Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7b5f45a2-ab79-4ad3-a09e-87b355f76732.roa
File:                     7b5f45a2-ab79-4ad3-a09e-87b355f76732.roa (raw, json)
Hash identifier:          pIvCSVIrz4LphKW8XtrerD7MNk2Nj/XlLD3ey31Q+dE=
Subject key identifier:   C0:12:2F:C6:14:E6:99:20:BA:76:24:51:3B:C5:85:66:13:5C:11:21
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6F642702225BEDDBC6C94DE2B862EE8F941D4352
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7b5f45a2-ab79-4ad3-a09e-87b355f76732.roa
Signing time:             Fri 26 Sep 2025 18:20:22 +0000
ROA not before:           Fri 26 Sep 2025 18:20:22 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:e080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:64:27:02:22:5b:ed:db:c6:c9:4d:e2:b8:62:ee:8f:94:1d:43:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:20:22 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=44d2cba0ccefdf9404947f3589420b2973baf5791f9df0fbe2827fdb08620508, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:46:87:17:93:7c:ac:7b:7a:11:f4:1f:ad:3e:
                    69:8e:6c:95:60:7d:a9:9d:8a:5e:69:97:b2:a2:a4:
                    c7:28:22:53:50:b6:8c:f7:bc:79:37:5a:d1:1a:c0:
                    5f:cc:b3:90:d2:fe:b9:73:04:a0:ca:b3:e5:95:0f:
                    8a:fc:4e:ab:85:f9:27:34:64:8a:a2:42:b3:3e:66:
                    d8:43:25:68:61:fe:63:90:b1:77:73:29:11:70:ae:
                    dd:d6:a8:a9:ea:e8:64:f4:72:16:0d:d8:96:f7:88:
                    9e:6e:6e:19:30:ae:ec:66:42:98:f9:64:81:3c:fa:
                    1a:a4:cd:7c:1f:6e:0c:a5:25:d0:d1:36:db:7d:e1:
                    1f:16:f0:37:9b:ec:3f:99:ee:5a:88:b0:87:6d:5e:
                    c7:6b:83:a1:e4:b1:f2:2c:1c:76:db:7d:a9:4c:6f:
                    69:b6:b7:01:4d:9d:1f:53:d2:11:71:94:25:59:cc:
                    c7:91:55:0d:44:e2:76:8e:9d:ff:c6:a8:f7:f1:24:
                    45:56:1c:fa:15:14:b3:27:5f:51:0f:10:a3:7b:81:
                    06:27:d4:13:ca:6e:5c:bf:5c:0f:82:d9:69:80:05:
                    56:2d:af:cc:3c:ee:45:c8:a3:a5:10:23:10:c5:ce:
                    82:2c:cb:9a:0b:df:21:25:ee:a9:dd:bc:18:1b:1d:
                    68:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:12:2F:C6:14:E6:99:20:BA:76:24:51:3B:C5:85:66:13:5C:11:21
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7b5f45a2-ab79-4ad3-a09e-87b355f76732.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:e080::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:8c:58:f6:21:cf:40:ed:de:ca:3e:07:5f:a8:3a:8d:48:fc:
         8b:18:44:11:4d:ae:47:66:03:5f:55:ab:dd:4a:b8:5f:32:29:
         67:08:81:b2:7f:e8:9d:51:2b:01:e5:bf:67:ca:a2:5d:dc:2d:
         68:1d:c9:69:56:2e:3f:9c:d6:f3:8c:1a:52:f5:14:54:5a:37:
         0d:1b:4a:40:a2:4b:a5:61:32:99:6a:b3:75:c9:38:a1:7d:fa:
         86:89:a2:bb:5f:a4:b9:1e:8f:3a:44:ad:dd:4c:ef:0e:03:30:
         e3:de:86:c3:55:3a:b6:fa:db:96:62:41:ab:35:21:c1:fe:62:
         1c:d9:3c:de:c1:81:19:87:48:dc:9c:c0:36:7c:0e:d8:86:58:
         65:a3:ff:d1:fb:44:e8:bd:72:6a:29:70:d4:b0:49:8d:9b:5f:
         4d:a4:a9:83:a6:bd:ee:8c:3a:9d:66:43:ae:41:f9:67:70:7f:
         9e:21:16:42:dd:c2:b4:d7:2a:0d:9b:63:e0:e4:eb:03:c0:95:
         c1:78:ed:dc:68:1f:70:fd:81:09:ac:15:88:e7:cf:1d:c8:2f:
         4e:c9:8d:ac:ee:2b:98:b7:3d:5a:57:f3:22:b9:05:bd:64:35:
         4f:20:25:9a:a7:05:8a:01:21:01:54:f8:85:d9:58:09:0c:02:
         78:b2:55:77
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUb2QnAiJb7dvGyU3iuGLuj5QdQ1IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODIwMjJaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ0ZDJjYmEwY2NlZmRmOTQwNDk0N2YzNTg5NDIwYjI5NzNiYWY1NzkxZjlk
ZjBmYmUyODI3ZmRiMDg2MjA1MDgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMpGhxeTfKx7ehH0H60+aY5slWB9qZ2KXmmXsqKkxygiU1C2jPe8eTda0RrA
X8yzkNL+uXMEoMqz5ZUPivxOq4X5JzRkiqJCsz5m2EMlaGH+Y5Cxd3MpEXCu3dao
qeroZPRyFg3YlveInm5uGTCu7GZCmPlkgTz6GqTNfB9uDKUl0NE2233hHxbwN5vs
P5nuWoiwh21ex2uDoeSx8iwcdtt9qUxvaba3AU2dH1PSEXGUJVnMx5FVDUTido6d
/8ao9/EkRVYc+hUUsydfUQ8Qo3uBBifUE8puXL9cD4LZaYAFVi2vzDzuRcijpRAj
EMXOgizLmgvfISXuqd28GBsdaAMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTAEi/G
FOaZILp2JFE7xYVmE1wRITAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2I1ZjQ1YTItYWI3OS00YWQzLWEwOWUtODdiMzU1Zjc2NzMyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HLg
gDANBgkqhkiG9w0BAQsFAAOCAQEAgYxY9iHPQO3eyj4HX6g6jUj8ixhEEU2uR2YD
X1Wr3Uq4XzIpZwiBsn/onVErAeW/Z8qiXdwtaB3JaVYuP5zW84waUvUUVFo3DRtK
QKJLpWEymWqzdck4oX36homiu1+kuR6POkSt3UzvDgMw496Gw1U6tvrblmJBqzUh
wf5iHNk83sGBGYdI3JzANnwO2IZYZaP/0ftE6L1yailw1LBJjZtfTaSpg6a97ow6
nWZDrkH5Z3B/niEWQt3CtNcqDZtj4OTrA8CVwXjt3GgfcP2BCawViOfPHcgvTsmN
rO4rmLc9WlfzIrkFvWQ1TyAlmqcFigEhAVT4hdlYCQwCeLJVdw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:11 2025 by rpki-client