Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d96d3ad-0ee7-4630-9a49-a0dcc2b71da5.roa
File:                     7d96d3ad-0ee7-4630-9a49-a0dcc2b71da5.roa (raw, json)
Hash identifier:          ZvWKddOEIY6ZCLagJjKZMlqd3JBjIIk/WSGdB16e9zs=
Subject key identifier:   6C:37:04:21:12:5A:E0:C3:C1:B6:06:0C:90:F1:C2:E8:F8:5D:7B:ED
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       735E4C5EED7E33EA5F5BDD7BABC0D219616A49E6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d96d3ad-0ee7-4630-9a49-a0dcc2b71da5.roa
Signing time:             Fri 26 Sep 2025 19:21:40 +0000
ROA not before:           Fri 26 Sep 2025 19:21:40 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d075:9000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:5e:4c:5e:ed:7e:33:ea:5f:5b:dd:7b:ab:c0:d2:19:61:6a:49:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:21:40 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=e99fb572b6ed57babe942b0a173935f2202a68a9d83498b6b43b07773aa8156c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c9:ea:df:f2:fc:41:fc:38:04:f7:76:fd:81:
                    42:84:97:e7:e9:47:44:17:b1:58:e7:af:45:d7:7c:
                    68:64:8c:09:0e:64:cb:c0:68:3d:d9:8a:05:db:ac:
                    60:e4:d3:80:bc:f0:a3:a3:f5:3c:3a:96:fd:ed:bb:
                    c6:f2:33:b6:c5:03:55:1a:db:1f:01:80:08:21:d6:
                    07:d1:1b:46:d5:e4:41:17:a4:ff:dc:1c:04:e4:3a:
                    fa:8b:f6:71:ce:c6:cd:07:e8:8e:b2:2d:9a:02:c1:
                    62:2f:64:57:85:62:d3:9b:ed:ad:40:58:0b:04:4c:
                    5f:6a:9f:2c:d6:5e:d4:f9:75:16:43:a3:19:53:4f:
                    7d:ca:0f:37:55:80:57:56:7f:96:bd:84:87:46:21:
                    5e:a2:1f:04:da:70:31:16:db:25:7e:8c:e3:46:33:
                    f5:04:58:da:11:98:4d:db:95:23:b1:79:59:20:7d:
                    53:67:3d:b8:8a:4d:e0:02:46:48:44:0a:0b:83:6a:
                    db:04:02:6d:4d:8f:04:1d:05:f7:66:f4:ed:73:b1:
                    1f:34:98:93:94:66:d8:19:fa:db:dd:dd:a5:84:a4:
                    13:10:34:8a:bd:e7:df:6b:ab:a6:c3:21:d9:3b:b1:
                    c4:d8:43:9f:f4:fb:8b:88:bd:f8:54:9f:8c:b0:75:
                    70:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:37:04:21:12:5A:E0:C3:C1:B6:06:0C:90:F1:C2:E8:F8:5D:7B:ED
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d96d3ad-0ee7-4630-9a49-a0dcc2b71da5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d075:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         79:12:85:50:6f:61:fb:08:b4:15:79:bb:54:8c:78:68:c7:00:
         1e:48:d9:c5:e9:b6:92:ab:1d:b2:ad:b1:4e:49:81:74:e7:d4:
         5e:07:fb:cf:f2:0e:e5:34:5d:c8:95:a8:b6:f8:4e:60:8b:2c:
         6c:1e:08:c1:da:1d:95:7f:d2:03:92:77:bf:50:e1:b1:c7:e3:
         fd:d4:3b:bc:12:47:a5:dd:de:5f:3b:4c:c9:94:c2:71:28:86:
         b3:0b:1e:6c:90:36:83:3d:25:a5:53:22:62:94:7f:a4:fe:98:
         76:09:4f:9c:26:a6:d6:ab:04:a7:34:ad:f1:26:56:00:62:10:
         0f:91:be:66:06:0f:ef:c4:32:db:f5:1a:1b:2f:90:62:3b:7d:
         2c:fe:90:07:6d:9b:97:fe:a7:b8:da:52:de:55:6e:e2:ca:4a:
         78:7b:11:09:84:c7:c0:2e:44:bf:d6:b1:c0:4a:0f:5f:8b:11:
         4f:a8:95:d5:22:93:89:08:79:2d:01:4c:21:b6:ff:16:8a:9f:
         f8:38:03:b3:85:45:0e:2a:3b:26:ba:26:b6:eb:61:bb:df:59:
         90:eb:8f:fb:b2:a4:dd:c7:f7:e4:f5:a1:58:ba:33:b5:84:37:
         58:dc:36:1a:fe:69:dc:bf:b5:6f:75:3f:31:bc:26:b9:a1:f2:
         a2:42:06:97
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUc15MXu1+M+pfW917q8DSGWFqSeYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTIxNDBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGU5OWZiNTcyYjZlZDU3YmFiZTk0MmIwYTE3MzkzNWYyMjAyYTY4YTlkODM0
OThiNmI0M2IwNzc3M2FhODE1NmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ3J6t/y/EH8OAT3dv2BQoSX5+lHRBexWOevRdd8aGSMCQ5ky8BoPdmKBdus
YOTTgLzwo6P1PDqW/e27xvIztsUDVRrbHwGACCHWB9EbRtXkQRek/9wcBOQ6+ov2
cc7GzQfojrItmgLBYi9kV4Vi05vtrUBYCwRMX2qfLNZe1Pl1FkOjGVNPfcoPN1WA
V1Z/lr2Eh0YhXqIfBNpwMRbbJX6M40Yz9QRY2hGYTduVI7F5WSB9U2c9uIpN4AJG
SEQKC4Nq2wQCbU2PBB0F92b07XOxHzSYk5Rm2Bn6293dpYSkExA0ir3n32urpsMh
2TuxxNhDn/T7i4i9+FSfjLB1cGMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRsNwQh
Elrgw8G2BgyQ8cLo+F177TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2Q5NmQzYWQtMGVlNy00NjMwLTlhNDktYTBkY2MyYjcxZGE1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HWQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB5EoVQb2H7CLQVebtUjHhoxwAeSNnF6baSqx2y
rbFOSYF059ReB/vP8g7lNF3Ilai2+E5giyxsHgjB2h2Vf9IDkne/UOGxx+P91Du8
Ekel3d5fO0zJlMJxKIazCx5skDaDPSWlUyJilH+k/ph2CU+cJqbWqwSnNK3xJlYA
YhAPkb5mBg/vxDLb9RobL5BiO30s/pAHbZuX/qe42lLeVW7iykp4exEJhMfALkS/
1rHASg9fixFPqJXVIpOJCHktAUwhtv8Wip/4OAOzhUUOKjsmuia262G731mQ64/7
sqTdx/fk9aFYujO1hDdY3DYa/mncv7VvdT8xvCa5ofKiQgaX
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:59 2025 by rpki-client