Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
File:                     8aeef071-ad76-436d-a059-ad727b09eb3b.roa (raw, json)
Hash identifier:          m/hEAMfWQvO/1WTnWeoPfRvevvlIOp5KLwQ1yEMLzR4=
Subject key identifier:   D6:85:5F:73:8E:81:05:13:5E:AE:F8:DB:85:F3:70:BE:82:52:BD:33
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7204EA3A460FE688FEFF7EC8F1AD729139148CEB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
Signing time:             Fri 26 Sep 2025 19:40:45 +0000
ROA not before:           Fri 26 Sep 2025 19:40:45 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d038:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:04:ea:3a:46:0f:e6:88:fe:ff:7e:c8:f1:ad:72:91:39:14:8c:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:40:45 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=057167189196741a055412ccd24e090d0aa9efbc61a29561f10b2ec975db0066, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:3a:4a:5f:9c:62:a0:cf:a5:c0:94:5c:d1:85:
                    b9:7d:41:da:b7:cb:e4:e3:17:a1:f7:9f:e8:07:4f:
                    96:81:bc:8f:40:41:b8:76:e1:c1:03:76:fe:ef:89:
                    68:00:f6:6b:53:f7:88:82:6e:f8:2a:8d:4c:87:36:
                    5f:52:e6:6a:83:91:2a:73:53:05:c8:e8:c7:25:7b:
                    b5:1d:a7:7a:90:32:2f:1a:59:c3:07:c2:c9:13:1e:
                    36:2c:cf:04:5e:c2:ec:00:b0:bd:be:df:40:f6:0c:
                    18:27:7a:0d:e6:32:ff:87:e7:3e:06:ba:57:5f:99:
                    51:5f:02:49:b4:3b:b1:71:da:52:f1:ab:71:02:82:
                    ce:e0:24:77:3f:15:5b:e0:b4:06:ae:44:81:f7:69:
                    31:88:db:68:dc:82:84:4a:98:36:e6:f1:a3:b5:6f:
                    31:dc:bd:93:64:50:c0:b1:97:bd:23:a1:ba:dd:fb:
                    d2:3e:50:e9:62:3d:27:95:18:f1:fe:c4:b0:f6:12:
                    b2:1d:0a:6d:14:a2:c5:f9:a4:31:39:22:09:9b:ae:
                    f3:1c:06:aa:84:45:a4:e6:fc:a2:5b:e1:f4:2f:0b:
                    1b:2b:de:f4:b1:fa:0e:03:50:34:36:e8:2b:fb:2f:
                    da:6f:87:16:3d:af:9a:94:4b:37:c8:46:77:12:3c:
                    98:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:85:5F:73:8E:81:05:13:5E:AE:F8:DB:85:F3:70:BE:82:52:BD:33
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d038:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         28:ad:51:b0:c1:98:f8:66:ce:d1:34:5d:ad:22:c1:61:1d:24:
         47:bc:33:32:1a:cc:67:81:64:9e:26:ec:1e:95:2f:6a:56:7d:
         d7:fa:e5:b6:cc:2e:42:b4:3a:04:a6:fe:47:2e:bd:f3:a7:d9:
         cc:a5:e4:40:15:ac:be:2d:c3:7d:f5:1e:63:2c:11:e6:f8:1d:
         a8:c6:37:39:1f:f0:2b:f9:7e:54:2e:66:f3:0c:8e:6f:b7:e5:
         59:8c:06:43:84:76:a2:7a:6d:8f:14:07:b8:dc:ab:05:90:84:
         40:c9:7e:11:7f:0e:cb:80:68:5c:ac:2e:e3:0f:af:29:3d:bf:
         c2:70:46:bd:42:33:96:3c:d8:cf:5c:dc:cd:73:2c:a0:fe:8d:
         f3:c4:59:dc:0d:65:26:cf:98:76:80:9d:90:ce:2e:45:02:51:
         06:bf:26:19:9c:e8:94:33:fe:97:84:64:96:35:46:df:48:6d:
         7c:4a:e7:e4:34:e7:7f:7e:52:d7:04:df:ed:41:dd:f0:33:77:
         93:5d:fe:3f:e9:c6:24:66:c0:21:05:87:41:5b:bb:a2:01:34:
         44:06:f0:b3:ed:13:bf:6f:34:41:d0:f1:e3:49:89:2b:53:e0:
         52:e9:b6:8c:1c:3f:b8:fe:87:05:24:23:d5:81:26:8f:b1:ca:
         3c:8a:0e:f2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUcgTqOkYP5oj+/37I8a1ykTkUjOswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQwNDVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDA1NzE2NzE4OTE5Njc0MWEwNTU0MTJjY2QyNGUwOTBkMGFhOWVmYmM2MWEy
OTU2MWYxMGIyZWM5NzVkYjAwNjYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN86Sl+cYqDPpcCUXNGFuX1B2rfL5OMXofef6AdPloG8j0BBuHbhwQN2/u+J
aAD2a1P3iIJu+CqNTIc2X1LmaoORKnNTBcjoxyV7tR2nepAyLxpZwwfCyRMeNizP
BF7C7ACwvb7fQPYMGCd6DeYy/4fnPga6V1+ZUV8CSbQ7sXHaUvGrcQKCzuAkdz8V
W+C0Bq5EgfdpMYjbaNyChEqYNubxo7VvMdy9k2RQwLGXvSOhut370j5Q6WI9J5UY
8f7EsPYSsh0KbRSixfmkMTkiCZuu8xwGqoRFpOb8olvh9C8LGyve9LH6DgNQNDbo
K/sv2m+HFj2vmpRLN8hGdxI8mFsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTWhV9z
joEFE16u+NuF83C+glK9MzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGFlZWYwNzEtYWQ3Ni00MzZkLWEwNTktYWQ3MjdiMDllYjNiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dgg
MA0GCSqGSIb3DQEBCwUAA4IBAQAorVGwwZj4Zs7RNF2tIsFhHSRHvDMyGsxngWSe
JuwelS9qVn3X+uW2zC5CtDoEpv5HLr3zp9nMpeRAFay+LcN99R5jLBHm+B2oxjc5
H/Ar+X5ULmbzDI5vt+VZjAZDhHaiem2PFAe43KsFkIRAyX4Rfw7LgGhcrC7jD68p
Pb/CcEa9QjOWPNjPXNzNcyyg/o3zxFncDWUmz5h2gJ2Qzi5FAlEGvyYZnOiUM/6X
hGSWNUbfSG18SufkNOd/flLXBN/tQd3wM3eTXf4/6cYkZsAhBYdBW7uiATREBvCz
7RO/bzRB0PHjSYkrU+BS6baMHD+4/ocFJCPVgSaPsco8ig7y
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:46 2025 by rpki-client