Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7a2215e7-5ee2-420b-8f98-5e0faef4cbea.roa
File:                     7a2215e7-5ee2-420b-8f98-5e0faef4cbea.roa (raw, json)
Hash identifier:          mM7d4vdUqtTgkBcUt/zh0Hz3Et4zvsVHHFAbxfCDWwQ=
Subject key identifier:   41:23:CE:C5:75:E4:7A:28:37:CD:A4:00:CC:16:63:61:6C:E3:C4:B0
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6F538C06854DA63E05862601BCAD2C65A6570831
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7a2215e7-5ee2-420b-8f98-5e0faef4cbea.roa
Signing time:             Fri 26 Sep 2025 19:21:04 +0000
ROA not before:           Fri 26 Sep 2025 19:21:04 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d038:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:53:8c:06:85:4d:a6:3e:05:86:26:01:bc:ad:2c:65:a6:57:08:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:21:04 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=0bdc668f7a4617634e2a351e22f2ed9b0859935480aa01e39d1eaf0b92bcdfaa, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d3:12:81:ad:3b:e8:e8:b9:d1:0a:76:a2:51:
                    d2:75:3b:59:4c:2c:8d:2c:2a:38:86:33:fc:9d:43:
                    34:49:71:51:dc:57:41:1e:3c:66:e6:c8:f3:5a:0d:
                    5d:43:0e:5d:af:4c:f5:7e:aa:3e:0b:82:38:8c:30:
                    c6:ae:89:7c:ca:54:6f:3b:f3:7e:17:c1:c4:f4:74:
                    34:30:48:42:84:26:ac:c3:01:c8:22:15:4c:ca:3c:
                    b2:ca:93:79:b0:60:5e:8f:70:32:44:d9:cc:b9:e9:
                    97:21:6f:69:ce:5e:f3:6b:c4:1e:6e:5a:c3:73:d2:
                    34:80:ce:a7:5e:44:7d:d3:d8:f6:66:1a:98:3a:2d:
                    69:b8:5e:4a:67:87:0c:39:08:ff:a5:a4:3f:45:f5:
                    6a:94:e3:f9:ca:de:e6:65:97:80:7b:3b:a1:80:99:
                    96:92:39:d9:3c:66:5f:cb:93:43:03:f4:5d:7a:8a:
                    c9:99:b0:8d:6c:a7:72:7f:c1:aa:f7:5f:78:da:57:
                    67:e3:df:4b:7f:82:b2:8b:d0:d6:3d:76:86:73:30:
                    4a:1d:ad:ab:4d:8e:f7:0c:f3:48:8c:36:b7:5c:82:
                    ba:9c:d1:82:ac:38:e6:2a:96:c6:51:63:19:5d:eb:
                    a5:ac:1e:95:cd:67:aa:b2:cc:2d:4e:95:ba:46:93:
                    2e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:23:CE:C5:75:E4:7A:28:37:CD:A4:00:CC:16:63:61:6C:E3:C4:B0
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7a2215e7-5ee2-420b-8f98-5e0faef4cbea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d038:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         37:bf:20:f8:e8:ce:3b:64:dc:02:19:b4:04:81:cf:37:0a:eb:
         84:01:5c:93:68:78:56:44:4c:61:30:c7:29:92:3e:54:74:e5:
         d1:da:06:a5:d2:4d:c3:60:df:6a:db:e2:d0:06:21:4c:05:32:
         9b:d1:eb:1f:ee:79:41:50:5e:a4:af:3a:e3:ad:66:60:d9:39:
         0c:da:9d:5d:8e:e0:3a:4f:c9:04:b2:99:ce:fe:05:60:ef:5e:
         e4:a5:eb:b8:8f:d3:a2:60:bd:bd:bf:72:31:43:41:88:a5:e5:
         ce:7d:89:fb:cb:2b:ad:6f:c7:16:58:cb:aa:b2:ee:d4:42:bf:
         3f:43:df:a6:82:ac:9f:3b:19:3e:f1:29:39:0e:b1:23:ac:97:
         14:3d:50:0f:7f:fe:d8:e3:db:0d:f7:c4:58:33:45:f6:ff:5a:
         20:50:33:ff:0a:89:8a:5a:7f:c2:b1:97:4b:5c:93:0f:22:71:
         cd:f7:66:36:f9:75:53:24:1c:14:ff:09:2b:9b:1d:69:60:eb:
         97:8f:ca:42:01:97:62:5e:a3:b3:3d:62:d1:cb:d3:0a:87:cc:
         55:5a:2a:52:4b:4c:44:7b:e5:41:2a:2c:ee:2c:20:d4:fe:fd:
         68:c7:18:42:de:46:f3:0f:ba:36:41:4c:a6:92:7d:a3:6d:78:
         41:f0:ed:13
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUb1OMBoVNpj4FhiYBvK0sZaZXCDEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTIxMDRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDBiZGM2NjhmN2E0NjE3NjM0ZTJhMzUxZTIyZjJlZDliMDg1OTkzNTQ4MGFh
MDFlMzlkMWVhZjBiOTJiY2RmYWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALfTEoGtO+joudEKdqJR0nU7WUwsjSwqOIYz/J1DNElxUdxXQR48ZubI81oN
XUMOXa9M9X6qPguCOIwwxq6JfMpUbzvzfhfBxPR0NDBIQoQmrMMByCIVTMo8ssqT
ebBgXo9wMkTZzLnplyFvac5e82vEHm5aw3PSNIDOp15EfdPY9mYamDotabheSmeH
DDkI/6WkP0X1apTj+cre5mWXgHs7oYCZlpI52TxmX8uTQwP0XXqKyZmwjWyncn/B
qvdfeNpXZ+PfS3+CsovQ1j12hnMwSh2tq02O9wzzSIw2t1yCupzRgqw45iqWxlFj
GV3rpawelc1nqrLMLU6VukaTLgMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRBI87F
deR6KDfNpADMFmNhbOPEsDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2EyMjE1ZTctNWVlMi00MjBiLThmOTgtNWUwZmFlZjRjYmVhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Djg
MA0GCSqGSIb3DQEBCwUAA4IBAQA3vyD46M47ZNwCGbQEgc83CuuEAVyTaHhWRExh
MMcpkj5UdOXR2gal0k3DYN9q2+LQBiFMBTKb0esf7nlBUF6krzrjrWZg2TkM2p1d
juA6T8kEspnO/gVg717kpeu4j9OiYL29v3IxQ0GIpeXOfYn7yyutb8cWWMuqsu7U
Qr8/Q9+mgqyfOxk+8Sk5DrEjrJcUPVAPf/7Y49sN98RYM0X2/1ogUDP/ComKWn/C
sZdLXJMPInHN92Y2+XVTJBwU/wkrmx1pYOuXj8pCAZdiXqOzPWLRy9MKh8xVWipS
S0xEe+VBKizuLCDU/v1oxxhC3kbzD7o2QUymkn2jbXhB8O0T
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:46:56 2025 by rpki-client