Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7e690adc-099c-4d58-ad1b-856f693d90b3.roa
File:                     7e690adc-099c-4d58-ad1b-856f693d90b3.roa (raw, json)
Hash identifier:          Y+NBmB+GsXwWNyTFeuWZ5EwLSansV9C8UTSUMqHSQQQ=
Subject key identifier:   42:84:7D:F1:DE:0D:A4:D0:27:7D:94:56:3D:57:FD:0A:05:37:8D:5D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1C2AC2C4C577D79914462B5C575F196BACC2C614
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7e690adc-099c-4d58-ad1b-856f693d90b3.roa
Signing time:             Mon 13 Oct 2025 18:00:06 +0000
ROA not before:           Mon 13 Oct 2025 18:00:06 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d030:c000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:2a:c2:c4:c5:77:d7:99:14:46:2b:5c:57:5f:19:6b:ac:c2:c6:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 18:00:06 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=d7b05f04ab390e6643c78f03fa653e07280339c0f1ff9e7f82620b8daf595881, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f0:eb:23:59:1f:aa:65:ef:30:2a:e2:03:98:
                    82:80:46:09:4f:5b:9b:51:63:74:2e:93:36:f2:10:
                    18:f4:35:58:d3:3c:2f:dd:70:b5:3a:fb:55:67:df:
                    d6:96:00:a4:9d:e0:a4:ae:45:0d:6b:13:64:36:55:
                    2f:84:68:db:fc:74:be:17:78:59:82:1d:f7:f5:b2:
                    4b:27:93:4b:68:1b:fd:d6:fe:f5:03:43:2a:7a:16:
                    bc:dd:03:0b:1c:17:29:e5:e2:91:71:71:9f:4a:1c:
                    bb:15:db:8b:1c:ed:3c:99:f0:92:1c:15:db:48:5e:
                    00:7c:53:68:ec:63:f7:a0:f4:86:ba:25:da:36:95:
                    47:77:72:a3:9b:a3:ae:2d:85:50:86:e3:c7:f4:65:
                    12:ad:eb:f0:41:cf:5e:7d:ca:a8:20:14:e2:ef:f9:
                    53:57:53:be:f3:ca:ec:30:f4:d4:a2:51:52:8f:d9:
                    43:68:e7:c2:0e:9f:f0:be:f2:c0:97:75:35:1e:66:
                    95:31:cc:39:cb:ac:a5:1a:13:61:43:0b:3f:4b:6a:
                    37:e9:b2:ca:b6:45:23:e1:ef:a1:1b:f6:27:91:c1:
                    be:0e:89:7c:dd:bc:f1:1f:ca:11:4c:48:a0:25:13:
                    31:d8:d0:ca:4c:52:4c:67:fc:22:d8:95:97:31:ba:
                    74:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:84:7D:F1:DE:0D:A4:D0:27:7D:94:56:3D:57:FD:0A:05:37:8D:5D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7e690adc-099c-4d58-ad1b-856f693d90b3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d030:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         50:b7:08:04:12:a4:e9:72:f0:31:2d:c6:83:03:c3:d8:c6:cf:
         45:13:25:c6:97:7f:84:39:d2:1a:d2:7f:5d:29:82:4c:0b:ef:
         ee:9c:bb:2f:03:64:a5:f1:93:ed:f4:e6:0b:6f:3d:53:6c:21:
         16:42:29:b3:7c:30:01:28:56:c7:d9:5c:17:d7:aa:fc:73:29:
         26:21:5a:36:6f:bc:81:c7:73:7c:6f:2b:2a:0d:70:b4:d2:88:
         1e:bd:f7:2f:35:26:39:6a:d6:94:91:a1:14:8a:df:4f:9a:a3:
         37:d9:61:fd:e1:cb:29:6e:95:0d:5b:bd:09:da:35:50:46:ea:
         a5:05:a3:e5:63:49:8c:38:e7:f6:3a:db:52:b0:cf:aa:35:ff:
         44:95:f7:e4:17:27:a9:49:91:25:6c:d8:a8:d8:0a:7d:84:da:
         3a:af:e4:14:4d:d1:47:44:46:da:2f:8f:fa:99:3e:5a:60:2d:
         fb:6b:13:d8:6c:72:dd:29:a7:28:cb:9f:e1:b7:60:56:4f:47:
         d6:46:7b:ef:6c:77:11:56:8a:42:1a:4d:9a:31:37:7c:e6:85:
         86:d5:c7:3a:0b:ef:44:15:74:08:a9:6e:87:41:5a:85:20:6b:
         b1:bf:51:73:c0:40:8b:fc:a3:9d:0a:92:e9:fc:4b:f2:fe:44:
         ec:87:fe:63
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUHCrCxMV315kURitcV18Za6zCxhQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxODAwMDZaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ3YjA1ZjA0YWIzOTBlNjY0M2M3OGYwM2ZhNjUzZTA3MjgwMzM5YzBmMWZm
OWU3ZjgyNjIwYjhkYWY1OTU4ODExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL3w6yNZH6pl7zAq4gOYgoBGCU9bm1FjdC6TNvIQGPQ1WNM8L91wtTr7VWff
1pYApJ3gpK5FDWsTZDZVL4Ro2/x0vhd4WYId9/WySyeTS2gb/db+9QNDKnoWvN0D
CxwXKeXikXFxn0ocuxXbixztPJnwkhwV20heAHxTaOxj96D0hrol2jaVR3dyo5uj
ri2FUIbjx/RlEq3r8EHPXn3KqCAU4u/5U1dTvvPK7DD01KJRUo/ZQ2jnwg6f8L7y
wJd1NR5mlTHMOcuspRoTYUMLP0tqN+myyrZFI+HvoRv2J5HBvg6JfN288R/KEUxI
oCUTMdjQykxSTGf8ItiVlzG6dFkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRChH3x
3g2k0Cd9lFY9V/0KBTeNXTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2U2OTBhZGMtMDk5Yy00ZDU4LWFkMWItODU2ZjY5M2Q5MGIzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DDA
MA0GCSqGSIb3DQEBCwUAA4IBAQBQtwgEEqTpcvAxLcaDA8PYxs9FEyXGl3+EOdIa
0n9dKYJMC+/unLsvA2Sl8ZPt9OYLbz1TbCEWQimzfDABKFbH2VwX16r8cykmIVo2
b7yBx3N8bysqDXC00ogevfcvNSY5ataUkaEUit9PmqM32WH94cspbpUNW70J2jVQ
RuqlBaPlY0mMOOf2OttSsM+qNf9ElffkFyepSZElbNio2Ap9hNo6r+QUTdFHREba
L4/6mT5aYC37axPYbHLdKacoy5/ht2BWT0fWRnvvbHcRVopCGk2aMTd85oWG1cc6
C+9EFXQIqW6HQVqFIGuxv1FzwECL/KOdCpLp/Evy/kTsh/5j
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:09 2025 by rpki-client