Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/87ec9982-c725-40e5-b829-ff0f06d939c8.roa
File:                     87ec9982-c725-40e5-b829-ff0f06d939c8.roa (raw, json)
Hash identifier:          ZsJfNWUPNlo4ahJeRJNIFlZpcSzJxLHWmk5/MVtt0ZQ=
Subject key identifier:   AD:8A:AE:80:78:5B:F5:65:11:FE:14:7A:79:2A:85:46:B6:E9:44:7D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       39576A35919F542A7A6222464A98BDD11F13CDDD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/87ec9982-c725-40e5-b829-ff0f06d939c8.roa
Signing time:             Fri 26 Sep 2025 19:20:24 +0000
ROA not before:           Fri 26 Sep 2025 19:20:24 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d058:9000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:57:6a:35:91:9f:54:2a:7a:62:22:46:4a:98:bd:d1:1f:13:cd:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:20:24 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=7c7b8f1fcd9f46b5c7ebc6c3b25d87fee284cfb95ffac3eb8d9681a22f458e2f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e7:27:83:86:d2:9e:eb:4b:4f:6c:1c:ec:f9:
                    dc:69:e5:f6:21:84:55:15:70:75:dd:fc:2a:c2:96:
                    a2:16:8a:b4:33:6e:1e:a7:a1:b1:2e:4a:f2:bf:9c:
                    55:54:65:fd:d0:bc:b0:44:13:0e:7b:a1:b9:8e:6f:
                    c1:db:cf:b7:09:eb:9a:4b:71:17:e5:6d:44:68:40:
                    16:a7:57:63:ae:3b:60:94:fb:73:dd:7e:be:86:77:
                    6c:54:2f:a6:12:6c:63:aa:ba:66:b5:05:a2:22:22:
                    44:95:11:de:27:3c:b4:1b:16:0e:35:9a:36:e5:26:
                    b3:19:a7:b7:5a:9e:4f:60:64:19:99:fb:d3:87:2c:
                    0d:84:49:82:88:bc:65:34:cd:96:1f:03:82:8c:02:
                    de:3d:c0:9f:22:f0:6b:1d:d7:96:0e:41:7a:f0:3a:
                    61:88:cc:ce:98:28:b5:7d:41:e2:c7:b8:89:16:97:
                    08:52:1c:6b:ef:2b:5f:63:c8:99:6b:72:49:dd:ab:
                    1b:41:4d:63:e2:cc:9f:b8:e9:43:b9:7d:63:26:a6:
                    35:b9:83:60:f5:66:43:32:8c:c6:e6:da:ea:32:41:
                    41:ed:9c:db:fd:93:65:a5:07:4c:15:6f:5c:bc:19:
                    fb:e1:ce:34:7d:0d:5f:b0:45:2d:2d:4d:87:97:57:
                    4b:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:8A:AE:80:78:5B:F5:65:11:FE:14:7A:79:2A:85:46:B6:E9:44:7D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/87ec9982-c725-40e5-b829-ff0f06d939c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d058:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c2:32:5b:fb:ca:65:e6:a0:eb:b5:a1:d8:e9:3d:c3:9c:b9:c2:
         fe:fa:82:c8:59:c9:1a:a9:c2:9c:2c:18:f4:2f:11:2f:04:ad:
         36:59:f4:d5:13:4a:d5:c2:0b:bd:31:32:4c:18:88:f5:63:0c:
         e3:6a:96:06:d7:90:b7:3a:95:98:67:f3:33:04:ce:9a:49:3d:
         94:44:7d:bb:19:d4:f1:62:ec:b4:54:0c:54:bf:45:2c:27:f7:
         b8:24:9a:07:6c:af:7e:d3:c7:af:93:df:9d:ce:58:6c:44:71:
         0a:ec:ff:45:d9:35:dc:6c:f6:17:fb:10:fa:5f:32:d5:a1:ee:
         aa:4d:2b:25:4f:16:0c:b3:a1:37:4c:68:51:5b:7c:a1:4d:17:
         49:86:ee:0a:94:f9:e6:a7:ba:6b:1a:1d:18:18:d3:8e:65:bf:
         f4:bc:08:6e:c3:b7:23:28:56:e3:91:7f:e9:53:ac:d1:1c:3d:
         6f:a1:18:82:37:84:e6:4b:11:5d:da:41:55:0a:ae:da:60:89:
         e5:72:03:cb:d7:38:44:a6:4e:ab:50:92:54:7b:7e:e2:78:48:
         29:06:19:fc:aa:da:40:92:e5:c7:f6:4c:bd:2a:a4:db:7a:2a:
         c3:7b:7c:24:f6:f9:af:72:d6:dd:b0:06:58:38:1a:df:33:25:
         e2:cd:1a:3b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOVdqNZGfVCp6YiJGSpi90R8Tzd0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTIwMjRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDdjN2I4ZjFmY2Q5ZjQ2YjVjN2ViYzZjM2IyNWQ4N2ZlZTI4NGNmYjk1ZmZh
YzNlYjhkOTY4MWEyMmY0NThlMmYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMLnJ4OG0p7rS09sHOz53Gnl9iGEVRVwdd38KsKWohaKtDNuHqehsS5K8r+c
VVRl/dC8sEQTDnuhuY5vwdvPtwnrmktxF+VtRGhAFqdXY647YJT7c91+voZ3bFQv
phJsY6q6ZrUFoiIiRJUR3ic8tBsWDjWaNuUmsxmnt1qeT2BkGZn704csDYRJgoi8
ZTTNlh8DgowC3j3AnyLwax3Xlg5BevA6YYjMzpgotX1B4se4iRaXCFIca+8rX2PI
mWtySd2rG0FNY+LMn7jpQ7l9YyamNbmDYPVmQzKMxuba6jJBQe2c2/2TZaUHTBVv
XLwZ++HONH0NX7BFLS1Nh5dXS6sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBStiq6A
eFv1ZRH+FHp5KoVGtulEfTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODdlYzk5ODItYzcyNS00MGU1LWI4MjktZmYwZjA2ZDkzOWM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FiQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDCMlv7ymXmoOu1odjpPcOcucL++oLIWckaqcKc
LBj0LxEvBK02WfTVE0rVwgu9MTJMGIj1YwzjapYG15C3OpWYZ/MzBM6aST2URH27
GdTxYuy0VAxUv0UsJ/e4JJoHbK9+08evk9+dzlhsRHEK7P9F2TXcbPYX+xD6XzLV
oe6qTSslTxYMs6E3TGhRW3yhTRdJhu4KlPnmp7prGh0YGNOOZb/0vAhuw7cjKFbj
kX/pU6zRHD1voRiCN4TmSxFd2kFVCq7aYInlcgPL1zhEpk6rUJJUe37ieEgpBhn8
qtpAkuXH9ky9KqTbeirDe3wk9vmvctbdsAZYOBrfMyXizRo7
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:26 2025 by rpki-client