Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/915ccef6-b06f-4e11-be9a-8b9a229ff52b.roa
File:                     915ccef6-b06f-4e11-be9a-8b9a229ff52b.roa (raw, json)
Hash identifier:          d7z1YPIGyiQZLh9SYDP5dAD+qLxTKC2iwhWpBrpvsqc=
Subject key identifier:   D8:C9:77:DE:7C:DC:88:EA:06:FA:DB:50:DD:A2:4E:BA:5D:A8:E0:1C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       02C6CE16F19092C1518FB1E40504DB57D7FA3FBD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/915ccef6-b06f-4e11-be9a-8b9a229ff52b.roa
Signing time:             Fri 26 Sep 2025 20:01:41 +0000
ROA not before:           Fri 26 Sep 2025 20:01:41 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d010:8000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:c6:ce:16:f1:90:92:c1:51:8f:b1:e4:05:04:db:57:d7:fa:3f:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 20:01:41 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=bc6a4baa861c75f95fab614f9423e6cd5fbd24927de115ecd50c90fa57a1f8b7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:3c:22:54:2e:fe:39:1b:25:63:a5:80:e0:45:
                    55:9d:bf:ab:09:9f:41:f1:97:a5:66:bc:8b:67:bc:
                    7b:4a:62:ef:a2:35:c1:89:78:98:1d:a4:03:a9:b7:
                    d7:0d:ce:0c:a6:fe:f9:0d:68:53:8e:79:ff:a6:7f:
                    10:25:1b:49:5b:c4:d8:1b:fd:67:bf:d3:46:3e:7d:
                    bc:9b:75:ed:2b:f6:3c:e5:93:b1:a5:e3:8c:f1:a6:
                    0a:00:dd:0d:5c:8e:ad:ad:85:71:46:bc:a8:8e:ce:
                    95:54:04:af:08:0f:ff:b9:42:c2:65:97:d5:f1:01:
                    26:bf:1d:34:60:0a:33:de:93:e3:03:3d:77:8a:9e:
                    40:bf:6e:d5:7c:4b:f4:23:74:4c:3b:bf:95:e9:7b:
                    47:67:9a:f1:bd:0b:9e:b2:9e:a4:c1:37:cf:34:c2:
                    e1:85:8b:18:b9:cb:b7:64:6d:ea:01:6d:81:e3:6f:
                    a3:f2:ba:7d:a7:4c:3e:f7:34:96:b6:f3:37:36:df:
                    5f:3b:06:ef:30:9d:ed:09:e1:1e:19:db:c9:67:c6:
                    2a:13:5e:10:4e:01:36:5f:98:dc:4a:03:96:9c:03:
                    fa:c8:34:59:84:58:11:43:b8:12:81:15:50:d9:8d:
                    09:01:7f:77:fa:a4:b6:90:97:3a:95:ec:de:f8:b2:
                    7f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:C9:77:DE:7C:DC:88:EA:06:FA:DB:50:DD:A2:4E:BA:5D:A8:E0:1C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/915ccef6-b06f-4e11-be9a-8b9a229ff52b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d010:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         3f:6e:7f:24:69:73:96:ed:96:2e:ef:1c:77:e9:80:5a:99:89:
         b1:39:77:a5:9b:26:8d:e1:fd:ef:86:65:5a:5d:eb:37:68:79:
         d3:ac:b8:fe:8d:3e:89:be:56:a2:01:aa:e6:63:54:59:c9:c4:
         5b:2e:27:d8:86:7e:73:70:e4:d5:33:7f:8f:4b:6c:1f:c4:89:
         6a:8b:10:c1:af:0b:72:db:65:3c:3b:4f:8f:5f:4d:e3:05:a2:
         18:df:0e:9a:6d:45:cc:ce:94:1a:81:4d:ba:6f:c4:96:ee:ad:
         ac:ed:d4:a2:c0:4b:d8:8c:97:14:96:bc:5e:83:18:3e:9e:8d:
         b6:e3:75:19:dd:a7:cf:4b:bb:88:20:92:c4:ba:29:53:a7:db:
         3a:d4:3a:1c:f9:c7:9e:6d:0c:d5:3e:05:02:8f:ad:c9:22:c7:
         87:86:b8:53:2b:f8:b1:c8:80:99:dc:d6:50:0c:a2:a1:3d:1b:
         90:16:e5:d7:7f:70:85:6f:43:ff:69:3c:69:85:3d:c3:3c:f4:
         47:b7:23:e3:61:98:91:6b:27:72:eb:4b:11:24:94:05:4d:50:
         63:21:e0:47:bb:3a:8d:3f:74:81:c9:ba:39:2e:f4:c2:d9:94:
         0e:6d:e5:1c:41:cb:96:c3:1a:85:27:db:d5:f2:a5:f8:18:b6:
         13:8a:0b:a0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAsbOFvGQksFRj7HkBQTbV9f6P70wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDAxNDFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGJjNmE0YmFhODYxYzc1Zjk1ZmFiNjE0Zjk0MjNlNmNkNWZiZDI0OTI3ZGUx
MTVlY2Q1MGM5MGZhNTdhMWY4YjcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMQ8IlQu/jkbJWOlgOBFVZ2/qwmfQfGXpWa8i2e8e0pi76I1wYl4mB2kA6m3
1w3ODKb++Q1oU455/6Z/ECUbSVvE2Bv9Z7/TRj59vJt17Sv2POWTsaXjjPGmCgDd
DVyOra2FcUa8qI7OlVQErwgP/7lCwmWX1fEBJr8dNGAKM96T4wM9d4qeQL9u1XxL
9CN0TDu/lel7R2ea8b0LnrKepME3zzTC4YWLGLnLt2Rt6gFtgeNvo/K6fadMPvc0
lrbzNzbfXzsG7zCd7QnhHhnbyWfGKhNeEE4BNl+Y3EoDlpwD+sg0WYRYEUO4EoEV
UNmNCQF/d/qktpCXOpXs3viyf7UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTYyXfe
fNyI6gb621Ddok66XajgHDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTE1Y2NlZjYtYjA2Zi00ZTExLWJlOWEtOGI5YTIyOWZmNTJiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0BCA
MA0GCSqGSIb3DQEBCwUAA4IBAQA/bn8kaXOW7ZYu7xx36YBamYmxOXelmyaN4f3v
hmVaXes3aHnTrLj+jT6JvlaiAarmY1RZycRbLifYhn5zcOTVM3+PS2wfxIlqixDB
rwty22U8O0+PX03jBaIY3w6abUXMzpQagU26b8SW7q2s7dSiwEvYjJcUlrxegxg+
no2243UZ3afPS7uIIJLEuilTp9s61Doc+ceebQzVPgUCj63JIseHhrhTK/ixyICZ
3NZQDKKhPRuQFuXXf3CFb0P/aTxphT3DPPRHtyPjYZiRaydy60sRJJQFTVBjIeBH
uzqNP3SBybo5LvTC2ZQObeUcQcuWwxqFJ9vV8qX4GLYTigug
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:14 2025 by rpki-client