Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9207595e-3bbc-45f7-8f0a-813e1b01f9a1.roa
File:                     9207595e-3bbc-45f7-8f0a-813e1b01f9a1.roa (raw, json)
Hash identifier:          1Y+X2nAi+29LcK6aQflGnnQVmMv3TomGXiIMZ60Xy8s=
Subject key identifier:   8D:3F:20:54:72:57:D3:DF:74:FD:E9:D6:90:9C:2C:24:32:1D:61:2B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7B76507A843C16FF5082D021EBCCED585052A3E0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9207595e-3bbc-45f7-8f0a-813e1b01f9a1.roa
Signing time:             Fri 26 Sep 2025 19:10:08 +0000
ROA not before:           Fri 26 Sep 2025 19:10:08 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:9040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:76:50:7a:84:3c:16:ff:50:82:d0:21:eb:cc:ed:58:50:52:a3:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:10:08 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=bfaa7d51f5cdc08c9c360bfd205b5f2baa55f33057c3ba26f7e5f3b7185383bd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b1:9a:7c:cf:45:d5:65:0b:b5:ba:2d:f9:ae:
                    d8:69:e1:35:78:7a:5e:c7:a1:ea:52:d5:61:43:62:
                    3f:62:b5:c9:4c:a6:ed:c8:8d:30:ac:d3:a8:fb:9e:
                    60:87:c0:c0:07:96:53:28:9e:e8:eb:00:9f:56:a7:
                    01:69:5b:5e:90:01:8e:97:42:1f:2a:50:b7:33:76:
                    9f:87:58:3b:2c:9c:dc:50:ef:50:00:6f:e5:49:5c:
                    22:df:fb:cd:ef:82:29:65:28:c8:fa:15:23:d4:98:
                    f0:3c:ca:b0:fa:c3:a6:6b:48:68:1f:ce:ad:0f:40:
                    79:69:93:58:f9:dd:a9:b1:e4:f0:b5:f1:8e:e9:23:
                    b1:fe:5e:ad:03:c7:f9:11:f2:38:35:d8:87:7f:9f:
                    5f:4c:cf:f0:e3:d5:06:e7:e0:60:64:51:a2:27:02:
                    7f:2f:8f:0d:5b:53:2a:90:33:40:69:46:48:b2:56:
                    68:ec:2a:f6:8d:3e:a3:96:ee:f2:50:05:38:53:30:
                    20:07:f4:0a:16:26:04:1d:f0:4c:6a:a2:ef:75:64:
                    cf:4e:c7:0a:78:35:92:69:c7:c5:6f:cc:e4:02:cb:
                    66:9d:70:f2:74:ee:18:36:ff:aa:9e:f0:e2:43:d9:
                    a3:f9:8f:09:0d:6d:9e:32:12:78:59:e3:fd:27:53:
                    7e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:3F:20:54:72:57:D3:DF:74:FD:E9:D6:90:9C:2C:24:32:1D:61:2B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9207595e-3bbc-45f7-8f0a-813e1b01f9a1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:9040::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:ba:11:c3:12:1e:45:84:5d:cc:6a:fb:15:46:d3:7e:c8:b1:
         c6:6d:44:43:42:ca:06:78:54:c0:8c:57:a4:1f:78:fc:17:d6:
         7c:02:c4:5a:6a:db:ec:4a:03:0a:06:5b:19:9e:b4:75:bf:d5:
         e0:7b:66:f3:b2:6f:2e:96:e8:e5:e4:96:e7:43:e1:8b:ea:13:
         e0:69:db:35:98:d3:82:08:7a:7b:07:67:f1:11:e6:01:09:d0:
         ba:d1:dd:ca:e8:09:a7:aa:83:d9:d9:1b:0d:dc:73:bb:75:15:
         6d:5e:5d:c8:db:39:91:33:15:5a:09:ed:b0:77:2f:ab:ae:6e:
         ac:e8:80:26:5e:06:df:15:28:30:e9:9f:04:9b:ac:01:39:e5:
         e8:44:b2:bb:8b:ca:ff:d5:80:6a:3f:77:00:99:b6:d1:8d:96:
         a6:72:1f:87:5c:30:6e:b6:a6:e7:a4:62:18:3f:52:90:36:46:
         d0:18:dd:2e:2e:2a:8a:63:80:15:db:14:b8:fb:55:c4:81:84:
         ea:83:71:5f:da:0a:d3:d0:eb:98:fc:b3:e0:65:1b:13:6c:59:
         97:61:9d:97:44:1a:ad:fb:1a:91:3e:65:f1:30:4e:76:1a:39:
         17:4b:27:81:d6:73:6b:8f:57:53:ac:5d:2a:76:9a:52:e9:cc:
         e0:a1:a5:fd
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUe3ZQeoQ8Fv9QgtAh68ztWFBSo+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTEwMDhaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGJmYWE3ZDUxZjVjZGMwOGM5YzM2MGJmZDIwNWI1ZjJiYWE1NWYzMzA1N2Mz
YmEyNmY3ZTVmM2I3MTg1MzgzYmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL6xmnzPRdVlC7W6Lfmu2GnhNXh6Xseh6lLVYUNiP2K1yUym7ciNMKzTqPue
YIfAwAeWUyie6OsAn1anAWlbXpABjpdCHypQtzN2n4dYOyyc3FDvUABv5UlcIt/7
ze+CKWUoyPoVI9SY8DzKsPrDpmtIaB/OrQ9AeWmTWPndqbHk8LXxjukjsf5erQPH
+RHyODXYh3+fX0zP8OPVBufgYGRRoicCfy+PDVtTKpAzQGlGSLJWaOwq9o0+o5bu
8lAFOFMwIAf0ChYmBB3wTGqi73Vkz07HCng1kmnHxW/M5ALLZp1w8nTuGDb/qp7w
4kPZo/mPCQ1tnjISeFnj/SdTfvsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSNPyBU
clfT33T96daQnCwkMh1hKzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTIwNzU5NWUtM2JiYy00NWY3LThmMGEtODEzZTFiMDFmOWExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DGQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAGroRwxIeRYRdzGr7FUbTfsixxm1EQ0LKBnhU
wIxXpB94/BfWfALEWmrb7EoDCgZbGZ60db/V4Htm87JvLpbo5eSW50Phi+oT4Gnb
NZjTggh6ewdn8RHmAQnQutHdyugJp6qD2dkbDdxzu3UVbV5dyNs5kTMVWgntsHcv
q65urOiAJl4G3xUoMOmfBJusATnl6ESyu4vK/9WAaj93AJm20Y2WpnIfh1wwbram
56RiGD9SkDZG0BjdLi4qimOAFdsUuPtVxIGE6oNxX9oK09DrmPyz4GUbE2xZl2Gd
l0QarfsakT5l8TBOdho5F0sngdZza49XU6xdKnaaUunM4KGl/Q==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:34 2025 by rpki-client