Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99bc52f3-b4f5-44eb-9a53-c74da3e9713e.roa
File:                     99bc52f3-b4f5-44eb-9a53-c74da3e9713e.roa (raw, json)
Hash identifier:          NgZVjZXQDee92eOxsN+EeSbDasirbXhNS/L+hk6hkCs=
Subject key identifier:   3A:33:36:DD:CC:31:D9:EB:5E:7E:94:36:39:59:FD:36:C7:BD:2D:A2
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0170623CF71DB1271FB70C7D371FC629060F8828
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99bc52f3-b4f5-44eb-9a53-c74da3e9713e.roa
Signing time:             Sat 27 Sep 2025 00:53:28 +0000
ROA not before:           Sat 27 Sep 2025 00:53:28 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d014:1000::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:70:62:3c:f7:1d:b1:27:1f:b7:0c:7d:37:1f:c6:29:06:0f:88:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 27 00:53:28 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=50df33c29fd628dedd6b2ca3623b5245a2c7d34f07f4cf6f21e1876a974a6159, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:0b:3b:3c:7f:65:31:fd:6d:35:2b:41:b3:87:
                    e0:7d:a4:d3:05:f9:6b:86:b6:ea:c9:f2:60:b7:db:
                    01:9d:cc:11:b4:c3:5d:d2:de:0b:31:d4:93:35:89:
                    a2:4b:ba:d5:a6:82:ee:52:ce:ea:39:f0:8d:9d:36:
                    20:82:a2:eb:95:42:15:66:15:8b:e5:e2:1f:62:8c:
                    b6:19:7e:d0:88:f1:36:09:a8:e4:ce:cf:98:2f:86:
                    95:04:dc:1f:70:9c:eb:a2:4e:e5:c8:85:d4:2c:ee:
                    95:f9:3e:48:ca:17:78:7f:f3:65:d1:87:18:29:6a:
                    e5:18:c2:c3:41:aa:03:b5:31:5b:b8:e1:d7:8f:c3:
                    29:fa:3d:c5:33:62:42:de:2d:f0:b6:42:5d:08:3d:
                    59:90:8b:54:69:a1:92:0a:30:f2:28:2c:b3:5c:a2:
                    f5:31:4d:7d:11:a0:a2:e6:d9:73:7f:00:49:96:be:
                    79:d7:1c:3e:91:d1:bf:c6:ef:73:13:01:65:08:20:
                    1b:64:5f:76:b0:d2:5f:d1:e4:86:93:ae:fd:40:f6:
                    c7:db:68:24:9d:83:ac:08:c5:89:eb:8b:9d:2e:62:
                    03:98:be:90:c4:20:3b:47:96:57:b9:fb:92:f6:50:
                    7b:79:02:7f:c1:ae:46:70:be:c2:bb:36:df:6c:a3:
                    f4:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:33:36:DD:CC:31:D9:EB:5E:7E:94:36:39:59:FD:36:C7:BD:2D:A2
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99bc52f3-b4f5-44eb-9a53-c74da3e9713e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d014:1000::/38

    Signature Algorithm: sha256WithRSAEncryption
         76:1a:30:43:6d:a3:0c:dc:d5:e7:6f:78:fd:88:c4:0b:61:5c:
         e0:87:90:f4:ad:65:1b:c0:23:4b:d7:fa:33:2e:e8:02:79:3d:
         5b:9d:5f:3c:0e:77:e2:fa:b0:d7:40:2f:08:53:c5:30:63:4d:
         05:4e:4b:b2:bc:66:f0:55:3a:6f:27:b5:a1:a3:fd:2d:b9:11:
         d0:ea:51:76:74:99:99:95:02:93:fd:3e:ea:49:62:0d:c2:22:
         23:98:31:a2:c1:79:6a:1a:4e:b9:d2:86:0e:dc:7a:38:68:7a:
         24:49:e5:71:93:41:34:42:40:05:0e:32:01:4d:d1:da:88:9f:
         96:ff:eb:65:c2:fb:16:dd:73:81:3c:fe:56:9c:de:d0:ef:81:
         df:35:dd:36:45:4e:1e:1d:9b:13:48:32:53:4d:78:9d:7f:ca:
         e8:47:f4:c2:92:25:ad:63:59:63:16:b2:d3:74:ac:af:a8:66:
         2d:26:6d:8e:a3:e2:d9:f0:d9:92:0b:e2:50:3e:e5:5a:8f:22:
         3d:27:fe:a5:49:14:b6:09:3f:d9:00:17:f9:ce:84:9d:9e:7f:
         41:c5:f2:c4:8d:4d:54:2f:35:11:5f:d9:24:58:92:13:4b:11:
         11:46:3c:16:e5:83:8d:60:39:f2:32:d8:0d:a2:c3:32:c2:e7:
         d7:73:12:41
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAXBiPPcdsScftwx9Nx/GKQYPiCgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjcwMDUzMjhaFw0yNTExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQDUwZGYzM2MyOWZkNjI4ZGVkZDZiMmNhMzYyM2I1MjQ1YTJjN2QzNGYwN2Y0
Y2Y2ZjIxZTE4NzZhOTc0YTYxNTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJILOzx/ZTH9bTUrQbOH4H2k0wX5a4a26snyYLfbAZ3MEbTDXdLeCzHUkzWJ
oku61aaC7lLO6jnwjZ02IIKi65VCFWYVi+XiH2KMthl+0IjxNgmo5M7PmC+GlQTc
H3Cc66JO5ciF1Czulfk+SMoXeH/zZdGHGClq5RjCw0GqA7UxW7jh14/DKfo9xTNi
Qt4t8LZCXQg9WZCLVGmhkgow8igss1yi9TFNfRGgoubZc38ASZa+edccPpHRv8bv
cxMBZQggG2RfdrDSX9HkhpOu/UD2x9toJJ2DrAjFieuLnS5iA5i+kMQgO0eWV7n7
kvZQe3kCf8GuRnC+wrs232yj9AECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ6Mzbd
zDHZ615+lDY5Wf02x70tojAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTliYzUyZjMtYjRmNS00NGViLTlhNTMtYzc0ZGEzZTk3MTNlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BQQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB2GjBDbaMM3NXnb3j9iMQLYVzgh5D0rWUbwCNL
1/ozLugCeT1bnV88Dnfi+rDXQC8IU8UwY00FTkuyvGbwVTpvJ7Who/0tuRHQ6lF2
dJmZlQKT/T7qSWINwiIjmDGiwXlqGk650oYO3Ho4aHokSeVxk0E0QkAFDjIBTdHa
iJ+W/+tlwvsW3XOBPP5WnN7Q74HfNd02RU4eHZsTSDJTTXidf8roR/TCkiWtY1lj
FrLTdKyvqGYtJm2Oo+LZ8NmSC+JQPuVajyI9J/6lSRS2CT/ZABf5zoSdnn9BxfLE
jU1ULzURX9kkWJITSxERRjwW5YONYDnyMtgNosMywufXcxJB
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:06 2025 by rpki-client