Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7cde858d-62b0-4607-8c80-6907e7e92d59.roa
File:                     7cde858d-62b0-4607-8c80-6907e7e92d59.roa (raw, json)
Hash identifier:          FdSWmhbsCuxpXqRDkrh8PTTww3nBc4Td9Wbo8mXeRA8=
Subject key identifier:   86:34:01:B0:FD:DB:C6:F7:5C:8D:86:35:9D:7C:4B:C5:53:E9:B8:A0
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5FE0CAD992B47F479B6F824E290227CFC791336A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7cde858d-62b0-4607-8c80-6907e7e92d59.roa
Signing time:             Fri 10 Oct 2025 17:04:19 +0000
ROA not before:           Fri 10 Oct 2025 17:04:19 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2a05:d059:800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:e0:ca:d9:92:b4:7f:47:9b:6f:82:4e:29:02:27:cf:c7:91:33:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 10 17:04:19 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=b29304a6e09b5a87f1a72f3de65a85b4165cfca120c9d090d2c20e57496867b0, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:7c:ad:7e:b8:21:78:a0:fb:83:f3:cf:e4:17:
                    56:cb:87:76:85:15:67:7c:79:60:87:0e:47:6e:d3:
                    54:3c:f0:fd:1b:1c:46:cf:7f:fc:2f:97:b9:26:f0:
                    2f:db:ea:2d:16:54:54:c7:a7:b9:4c:1c:e3:8a:89:
                    ec:dc:ba:83:be:0f:f0:1f:c5:a3:0c:88:a5:ee:64:
                    f4:b7:36:00:1f:60:13:88:72:62:03:84:e6:3b:34:
                    a3:5f:b6:78:3a:99:89:4f:20:a1:ba:f7:ea:1d:ed:
                    4e:b0:86:ce:fc:dd:2d:93:dc:25:03:01:03:10:e3:
                    42:f5:2f:ff:6c:62:16:a9:da:12:57:10:e8:17:91:
                    d8:a2:ad:ae:7b:b3:01:62:e9:2a:52:33:0d:f0:df:
                    32:fc:bf:94:e3:ea:81:fe:c0:99:3a:79:dd:ef:92:
                    46:74:24:32:9a:3a:36:c0:a7:90:fe:2b:0f:b5:42:
                    5b:13:f9:05:de:b9:71:c0:d8:b8:bc:22:7b:01:97:
                    62:3d:b3:5e:6d:99:3a:ed:9c:f4:1b:f7:f1:c1:ac:
                    f8:ed:50:dd:56:36:32:ce:2d:f8:c6:eb:85:a9:d4:
                    0b:b2:99:10:c6:a6:c8:44:05:60:c9:da:2b:0e:22:
                    41:46:c3:18:d9:1c:2a:f9:c9:2d:1c:04:a0:5e:46:
                    4d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:34:01:B0:FD:DB:C6:F7:5C:8D:86:35:9D:7C:4B:C5:53:E9:B8:A0
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7cde858d-62b0-4607-8c80-6907e7e92d59.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d059:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         0c:bf:d7:66:11:40:ab:50:58:8f:f8:fd:5e:6f:83:19:d6:f8:
         47:5d:2d:88:c0:4b:de:16:c2:58:e0:6d:14:6a:43:d4:ae:6b:
         99:7f:0d:12:c2:79:00:a8:63:3b:f4:e7:09:a9:9f:a6:c9:8e:
         62:8f:56:87:0f:fd:37:a2:32:3d:96:b1:43:cf:3c:23:d3:c5:
         53:97:6c:ed:da:09:4c:46:7f:a8:28:38:fd:35:37:7e:f8:fa:
         0e:bd:12:de:af:db:e3:2f:10:60:db:28:fd:ee:8f:86:2f:21:
         63:26:e8:7d:99:d7:2a:05:29:14:4b:59:31:58:c2:e5:f1:89:
         6c:f8:fa:d4:c3:6f:95:91:30:69:5b:10:1f:92:cb:73:34:db:
         c4:99:ca:fa:a0:5d:b9:61:95:a0:03:4a:88:5a:8e:5d:cd:89:
         be:81:4f:5d:70:e2:0d:ab:74:72:59:a8:99:a9:dd:76:55:af:
         8d:cf:b0:c2:89:bc:2c:89:e9:88:05:bc:23:c5:66:9f:c8:d2:
         e3:c7:c6:f2:57:c2:ef:46:d9:41:08:bf:38:d5:6a:3c:41:50:
         90:0c:f6:e4:7f:9a:aa:f3:f4:2a:ea:7f:62:a9:0d:cb:69:82:
         24:91:a2:52:c5:8b:5c:ea:a7:8c:11:1d:ba:f0:5e:97:75:a6:
         c0:9d:8f:61
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUX+DK2ZK0f0ebb4JOKQInz8eRM2owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzA0MTlaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQGIyOTMwNGE2ZTA5YjVhODdmMWE3MmYzZGU2NWE4NWI0MTY1Y2ZjYTEyMGM5
ZDA5MGQyYzIwZTU3NDk2ODY3YjAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMF8rX64IXig+4Pzz+QXVsuHdoUVZ3x5YIcOR27TVDzw/RscRs9//C+XuSbw
L9vqLRZUVMenuUwc44qJ7Ny6g74P8B/FowyIpe5k9Lc2AB9gE4hyYgOE5js0o1+2
eDqZiU8gobr36h3tTrCGzvzdLZPcJQMBAxDjQvUv/2xiFqnaElcQ6BeR2KKtrnuz
AWLpKlIzDfDfMvy/lOPqgf7AmTp53e+SRnQkMpo6NsCnkP4rD7VCWxP5Bd65ccDY
uLwiewGXYj2zXm2ZOu2c9Bv38cGs+O1Q3VY2Ms4t+MbrhanUC7KZEMamyEQFYMna
Kw4iQUbDGNkcKvnJLRwEoF5GTekCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSGNAGw
/dvG91yNhjWdfEvFU+m4oDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2NkZTg1OGQtNjJiMC00NjA3LThjODAtNjkwN2U3ZTkyZDU5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FkI
MA0GCSqGSIb3DQEBCwUAA4IBAQAMv9dmEUCrUFiP+P1eb4MZ1vhHXS2IwEveFsJY
4G0UakPUrmuZfw0SwnkAqGM79OcJqZ+myY5ij1aHD/03ojI9lrFDzzwj08VTl2zt
2glMRn+oKDj9NTd++PoOvRLer9vjLxBg2yj97o+GLyFjJuh9mdcqBSkUS1kxWMLl
8Yls+PrUw2+VkTBpWxAfkstzNNvEmcr6oF25YZWgA0qIWo5dzYm+gU9dcOINq3Ry
WaiZqd12Va+Nz7DCibwsiemIBbwjxWafyNLjx8byV8LvRtlBCL841Wo8QVCQDPbk
f5qq8/Qq6n9iqQ3LaYIkkaJSxYtc6qeMER268F6XdabAnY9h
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:11 2025 by rpki-client