Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/868cbba8-4804-4fbd-b9b8-7e9402c44956.roa
File:                     868cbba8-4804-4fbd-b9b8-7e9402c44956.roa (raw, json)
Hash identifier:          1tFSn9su7KWUJI9Vtq6unqw0ha6jpBSuSiDDIq9WXJQ=
Subject key identifier:   CF:51:BC:D1:20:E0:3D:45:5A:8B:7D:4B:9A:BB:E6:A8:DE:63:60:29
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7FA6020208AC2D9C48A25C7D3662E6AA810297CD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/868cbba8-4804-4fbd-b9b8-7e9402c44956.roa
Signing time:             Fri 26 Sep 2025 19:39:30 +0000
ROA not before:           Fri 26 Sep 2025 19:39:30 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2a05:d06f:9000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:a6:02:02:08:ac:2d:9c:48:a2:5c:7d:36:62:e6:aa:81:02:97:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:39:30 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=1de44be20466262ba437b696b75ef6493d6cabba2bec3faf491c8902c3c7fdea, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:8e:42:dc:93:59:59:b4:54:01:47:56:bf:66:
                    3f:b3:66:7e:db:cb:3c:14:36:b0:71:28:41:a6:e5:
                    c0:de:c3:95:ba:60:37:3b:70:b8:c0:8c:1b:77:dd:
                    a7:6c:7d:8a:23:ed:ed:6d:17:4b:6b:b0:2b:4f:14:
                    11:10:d4:45:48:ca:ef:b3:d3:b9:08:99:99:fb:62:
                    63:09:a2:e9:e4:17:08:f7:16:cf:64:d3:4a:0b:88:
                    ca:0b:20:16:7c:31:c6:fd:6e:1b:f7:d1:b4:92:ef:
                    aa:7e:16:e4:a2:cd:4e:e4:5e:bc:d2:4f:0e:fa:39:
                    8e:4a:60:df:c0:9e:dd:7f:4c:5a:5f:be:8b:87:32:
                    db:97:cb:a4:03:72:ae:3f:2e:bc:bb:44:0f:02:18:
                    7a:e4:e6:f8:ce:cc:c4:90:e5:dc:ee:8b:6d:45:68:
                    55:4d:11:c0:36:fa:f7:ba:88:9c:04:ec:5b:a7:e7:
                    d0:0f:5f:5b:66:fb:4f:45:2c:5b:99:f9:4f:55:2c:
                    db:d8:38:ba:3c:b4:0b:38:7f:e6:47:d6:53:be:63:
                    24:9f:c3:4e:89:ad:16:52:7c:49:22:af:ce:ef:24:
                    58:95:e9:ab:8e:42:d8:1b:d2:6f:3f:28:bc:93:6c:
                    63:4d:b0:30:6d:ab:25:6c:59:9c:d0:b2:40:2e:c3:
                    47:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:51:BC:D1:20:E0:3D:45:5A:8B:7D:4B:9A:BB:E6:A8:DE:63:60:29
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/868cbba8-4804-4fbd-b9b8-7e9402c44956.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d06f:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         0d:72:a9:87:96:fb:54:b5:c0:0d:63:18:85:b4:a7:20:bb:b6:
         ea:d1:76:cd:1a:4a:1b:1f:97:d1:f9:1d:88:37:60:9b:a6:df:
         da:76:af:d5:6b:4f:01:8d:4a:a8:9c:10:23:e1:ef:ea:58:cd:
         4c:80:4e:db:ea:b5:a0:ee:b8:64:b2:eb:6c:2b:db:dd:78:b3:
         c4:cb:e3:a5:e8:8d:9e:7c:6d:9e:52:92:bf:18:13:34:ae:ae:
         65:0a:c8:70:9a:cc:8f:e6:b4:b9:3a:c5:10:bc:e8:08:60:99:
         9e:f1:91:f0:f0:97:71:fb:52:e7:0d:37:82:4b:bf:ef:a8:7a:
         05:12:81:51:7f:49:b3:53:89:82:8e:66:fc:ae:f5:4c:44:3a:
         7f:08:df:53:0c:8d:f1:98:bf:0a:cd:75:50:05:f9:69:0b:49:
         15:c2:f7:f9:12:d0:b6:15:91:a7:54:df:39:0c:f3:88:17:e1:
         67:41:42:15:d7:4d:e7:f1:db:ee:a5:2f:59:a5:90:8e:f4:08:
         af:a1:1b:9c:b7:16:f6:f1:b6:be:24:9b:b9:0e:a4:bb:c8:7a:
         a3:ab:17:78:3b:eb:14:75:74:82:a3:0a:2b:02:92:26:1d:de:
         09:36:fd:7a:32:ec:2b:1e:d2:81:9c:9b:64:c3:23:3f:47:1e:
         50:25:d6:e5
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUf6YCAgisLZxIolx9NmLmqoECl80wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTM5MzBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDFkZTQ0YmUyMDQ2NjI2MmJhNDM3YjY5NmI3NWVmNjQ5M2Q2Y2FiYmEyYmVj
M2ZhZjQ5MWM4OTAyYzNjN2ZkZWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKeOQtyTWVm0VAFHVr9mP7NmftvLPBQ2sHEoQablwN7DlbpgNztwuMCMG3fd
p2x9iiPt7W0XS2uwK08UERDURUjK77PTuQiZmftiYwmi6eQXCPcWz2TTSguIygsg
Fnwxxv1uG/fRtJLvqn4W5KLNTuRevNJPDvo5jkpg38Ce3X9MWl++i4cy25fLpANy
rj8uvLtEDwIYeuTm+M7MxJDl3O6LbUVoVU0RwDb697qInATsW6fn0A9fW2b7T0Us
W5n5T1Us29g4ujy0Czh/5kfWU75jJJ/DTomtFlJ8SSKvzu8kWJXpq45C2BvSbz8o
vJNsY02wMG2rJWxZnNCyQC7DR6cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTPUbzR
IOA9RVqLfUuau+ao3mNgKTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODY4Y2JiYTgtNDgwNC00ZmJkLWI5YjgtN2U5NDAyYzQ0OTU2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G+Q
MA0GCSqGSIb3DQEBCwUAA4IBAQANcqmHlvtUtcANYxiFtKcgu7bq0XbNGkobH5fR
+R2IN2Cbpt/adq/Va08BjUqonBAj4e/qWM1MgE7b6rWg7rhksutsK9vdeLPEy+Ol
6I2efG2eUpK/GBM0rq5lCshwmsyP5rS5OsUQvOgIYJme8ZHw8Jdx+1LnDTeCS7/v
qHoFEoFRf0mzU4mCjmb8rvVMRDp/CN9TDI3xmL8KzXVQBflpC0kVwvf5EtC2FZGn
VN85DPOIF+FnQUIV103n8dvupS9ZpZCO9AivoRuctxb28ba+JJu5DqS7yHqjqxd4
O+sUdXSCoworApImHd4JNv16MuwrHtKBnJtkwyM/Rx5QJdbl
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:09:44 2025 by rpki-client