Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8518b81d-c700-4d3f-8ef4-5abe8d348d3c.roa
File:                     8518b81d-c700-4d3f-8ef4-5abe8d348d3c.roa (raw, json)
Hash identifier:          nRg2Yw0kHls/VO8Ef2C47sjPs1mQ4feCGbTBrUHKtyY=
Subject key identifier:   5E:CB:5D:0D:04:28:78:13:C7:B5:8A:14:9A:23:EF:17:0E:C8:C5:3A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       168850D3D5346FFBF7DD162EF28045C8BD5B7C90
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8518b81d-c700-4d3f-8ef4-5abe8d348d3c.roa
Signing time:             Mon 06 Oct 2025 18:00:37 +0000
ROA not before:           Mon 06 Oct 2025 18:00:37 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d073:9040::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:88:50:d3:d5:34:6f:fb:f7:dd:16:2e:f2:80:45:c8:bd:5b:7c:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct  6 18:00:37 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=bfff0ca37b3fba51c8f8718d923c8327bbc7386d63e8f176971cca46342714f0, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:92:59:15:8b:64:0d:4b:94:cf:75:2c:fc:4c:
                    9b:bb:ea:9f:1e:44:b3:e5:3a:8f:57:73:c8:3e:75:
                    5c:e7:66:2a:4b:65:e9:86:a1:14:92:0d:2b:44:ca:
                    0e:4a:67:12:f8:c1:b7:72:06:9d:3d:d6:f8:df:31:
                    67:75:62:a7:8b:2c:72:4f:87:74:ee:08:89:a4:37:
                    16:bf:6c:33:0d:79:3a:8e:ea:22:2b:6b:4b:84:cd:
                    a7:f9:02:2b:2a:a1:b3:3a:ef:b3:63:38:3b:cf:bc:
                    86:ca:51:a5:d1:87:00:65:48:69:fd:db:31:7e:6c:
                    fd:97:9b:4a:ba:f0:c3:68:c3:35:57:e8:4f:ba:e9:
                    a6:d9:98:13:d1:8b:84:58:87:aa:b4:22:d4:5a:c6:
                    8d:a4:66:0c:d1:16:25:0f:3c:89:7a:aa:c3:e1:51:
                    90:96:e6:23:ff:fe:37:9b:d8:97:de:f6:7e:9a:af:
                    95:3e:f4:01:b7:8c:b1:df:d1:73:f5:ac:3a:48:02:
                    dd:7e:8d:a1:e2:fa:9c:69:63:48:73:56:ee:34:60:
                    28:9d:f2:c6:0c:82:fc:4e:ad:78:4a:85:fb:7d:08:
                    ee:2b:af:b7:ae:40:25:fa:6a:b2:db:82:9d:98:f9:
                    32:eb:4b:96:bd:d4:dd:38:a5:ff:24:43:fb:df:ad:
                    fd:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:CB:5D:0D:04:28:78:13:C7:B5:8A:14:9A:23:EF:17:0E:C8:C5:3A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8518b81d-c700-4d3f-8ef4-5abe8d348d3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d073:9040::/46

    Signature Algorithm: sha256WithRSAEncryption
         16:14:c7:9c:cc:48:68:82:d8:7f:af:d3:1a:7e:38:e3:8e:59:
         a1:28:4c:98:85:72:1a:e1:3b:cb:ed:54:40:c1:e0:51:e7:87:
         27:ee:1f:9a:99:cd:c9:35:e2:6c:1c:a1:e1:ae:f7:66:55:1d:
         79:75:aa:09:30:4d:c7:45:8b:37:5e:c3:04:43:30:73:84:14:
         0e:91:fd:c1:ed:99:87:5f:9b:28:06:eb:4c:37:07:6c:04:28:
         10:af:66:c0:f3:e4:27:e1:9b:a2:dd:0c:61:17:3d:11:0d:d8:
         52:68:44:d5:cf:a4:29:ce:1b:68:c7:aa:6c:a1:c6:57:b1:67:
         1f:d0:cc:78:8b:86:52:1b:02:55:76:df:c8:66:a3:03:87:ad:
         87:c1:e6:65:cd:85:29:98:39:72:23:18:f4:a4:32:dd:f8:bf:
         39:10:3a:1d:15:25:4c:80:ce:d7:2b:5f:d0:6f:8e:f5:7f:62:
         37:f0:a9:45:3b:a9:d2:69:23:87:a0:f0:84:8c:58:3c:08:43:
         9e:ef:d6:72:a4:e5:67:08:2a:24:d7:20:40:7a:18:6f:41:03:
         64:4b:d4:58:7a:e4:0e:23:98:87:a8:f8:d9:34:c1:93:77:f8:
         9f:a4:13:27:5d:7f:b7:a5:c6:64:b0:dc:1c:15:04:c4:0c:ce:
         97:b6:29:77
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUFohQ09U0b/v33RYu8oBFyL1bfJAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODAwMzdaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGJmZmYwY2EzN2IzZmJhNTFjOGY4NzE4ZDkyM2M4MzI3YmJjNzM4NmQ2M2U4
ZjE3Njk3MWNjYTQ2MzQyNzE0ZjAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMeSWRWLZA1LlM91LPxMm7vqnx5Es+U6j1dzyD51XOdmKktl6YahFJINK0TK
DkpnEvjBt3IGnT3W+N8xZ3Vip4ssck+HdO4IiaQ3Fr9sMw15Oo7qIitrS4TNp/kC
Kyqhszrvs2M4O8+8hspRpdGHAGVIaf3bMX5s/ZebSrrww2jDNVfoT7rpptmYE9GL
hFiHqrQi1FrGjaRmDNEWJQ88iXqqw+FRkJbmI//+N5vYl972fpqvlT70AbeMsd/R
c/WsOkgC3X6NoeL6nGljSHNW7jRgKJ3yxgyC/E6teEqF+30I7iuvt65AJfpqstuC
nZj5MutLlr3U3Til/yRD+9+t/RkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRey10N
BCh4E8e1ihSaI+8XDsjFOjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODUxOGI4MWQtYzcwMC00ZDNmLThlZjQtNWFiZThkMzQ4ZDNjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HOQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAFhTHnMxIaILYf6/TGn44445ZoShMmIVyGuE7
y+1UQMHgUeeHJ+4fmpnNyTXibByh4a73ZlUdeXWqCTBNx0WLN17DBEMwc4QUDpH9
we2Zh1+bKAbrTDcHbAQoEK9mwPPkJ+Gbot0MYRc9EQ3YUmhE1c+kKc4baMeqbKHG
V7FnH9DMeIuGUhsCVXbfyGajA4eth8HmZc2FKZg5ciMY9KQy3fi/ORA6HRUlTIDO
1ytf0G+O9X9iN/CpRTup0mkjh6DwhIxYPAhDnu/WcqTlZwgqJNcgQHoYb0EDZEvU
WHrkDiOYh6j42TTBk3f4n6QTJ11/t6XGZLDcHBUExAzOl7Ypdw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:04 2025 by rpki-client