Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa
File:                     90bd72ba-b30d-4433-a47e-e0543a4ea451.roa (raw, json)
Hash identifier:          gKDv4zRB2sZ6MlHbMZ+75MKW91057LIdo+qEUp8qvD0=
Subject key identifier:   39:F2:66:92:4A:B7:DF:06:E8:82:CB:0A:89:67:A5:70:AF:43:46:8C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       02C1DDF2E624B739822B73E9AF24746EF19D4808
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa
Signing time:             Fri 26 Sep 2025 19:21:45 +0000
ROA not before:           Fri 26 Sep 2025 19:21:45 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d034:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:c1:dd:f2:e6:24:b7:39:82:2b:73:e9:af:24:74:6e:f1:9d:48:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:21:45 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=cdfa2a044c0a17a758216c221ccfb94b56a370774cdcb25860b9f41bae1d8402, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a6:3a:8f:0f:41:f3:f4:3a:d2:3e:bb:1a:2b:
                    d2:b9:95:f1:1a:ba:e2:d9:ba:62:80:50:15:3e:82:
                    44:a8:f4:c8:06:ff:2f:79:7f:a7:4a:3e:42:6d:02:
                    60:2f:21:50:96:9d:9d:d2:40:10:0d:d4:5e:41:33:
                    da:c8:06:30:27:a6:1f:91:39:21:28:6d:73:6e:a9:
                    03:fd:18:ac:bf:3f:da:85:27:f4:e7:e1:d2:e0:82:
                    70:0e:42:fd:73:66:7f:fe:46:20:77:4a:04:51:60:
                    8f:36:7d:1c:4e:08:15:8f:26:66:de:f3:4f:d1:0d:
                    9e:ff:95:a4:8e:c1:00:4d:cf:31:a0:c2:bd:78:ec:
                    51:1d:e8:1a:59:10:e5:00:7f:d7:00:b8:16:69:ef:
                    73:1d:ab:e5:0d:2c:70:8b:ee:68:e6:34:e6:31:13:
                    71:60:12:fd:e0:84:0d:f1:01:12:c5:5f:d8:fb:d4:
                    66:69:f2:67:be:a2:1e:62:42:92:ff:1d:70:7c:e2:
                    14:b8:cb:f6:36:1e:14:fb:92:64:0a:10:7c:04:c6:
                    bc:17:6d:62:67:a7:a8:84:95:51:a4:8c:8f:91:ce:
                    8d:85:4a:32:2a:12:77:30:60:8c:b1:0d:16:a4:8e:
                    aa:4a:83:f8:04:93:a5:4c:d8:23:fd:4b:d3:2f:07:
                    97:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:F2:66:92:4A:B7:DF:06:E8:82:CB:0A:89:67:A5:70:AF:43:46:8C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d034:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8e:93:35:82:8e:1f:c2:e4:e8:fa:bb:b7:2d:04:80:6a:8e:ed:
         e2:b3:9e:ad:05:df:8d:88:2b:a7:7f:0d:b0:78:d7:0e:bc:7f:
         52:33:d7:a3:90:30:09:63:0c:2b:55:2c:1c:47:65:86:6f:ae:
         06:74:68:14:ae:71:a0:c5:0f:c3:42:e9:28:56:8a:63:8e:a9:
         b7:ac:71:e3:b8:d2:54:72:18:9f:01:90:51:ce:f7:44:90:4d:
         14:b0:53:b4:d4:17:c8:ec:ee:8a:4b:58:6c:45:1f:d7:34:91:
         cd:de:f2:ad:b0:e1:ce:23:13:68:7b:ca:40:8d:df:33:de:a6:
         40:1b:17:8d:c9:97:1c:81:d9:00:05:36:03:0c:de:d3:25:0b:
         ab:0e:01:80:48:02:b7:2c:2d:8d:ac:6a:d0:ae:07:9e:78:93:
         bf:c0:2b:7b:10:cb:f5:45:87:e5:9a:c5:cc:08:ab:f7:14:00:
         fc:98:0f:cc:96:f7:37:60:e4:44:16:9b:a7:9e:fe:a1:ca:f2:
         3f:74:a1:2f:a5:a0:d7:e1:86:7c:7d:0c:e0:ac:1c:c6:85:fa:
         43:a1:65:0d:9b:0d:58:8d:0a:7c:2e:1e:19:d7:c4:56:6b:a2:
         f9:9e:b2:33:a4:24:c6:f5:9a:65:10:f4:d4:25:4e:37:93:dc:
         24:6e:1a:ab
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAsHd8uYktzmCK3PpryR0bvGdSAgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTIxNDVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGNkZmEyYTA0NGMwYTE3YTc1ODIxNmMyMjFjY2ZiOTRiNTZhMzcwNzc0Y2Rj
YjI1ODYwYjlmNDFiYWUxZDg0MDIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANKmOo8PQfP0OtI+uxor0rmV8Rq64tm6YoBQFT6CRKj0yAb/L3l/p0o+Qm0C
YC8hUJadndJAEA3UXkEz2sgGMCemH5E5IShtc26pA/0YrL8/2oUn9Ofh0uCCcA5C
/XNmf/5GIHdKBFFgjzZ9HE4IFY8mZt7zT9ENnv+VpI7BAE3PMaDCvXjsUR3oGlkQ
5QB/1wC4Fmnvcx2r5Q0scIvuaOY05jETcWAS/eCEDfEBEsVf2PvUZmnyZ76iHmJC
kv8dcHziFLjL9jYeFPuSZAoQfATGvBdtYmenqISVUaSMj5HOjYVKMioSdzBgjLEN
FqSOqkqD+ASTpUzYI/1L0y8Hlz8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ58maS
SrffBuiCywqJZ6Vwr0NGjDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTBiZDcyYmEtYjMwZC00NDMzLWE0N2UtZTA1NDNhNGVhNDUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DTg
MA0GCSqGSIb3DQEBCwUAA4IBAQCOkzWCjh/C5Oj6u7ctBIBqju3is56tBd+NiCun
fw2weNcOvH9SM9ejkDAJYwwrVSwcR2WGb64GdGgUrnGgxQ/DQukoVopjjqm3rHHj
uNJUchifAZBRzvdEkE0UsFO01BfI7O6KS1hsRR/XNJHN3vKtsOHOIxNoe8pAjd8z
3qZAGxeNyZccgdkABTYDDN7TJQurDgGASAK3LC2NrGrQrgeeeJO/wCt7EMv1RYfl
msXMCKv3FAD8mA/Mlvc3YOREFpunnv6hyvI/dKEvpaDX4YZ8fQzgrBzGhfpDoWUN
mw1YjQp8Lh4Z18RWa6L5nrIzpCTG9ZplEPTUJU43k9wkbhqr
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:49 2025 by rpki-client