc:fd:58:c9:ec:f0:d4:41:1c:dc:16:09:93:25:24:e3:
         9c:4f:00:7d:d9:d5:5f:83:33:bb:8b:e3:49:a2:e2:07:85:8e:
         3c:67:76:ce
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUWVQ4vWrti9mJJBqXdSLEs5d60KYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTM4NDRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDJhMjI0NDY5ZjdiZDVkOWE1ZTk1MGFlMzU5N2E5NjNjYmY1YTIxYjMyYjZh
YTQzN2JkNWQ5YWFmZGMxNjM5MTQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL4cFFxgGF49/AA0G+ULLKxViyxa0Zml5xbmXYyc1x0gaT8Pj3kdvpHdubbx
jIjojuIFFtBdAyzZnL/PciVoHuWCoHwyXJTa3taDD8+hJpx8DQJdvjLSau+humeI
sAaFD/SWodyiGs14fxtbKlKC8ZurWj9DYgEkGaS6tqENT0b0LFyOIPZ66dntmmZa
/jKvHNIdNocRhTKqmUfyR7NCMtFyui0MQYfVuqEBvsJK+PBiFNMOkkDAB+xU+bmJ
pio4nUKo7jjIaI5pUhoYGf7dIxo5ZQWV5sB2Wddg3imt04yMTTmExTVV/zjg2lVl
zHa0rwzJ2kFPznpBIzErsqVdG2MCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQZ2VxI
K/694A7SzQfI4fDJDnzgjDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzgwMjE3OWEtYzgwZi00MmYxLWE1MGItYTBhZjFkZjA3OGMyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FlA
MA0GCSqGSIb3DQEBCwUAA4IBAQBSSAjZowjVo6Ncdt2yxuSJRkI8Jc3gzE/clXsv
xiqX6xGyo/I44qlMty4NNmwFUUJ0gfScgsNiV2XyyOSADfSlUTW3pHL4DtSJsIfB
9FznCbekxEVwH23tWYMHhXMA8YQOYMHChK5gkOmRFbKbNM1kbvkYkHXgvae4HWTI
P6Mf7TRvmGq3+2h1ofsO+F1/lxWEjQtiUYOuVmt03nVy6MgTnEu+C8jorfS+cREp
jMaooNOb8JPRWi6jKO65iuEOfj9smleBSCJz4Veu+jXgnwsZP40oYb7zk43iU9z9
WMns8NRBHNwWCZMlJOOcTwB92dVfgzO7i+NJouIHhY48Z3bO
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:19 2025 by rpki-client