Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8dc7d5ba-b1e9-4c1c-a190-214731b71b49.roa
File:                     8dc7d5ba-b1e9-4c1c-a190-214731b71b49.roa (raw, json)
Hash identifier:          TGY6E7eJNkXtPZvi98mUQpCIyqPBOnYWHhEO9/QZkdo=
Subject key identifier:   D2:90:9D:0B:19:01:3C:11:EC:92:C6:6C:76:61:50:FF:5C:A3:E6:04
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7F17E63B398EB53D0361958E3000D21B9073E51D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8dc7d5ba-b1e9-4c1c-a190-214731b71b49.roa
Signing time:             Fri 26 Sep 2025 19:38:51 +0000
ROA not before:           Fri 26 Sep 2025 19:38:51 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d036:e000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:17:e6:3b:39:8e:b5:3d:03:61:95:8e:30:00:d2:1b:90:73:e5:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:38:51 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=a7da2a0c0e07a24e779d3da1b7d4047a9abef4bd5e99da06e8805b1901adaeb8, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:a0:92:d0:fe:06:85:6b:12:a8:34:49:e9:cd:
                    56:7f:f5:ba:83:91:92:f4:de:e1:22:f9:ee:f7:43:
                    d9:e4:7c:ce:85:b1:d2:b7:3c:c5:54:c4:38:dd:28:
                    52:37:95:12:56:c8:c6:82:c6:fe:d1:3f:e7:dc:3f:
                    a0:7e:f1:86:57:36:68:5e:dc:df:e3:9f:c4:03:9f:
                    fd:23:79:78:0b:96:9d:09:c9:12:91:60:0e:ad:a3:
                    02:0b:b1:64:8f:e7:b0:bb:82:72:1a:47:d4:7d:76:
                    11:23:15:63:50:3b:47:ae:39:07:5b:d7:ee:e7:12:
                    d3:88:0c:dc:ad:1c:f7:ef:70:fd:46:a9:66:f8:76:
                    29:d8:d1:6d:e8:7f:54:fc:44:be:7b:cf:e3:90:72:
                    6e:40:89:2a:1f:ff:ae:45:95:a5:c6:22:1f:55:c0:
                    40:49:67:6d:02:6a:88:bb:f1:cd:8c:e1:da:dd:be:
                    47:9b:f5:a4:09:6f:c0:a5:c1:e9:9b:da:88:1e:81:
                    ec:6f:e1:24:d8:fc:e1:18:91:97:e2:af:19:7c:0d:
                    9d:8b:fc:2f:36:1b:a3:d6:cf:10:67:e7:24:cc:02:
                    26:94:8e:2b:e7:0e:88:f8:a2:7a:72:e9:0d:cc:5b:
                    c1:04:00:a2:27:2e:3c:4f:e1:21:3d:5e:be:c6:63:
                    98:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:90:9D:0B:19:01:3C:11:EC:92:C6:6C:76:61:50:FF:5C:A3:E6:04
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8dc7d5ba-b1e9-4c1c-a190-214731b71b49.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d036:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b7:ee:66:8d:2e:2b:5a:bb:2b:5d:43:66:7c:56:ba:5e:1a:11:
         6b:16:f4:81:79:6e:e1:95:58:f3:05:a9:65:ae:e2:ea:1f:3b:
         97:7f:55:d3:2f:07:ff:78:00:e3:d1:ac:e2:ec:e3:79:e1:93:
         d5:40:e5:b7:21:0b:df:df:3f:4d:ff:90:a0:9b:d1:84:d8:eb:
         9f:28:13:6d:88:2f:3f:3a:1c:c1:a6:02:c5:b0:4d:4c:bd:7e:
         5c:8a:eb:4e:d6:8e:db:1b:af:a9:79:7d:0d:54:00:f6:15:79:
         50:c5:2d:4c:76:f0:5c:62:24:6e:da:ac:68:f0:07:e5:fd:8f:
         1a:e6:82:fd:b8:92:54:f2:49:15:a9:8c:21:81:42:d8:21:4c:
         7e:e8:8c:36:1f:4e:1d:5f:00:38:37:d7:2a:c3:19:f5:5c:c9:
         f9:cf:db:bf:46:f4:29:16:39:b1:42:8f:6a:95:c2:65:a7:6d:
         d5:03:0c:a8:a3:19:c5:51:1f:3f:1b:65:e7:44:cb:22:f0:e8:
         06:ee:5a:16:46:28:13:ec:85:88:bc:30:63:96:ea:37:23:08:
         2d:85:2d:f8:ef:c4:86:61:b7:08:66:56:f4:c2:01:21:b5:8b:
         26:a4:59:4d:13:d2:09:ad:aa:1e:e8:e9:69:b5:47:f4:ea:68:
         c9:1e:f1:dd
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUfxfmOzmOtT0DYZWOMADSG5Bz5R0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTM4NTFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGE3ZGEyYTBjMGUwN2EyNGU3NzlkM2RhMWI3ZDQwNDdhOWFiZWY0YmQ1ZTk5
ZGEwNmU4ODA1YjE5MDFhZGFlYjgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANegktD+BoVrEqg0SenNVn/1uoORkvTe4SL57vdD2eR8zoWx0rc8xVTEON0o
UjeVElbIxoLG/tE/59w/oH7xhlc2aF7c3+OfxAOf/SN5eAuWnQnJEpFgDq2jAgux
ZI/nsLuCchpH1H12ESMVY1A7R645B1vX7ucS04gM3K0c9+9w/UapZvh2KdjRbeh/
VPxEvnvP45BybkCJKh//rkWVpcYiH1XAQElnbQJqiLvxzYzh2t2+R5v1pAlvwKXB
6ZvaiB6B7G/hJNj84RiRl+KvGXwNnYv8LzYbo9bPEGfnJMwCJpSOK+cOiPiienLp
DcxbwQQAoicuPE/hIT1evsZjmKkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTSkJ0L
GQE8EeySxmx2YVD/XKPmBDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGRjN2Q1YmEtYjFlOS00YzFjLWExOTAtMjE0NzMxYjcxYjQ5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dbg
MA0GCSqGSIb3DQEBCwUAA4IBAQC37maNLitauytdQ2Z8VrpeGhFrFvSBeW7hlVjz
BallruLqHzuXf1XTLwf/eADj0azi7ON54ZPVQOW3IQvf3z9N/5Cgm9GE2OufKBNt
iC8/OhzBpgLFsE1MvX5ciutO1o7bG6+peX0NVAD2FXlQxS1MdvBcYiRu2qxo8Afl
/Y8a5oL9uJJU8kkVqYwhgULYIUx+6Iw2H04dXwA4N9cqwxn1XMn5z9u/RvQpFjmx
Qo9qlcJlp23VAwyooxnFUR8/G2XnRMsi8OgG7loWRigT7IWIvDBjluo3IwgthS34
78SGYbcIZlb0wgEhtYsmpFlNE9IJraoe6OlptUf06mjJHvHd
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:57 2025 by rpki-client