Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/96632b04-b91d-4e29-8e82-14fddf17bed9.roa
File:                     96632b04-b91d-4e29-8e82-14fddf17bed9.roa (raw, json)
Hash identifier:          QCK/IppiKF2/FneOKp/GCv5/+8myzNHQvc2zBorBRQM=
Subject key identifier:   9A:15:ED:EE:75:F7:54:CD:FC:33:0A:8A:41:01:4A:48:85:56:0A:77
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0F3E32EE42ADBDB4ACD7BD88B6B2E1B54E7C45AC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/96632b04-b91d-4e29-8e82-14fddf17bed9.roa
Signing time:             Fri 26 Sep 2025 19:00:20 +0000
ROA not before:           Fri 26 Sep 2025 19:00:20 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:8060::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:3e:32:ee:42:ad:bd:b4:ac:d7:bd:88:b6:b2:e1:b5:4e:7c:45:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:00:20 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=83bc678658af428ffff7f4f5ff043a3be8edb8c2a7014f7a435826a221f1c626, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:57:b2:e0:cd:8d:97:8f:03:58:53:13:4c:24:
                    21:91:26:bd:84:e3:0c:22:2b:7e:bc:32:ee:10:ab:
                    71:9e:93:aa:0b:94:b4:36:0a:aa:a1:7f:c1:b5:39:
                    b8:6d:a9:fc:5f:f0:f8:07:65:b9:07:8c:29:c1:b7:
                    80:50:b3:6b:64:21:16:49:ce:c6:f2:8e:04:d9:b2:
                    de:12:a8:29:6f:7c:f5:72:23:b1:4d:97:49:a9:ca:
                    72:64:fc:33:f5:b3:f9:1c:c5:82:b2:6d:ae:45:c2:
                    d9:e8:8e:20:86:79:b3:4a:d7:b2:b6:66:eb:b1:db:
                    b5:60:91:d1:21:e5:67:0a:c6:a1:de:61:d0:58:a6:
                    a8:51:ac:95:58:2b:c7:d9:bb:c8:8d:ed:1d:1c:cd:
                    d6:92:48:c6:37:01:a9:4c:9b:a1:5b:23:c8:e2:2c:
                    a5:bd:c6:dd:24:ec:f1:dc:ce:a1:d3:47:b8:86:48:
                    28:0b:ee:cb:06:e5:37:5a:42:da:f5:9c:a6:14:41:
                    5a:75:23:dc:4a:0d:30:1a:ab:dc:10:98:e0:fd:52:
                    2c:b3:50:5a:4d:12:a2:a4:d2:c3:3e:8b:a1:e3:79:
                    12:79:1a:0a:b8:35:0b:50:99:97:72:66:45:50:25:
                    0b:f7:a0:5b:f4:0f:13:8f:6c:8e:08:69:69:2b:e1:
                    e5:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:15:ED:EE:75:F7:54:CD:FC:33:0A:8A:41:01:4A:48:85:56:0A:77
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/96632b04-b91d-4e29-8e82-14fddf17bed9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:8060::/48

    Signature Algorithm: sha256WithRSAEncryption
         c7:39:72:f5:62:25:b6:58:03:9d:ff:74:99:10:e3:be:4d:ce:
         1c:1e:ff:a7:79:56:cc:42:2e:2e:df:c2:64:08:ed:c8:dc:34:
         42:d5:15:37:74:04:b6:51:98:d8:76:ab:9b:04:8d:6b:28:c3:
         09:cc:5e:6f:fe:24:78:7b:62:cf:db:3a:ed:19:b0:39:3e:32:
         24:f2:91:3a:39:7f:83:19:41:d7:b7:00:f9:31:a6:ff:64:13:
         98:df:94:61:54:c3:eb:78:79:21:09:79:d0:94:63:86:eb:35:
         ae:3f:95:ed:b6:c6:73:19:90:1a:d5:5f:f6:0b:ef:3d:1f:61:
         f8:47:90:c7:8c:03:34:5b:f6:a7:51:89:48:dc:62:04:63:4c:
         1e:23:95:37:60:99:82:ee:bd:a0:fc:ef:06:52:c5:35:48:26:
         09:c2:53:f3:99:7d:70:65:2b:17:ae:ab:43:57:54:ec:6c:dc:
         fb:81:bf:d6:ff:ab:4a:1a:63:1f:b3:a0:74:fb:98:e9:09:77:
         f6:bb:6a:a9:77:fc:13:7f:a4:c2:29:80:32:e0:9e:b5:38:f6:
         f2:55:49:a5:3b:3a:ce:d8:0d:06:10:eb:6e:1d:29:8f:ee:e6:
         24:0e:75:89:5b:f7:70:39:4a:3f:eb:fe:23:7a:b8:b5:54:af:
         4b:82:f7:44
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUDz4y7kKtvbSs172ItrLhtU58RawwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTAwMjBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDgzYmM2Nzg2NThhZjQyOGZmZmY3ZjRmNWZmMDQzYTNiZThlZGI4YzJhNzAx
NGY3YTQzNTgyNmEyMjFmMWM2MjYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKpXsuDNjZePA1hTE0wkIZEmvYTjDCIrfrwy7hCrcZ6TqguUtDYKqqF/wbU5
uG2p/F/w+AdluQeMKcG3gFCza2QhFknOxvKOBNmy3hKoKW989XIjsU2XSanKcmT8
M/Wz+RzFgrJtrkXC2eiOIIZ5s0rXsrZm67HbtWCR0SHlZwrGod5h0FimqFGslVgr
x9m7yI3tHRzN1pJIxjcBqUyboVsjyOIspb3G3STs8dzOodNHuIZIKAvuywblN1pC
2vWcphRBWnUj3EoNMBqr3BCY4P1SLLNQWk0SoqTSwz6LoeN5EnkaCrg1C1CZl3Jm
RVAlC/egW/QPE49sjghpaSvh5S8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSaFe3u
dfdUzfwzCopBAUpIhVYKdzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTY2MzJiMDQtYjkxZC00ZTI5LThlODItMTRmZGRmMTdiZWQ5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
YDANBgkqhkiG9w0BAQsFAAOCAQEAxzly9WIltlgDnf90mRDjvk3OHB7/p3lWzEIu
Lt/CZAjtyNw0QtUVN3QEtlGY2HarmwSNayjDCcxeb/4keHtiz9s67RmwOT4yJPKR
Ojl/gxlB17cA+TGm/2QTmN+UYVTD63h5IQl50JRjhus1rj+V7bbGcxmQGtVf9gvv
PR9h+EeQx4wDNFv2p1GJSNxiBGNMHiOVN2CZgu69oPzvBlLFNUgmCcJT85l9cGUr
F66rQ1dU7Gzc+4G/1v+rShpjH7OgdPuY6Ql39rtqqXf8E3+kwimAMuCetTj28lVJ
pTs6ztgNBhDrbh0pj+7mJA51iVv3cDlKP+v+I3q4tVSvS4L3RA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:50 2025 by rpki-client