Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8ca5077b-0987-4a65-b8ff-a1e27f76cd1a.roa
File:                     8ca5077b-0987-4a65-b8ff-a1e27f76cd1a.roa (raw, json)
Hash identifier:          o/OtHCLI5ZGoj0fgBDDsAQTppTsTNS87cnysUtideAA=
Subject key identifier:   84:74:47:50:1C:C9:36:BA:7B:31:F3:80:4F:19:7E:52:D8:6F:EC:19
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3693B436E06447597313DAFC1EA3FD05F8ED4927
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8ca5077b-0987-4a65-b8ff-a1e27f76cd1a.roa
Signing time:             Fri 26 Sep 2025 20:01:35 +0000
ROA not before:           Fri 26 Sep 2025 20:01:35 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d01a:800::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:93:b4:36:e0:64:47:59:73:13:da:fc:1e:a3:fd:05:f8:ed:49:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 20:01:35 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=89d08d499d1682f8c0f14bfe11dc523168792e920047e9be2936d93ab2eac5ee, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:79:d3:42:53:e3:52:13:97:23:63:3c:ef:a8:
                    f4:91:63:c1:de:b3:7f:44:28:c8:32:6a:98:44:da:
                    7d:f7:df:3e:21:7d:fe:3f:ee:6e:56:03:94:33:c1:
                    9e:2d:ca:23:e8:a9:d3:2d:9a:e4:a6:1c:16:13:2c:
                    7d:6e:4e:fb:c3:b7:ce:93:f2:81:29:08:74:c2:f3:
                    33:c7:d0:cf:f5:9f:a7:c4:73:80:39:fc:83:52:3d:
                    57:3d:ff:e2:64:db:f6:f3:25:34:38:4b:96:84:6b:
                    9a:b7:70:51:b6:d2:0a:95:6d:5c:68:77:4b:5a:06:
                    61:67:e4:1a:93:37:19:5c:1b:48:67:86:1a:6c:7a:
                    65:22:ef:c4:6e:21:fa:5c:08:cf:ad:89:bc:4f:38:
                    b6:6e:3d:83:70:7f:07:05:32:95:64:a0:b2:fa:a0:
                    d3:6b:d4:16:95:43:77:df:22:eb:15:44:cb:72:89:
                    05:75:67:78:de:e3:ef:4d:ea:e4:42:f3:aa:e1:09:
                    51:27:b4:00:bb:b0:ca:e4:95:95:d6:88:59:4c:cd:
                    20:b5:a0:7e:4f:d9:66:97:9b:e5:66:19:ac:bf:fc:
                    f5:ad:4d:fb:ac:bf:8a:07:9b:ea:c8:39:1c:6e:8a:
                    b7:e1:1e:bb:0b:05:b5:e9:e3:5f:18:dd:1a:de:36:
                    c6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:74:47:50:1C:C9:36:BA:7B:31:F3:80:4F:19:7E:52:D8:6F:EC:19
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8ca5077b-0987-4a65-b8ff-a1e27f76cd1a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d01a:800::/38

    Signature Algorithm: sha256WithRSAEncryption
         78:d8:c6:d7:c8:5b:7b:cd:55:9f:21:55:5f:5d:c2:0c:d6:89:
         54:d2:8f:ff:c5:dc:16:ec:f9:16:8f:65:68:a4:fb:25:ba:bb:
         1c:4e:d6:6f:8f:7a:e1:82:35:96:48:82:27:bb:4c:f2:68:bf:
         a3:6b:17:a2:4e:00:8a:90:89:3d:6d:3e:87:88:e0:bf:39:90:
         8e:52:3f:7a:11:ad:6b:ff:c2:d8:d3:77:2d:da:fe:ae:0f:5c:
         f5:50:40:86:6a:76:9c:80:5d:c7:69:16:c7:cf:01:23:bb:eb:
         d8:71:48:c9:2a:cd:48:40:79:e8:cc:6e:42:58:76:ed:9a:c3:
         91:2c:a1:0a:48:2b:36:19:dd:fc:cd:52:21:2a:cb:18:32:04:
         94:39:d4:88:6c:0b:6a:d6:7f:54:d3:5d:1c:d3:c8:87:22:2d:
         12:6e:6a:ac:ae:1d:49:84:14:30:c0:58:75:b9:98:a2:3b:c8:
         5d:12:32:ca:d1:57:15:ee:fd:e6:5e:c3:6e:ba:62:91:b5:a2:
         db:e3:69:32:99:e4:f7:4f:f2:c0:db:51:fc:ae:91:28:79:27:
         26:8b:71:56:e2:e6:0d:1d:d8:43:37:fa:d1:88:ca:dc:67:d9:
         46:59:3e:44:d8:e4:74:7d:22:ef:df:8d:1c:41:53:0e:10:86:
         e1:2c:d5:8f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNpO0NuBkR1lzE9r8HqP9BfjtSScwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDAxMzVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDg5ZDA4ZDQ5OWQxNjgyZjhjMGYxNGJmZTExZGM1MjMxNjg3OTJlOTIwMDQ3
ZTliZTI5MzZkOTNhYjJlYWM1ZWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMd500JT41ITlyNjPO+o9JFjwd6zf0QoyDJqmETaffffPiF9/j/ublYDlDPB
ni3KI+ip0y2a5KYcFhMsfW5O+8O3zpPygSkIdMLzM8fQz/Wfp8RzgDn8g1I9Vz3/
4mTb9vMlNDhLloRrmrdwUbbSCpVtXGh3S1oGYWfkGpM3GVwbSGeGGmx6ZSLvxG4h
+lwIz62JvE84tm49g3B/BwUylWSgsvqg02vUFpVDd98i6xVEy3KJBXVneN7j703q
5ELzquEJUSe0ALuwyuSVldaIWUzNILWgfk/ZZpeb5WYZrL/89a1N+6y/igeb6sg5
HG6Kt+EeuwsFtenjXxjdGt42xnECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSEdEdQ
HMk2unsx84BPGX5S2G/sGTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGNhNTA3N2ItMDk4Ny00YTY1LWI4ZmYtYTFlMjdmNzZjZDFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BoI
MA0GCSqGSIb3DQEBCwUAA4IBAQB42MbXyFt7zVWfIVVfXcIM1olU0o//xdwW7PkW
j2VopPslurscTtZvj3rhgjWWSIInu0zyaL+jaxeiTgCKkIk9bT6HiOC/OZCOUj96
Ea1r/8LY03ct2v6uD1z1UECGanacgF3HaRbHzwEju+vYcUjJKs1IQHnozG5CWHbt
msORLKEKSCs2Gd38zVIhKssYMgSUOdSIbAtq1n9U010c08iHIi0Sbmqsrh1JhBQw
wFh1uZiiO8hdEjLK0VcV7v3mXsNuumKRtaLb42kymeT3T/LA21H8rpEoeScmi3FW
4uYNHdhDN/rRiMrcZ9lGWT5E2OR0fSLv340cQVMOEIbhLNWP
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:34 2025 by rpki-client