Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/81554ff4-a7f9-41e4-90e9-b3761d63cb58.roa
File:                     81554ff4-a7f9-41e4-90e9-b3761d63cb58.roa (raw, json)
Hash identifier:          ECXxgqZg7T3AUG0ar9ZPC25IdXZ/Z0xVAAEVL1S58Jc=
Subject key identifier:   86:EF:5C:22:3F:F9:89:C7:0C:9C:33:FA:BE:54:61:C4:51:3A:3E:DA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       386EB23B22FDD4ED74377AD9F57EFBCF8935E189
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/81554ff4-a7f9-41e4-90e9-b3761d63cb58.roa
Signing time:             Fri 26 Sep 2025 19:11:05 +0000
ROA not before:           Fri 26 Sep 2025 19:11:05 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:e040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:6e:b2:3b:22:fd:d4:ed:74:37:7a:d9:f5:7e:fb:cf:89:35:e1:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:11:05 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=5ad4db3824d1c0c5a75a9a5f55c35587897ce0fb510cdd5f39cf79f49315057a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:24:d7:5e:9d:b6:0a:67:42:38:f3:a1:84:3f:
                    85:80:86:b2:cd:e1:71:18:4d:5e:6e:07:f3:90:7e:
                    3e:78:7d:9c:f3:0e:eb:ed:6f:39:25:04:fe:13:78:
                    b4:10:e1:cf:5e:65:83:7a:48:3f:a2:2f:62:06:8d:
                    cf:5e:e7:94:48:ca:a3:f0:5f:fa:31:d4:6f:75:9e:
                    b7:5a:d0:c4:bb:2c:8f:20:6d:1a:28:97:97:c9:a9:
                    9a:63:73:02:6b:dc:67:9a:9d:c1:4a:d2:f5:4f:c1:
                    bd:66:ef:79:da:68:17:fe:93:8e:0a:3c:e7:78:d3:
                    c1:8d:24:11:7a:0b:5c:2a:1a:46:fc:38:b2:15:97:
                    b8:3f:a2:fd:8b:07:ac:11:67:ce:8f:c8:b7:36:2c:
                    bc:e7:dc:e1:04:1b:8a:04:75:25:e8:20:4d:d8:b7:
                    b3:ef:0c:cd:1f:bc:a9:7f:db:a6:a6:26:63:8a:64:
                    7c:6e:f7:72:68:e9:8e:e3:22:31:5b:6a:c1:3e:f9:
                    58:2a:a0:70:a3:bb:0c:1d:ef:0e:57:81:d7:75:be:
                    15:f8:06:84:65:fb:68:2f:df:10:16:62:95:fc:ce:
                    b8:6a:64:a4:97:64:e2:40:15:24:96:96:49:46:aa:
                    27:a6:9e:2b:4e:1e:46:80:dc:b2:2d:cd:d3:35:e2:
                    23:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:EF:5C:22:3F:F9:89:C7:0C:9C:33:FA:BE:54:61:C4:51:3A:3E:DA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/81554ff4-a7f9-41e4-90e9-b3761d63cb58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:e040::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:cc:bf:34:88:80:97:b5:48:6d:08:d5:5d:5e:d2:57:34:da:
         9a:29:85:8b:a4:6e:6d:f0:23:ac:5c:b4:20:9a:f4:1b:d7:c5:
         e8:1f:d5:97:e5:bd:b3:07:97:9a:c3:06:e2:8f:d6:0a:d7:8b:
         1e:db:db:41:f5:0f:3d:07:2b:c9:e9:3c:14:54:a5:fb:9b:ca:
         fd:87:1a:58:88:09:27:90:ea:bf:79:d2:d3:de:38:7e:c1:18:
         35:21:93:fb:59:86:eb:5c:71:2c:e7:3e:48:ea:e5:ff:f3:4f:
         5e:7c:21:29:61:f5:2e:ea:84:8d:34:42:a3:35:84:6a:53:16:
         4c:8a:d3:97:fe:63:82:1a:73:0b:4c:16:e5:60:d3:02:e3:19:
         e3:cc:61:2b:e9:0d:33:36:c6:4b:57:8a:b9:1b:d2:d4:3c:44:
         8c:9f:f7:9d:84:85:fe:c1:57:2d:2e:51:92:e4:02:a4:86:4a:
         e8:61:e8:41:b3:5f:24:41:8b:8f:01:ed:35:57:e8:6a:60:82:
         e7:40:8e:68:95:77:19:76:6a:19:d5:dc:5d:f2:a5:82:41:fb:
         bc:c1:45:76:8c:cf:75:25:2c:43:1f:d9:85:d6:33:a9:48:62:
         0e:eb:5a:24:39:34:55:1a:13:70:37:d6:11:70:cf:59:e9:00:
         b1:81:e2:41
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUOG6yOyL91O10N3rZ9X77z4k14YkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTExMDVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDVhZDRkYjM4MjRkMWMwYzVhNzVhOWE1ZjU1YzM1NTg3ODk3Y2UwZmI1MTBj
ZGQ1ZjM5Y2Y3OWY0OTMxNTA1N2ExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKkk116dtgpnQjjzoYQ/hYCGss3hcRhNXm4H85B+Pnh9nPMO6+1vOSUE/hN4
tBDhz15lg3pIP6IvYgaNz17nlEjKo/Bf+jHUb3Wet1rQxLssjyBtGiiXl8mpmmNz
AmvcZ5qdwUrS9U/BvWbvedpoF/6Tjgo853jTwY0kEXoLXCoaRvw4shWXuD+i/YsH
rBFnzo/ItzYsvOfc4QQbigR1JeggTdi3s+8MzR+8qX/bpqYmY4pkfG73cmjpjuMi
MVtqwT75WCqgcKO7DB3vDleB13W+FfgGhGX7aC/fEBZilfzOuGpkpJdk4kAVJJaW
SUaqJ6aeK04eRoDcsi3N0zXiI7kCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSG71wi
P/mJxwycM/q+VGHEUTo+2jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODE1NTRmZjQtYTdmOS00MWU0LTkwZTktYjM3NjFkNjNjYjU4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HLg
QDANBgkqhkiG9w0BAQsFAAOCAQEAm8y/NIiAl7VIbQjVXV7SVzTamimFi6RubfAj
rFy0IJr0G9fF6B/Vl+W9sweXmsMG4o/WCteLHtvbQfUPPQcryek8FFSl+5vK/Yca
WIgJJ5Dqv3nS0944fsEYNSGT+1mG61xxLOc+SOrl//NPXnwhKWH1LuqEjTRCozWE
alMWTIrTl/5jghpzC0wW5WDTAuMZ48xhK+kNMzbGS1eKuRvS1DxEjJ/3nYSF/sFX
LS5RkuQCpIZK6GHoQbNfJEGLjwHtNVfoamCC50COaJV3GXZqGdXcXfKlgkH7vMFF
dozPdSUsQx/ZhdYzqUhiDutaJDk0VRoTcDfWEXDPWekAsYHiQQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:26 2025 by rpki-client