Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/97700b94-3ec6-472c-97f5-b54fb1f56f76.roa
File:                     97700b94-3ec6-472c-97f5-b54fb1f56f76.roa (raw, json)
Hash identifier:          i/G5v4OKYBDmnsCyR9QzM+SWTRyB3YtRGG+hKnxeUuc=
Subject key identifier:   C9:E3:8A:EA:51:BB:12:F5:F8:45:E7:35:E6:92:68:D5:EA:A5:E7:83
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       038FB2276C47561E42F642D5F96EBAC98E7F5227
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/97700b94-3ec6-472c-97f5-b54fb1f56f76.roa
Signing time:             Mon 06 Oct 2025 18:10:03 +0000
ROA not before:           Mon 06 Oct 2025 18:10:03 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d073:2040::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:8f:b2:27:6c:47:56:1e:42:f6:42:d5:f9:6e:ba:c9:8e:7f:52:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct  6 18:10:03 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=e38f94403e00f10681defdcdcd89cc6f7a6601b13570bf71240aa26ef533d345, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:94:0f:80:0b:24:35:dc:93:7d:29:5f:97:5f:
                    6e:04:1b:41:52:a3:5f:f2:1e:90:95:d8:0c:67:1b:
                    42:45:f6:d8:56:a5:ae:a2:d9:9f:8b:2e:bc:15:75:
                    8a:c0:a2:b0:28:ec:95:d1:2c:bb:67:55:67:c3:51:
                    f6:0a:e4:7e:49:ef:46:6a:fd:de:51:be:1b:d3:2a:
                    b9:e9:8f:c5:aa:1f:4c:0f:18:35:4d:25:25:da:a0:
                    ed:7a:02:af:1b:cf:e2:6c:31:88:e9:ef:4e:30:61:
                    1e:6d:f7:74:3b:bf:15:28:ed:ac:5c:61:23:c3:5a:
                    5b:0d:de:2b:2b:c0:f3:d9:66:0c:d3:a4:f9:4e:4d:
                    2d:c9:f4:ad:3f:14:c5:96:0e:90:c3:10:5e:9a:36:
                    58:28:50:39:bc:7f:b5:3e:8b:04:3d:8f:c4:fd:ef:
                    fe:cf:23:72:88:eb:c7:85:8e:c1:d2:eb:7d:d9:9a:
                    3a:c7:b3:0e:a4:03:40:03:da:76:7d:d9:ba:4f:0e:
                    16:d5:a3:21:6d:77:78:6f:7a:e9:8c:9b:10:71:62:
                    5b:9a:e9:4c:2a:83:58:78:03:4f:3d:72:70:2e:c1:
                    b0:63:56:2c:58:08:9c:5c:a7:df:3e:92:36:50:bc:
                    a5:b9:ad:83:84:da:5a:cd:3f:4d:f1:a0:11:15:41:
                    fe:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:E3:8A:EA:51:BB:12:F5:F8:45:E7:35:E6:92:68:D5:EA:A5:E7:83
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/97700b94-3ec6-472c-97f5-b54fb1f56f76.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d073:2040::/46

    Signature Algorithm: sha256WithRSAEncryption
         7b:c7:4e:9a:de:03:cc:45:47:13:82:f4:d2:41:ae:d3:a2:4e:
         eb:8e:58:fa:ac:3f:39:c8:38:e2:5d:5b:f5:15:4d:43:c0:c8:
         cb:03:49:b8:5b:4b:30:ff:61:f0:51:47:45:af:57:cf:84:ed:
         52:e5:01:04:9b:43:05:33:c2:26:44:8d:35:43:68:a3:1e:1c:
         70:65:e0:4e:03:ea:24:d1:27:5d:8f:24:7d:e3:93:37:6c:ef:
         c5:d9:0a:3d:62:72:97:f3:a7:79:0a:ed:37:7e:5d:58:a2:d3:
         14:1a:02:1f:cf:28:0c:88:b5:3e:a9:45:56:d2:41:fc:9b:06:
         b2:6b:9e:b0:cc:2d:cf:91:0c:fb:51:24:e5:3d:03:0e:d0:dc:
         87:58:b6:87:93:55:72:d7:13:7c:36:47:26:de:dc:b7:51:d4:
         a3:4a:f6:16:dc:96:02:93:9d:bc:5a:96:65:e6:f6:66:ed:b9:
         66:af:c3:76:e1:54:a9:d6:b9:f8:2a:08:c2:e7:65:10:6c:e9:
         9c:7e:dd:74:6d:86:74:bc:8e:27:c1:86:b0:fa:10:09:04:77:
         bd:f2:3c:e7:bd:20:23:94:2e:ec:dc:4a:8a:b7:9a:c4:e9:41:
         fc:18:e6:1b:7d:78:99:71:6b:d8:02:3e:13:d5:a0:5f:bb:ac:
         e8:cf:5b:1e
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUA4+yJ2xHVh5C9kLV+W66yY5/UicwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODEwMDNaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGUzOGY5NDQwM2UwMGYxMDY4MWRlZmRjZGNkODljYzZmN2E2NjAxYjEzNTcw
YmY3MTI0MGFhMjZlZjUzM2QzNDUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIyUD4ALJDXck30pX5dfbgQbQVKjX/IekJXYDGcbQkX22FalrqLZn4suvBV1
isCisCjsldEsu2dVZ8NR9grkfknvRmr93lG+G9MquemPxaofTA8YNU0lJdqg7XoC
rxvP4mwxiOnvTjBhHm33dDu/FSjtrFxhI8NaWw3eKyvA89lmDNOk+U5NLcn0rT8U
xZYOkMMQXpo2WChQObx/tT6LBD2PxP3v/s8jcojrx4WOwdLrfdmaOsezDqQDQAPa
dn3Zuk8OFtWjIW13eG966YybEHFiW5rpTCqDWHgDTz1ycC7BsGNWLFgInFyn3z6S
NlC8pbmtg4TaWs0/TfGgERVB/gcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTJ44rq
UbsS9fhF5zXmkmjV6qXngzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTc3MDBiOTQtM2VjNi00NzJjLTk3ZjUtYjU0ZmIxZjU2Zjc2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HMg
QDANBgkqhkiG9w0BAQsFAAOCAQEAe8dOmt4DzEVHE4L00kGu06JO645Y+qw/Ocg4
4l1b9RVNQ8DIywNJuFtLMP9h8FFHRa9Xz4TtUuUBBJtDBTPCJkSNNUNoox4ccGXg
TgPqJNEnXY8kfeOTN2zvxdkKPWJyl/OneQrtN35dWKLTFBoCH88oDIi1PqlFVtJB
/JsGsmuesMwtz5EM+1Ek5T0DDtDch1i2h5NVctcTfDZHJt7ct1HUo0r2FtyWApOd
vFqWZeb2Zu25Zq/DduFUqda5+CoIwudlEGzpnH7ddG2GdLyOJ8GGsPoQCQR3vfI8
570gI5Qu7NxKireaxOlB/BjmG314mXFr2AI+E9WgX7us6M9bHg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:14 2025 by rpki-client