Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a0196e5-a789-4daf-912c-37aa6951f379.roa
File:                     9a0196e5-a789-4daf-912c-37aa6951f379.roa (raw, json)
Hash identifier:          Gxjld/0lGglTnbLnt4wQUXVo8ERRTlrHWVnSrpG0HhE=
Subject key identifier:   CD:F6:6C:3B:FE:0F:85:01:BE:DD:A9:5D:3F:88:B7:10:2C:33:79:F7
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3CB082E80E5391E4676705F69F04A8F9E121B8B3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a0196e5-a789-4daf-912c-37aa6951f379.roa
Signing time:             Mon 13 Oct 2025 18:00:05 +0000
ROA not before:           Mon 13 Oct 2025 18:00:05 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2a05:d030:a000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:b0:82:e8:0e:53:91:e4:67:67:05:f6:9f:04:a8:f9:e1:21:b8:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 18:00:05 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=0926767a0ce8797fc5b83fdc11c34617d902955de52dbd5b0e1ce92dfd643ef3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:e5:35:a9:61:0c:4a:23:76:be:57:f7:b0:94:
                    ed:84:54:af:22:ae:e5:81:67:3d:13:82:7c:47:77:
                    3b:1f:53:10:3b:8e:f7:6e:1c:f9:f1:58:1a:2a:89:
                    77:a1:1b:9f:0c:dd:80:89:0c:30:91:db:7b:b1:54:
                    df:32:f2:7e:c3:ec:dd:8e:46:d8:8e:7f:44:53:91:
                    98:76:fb:ad:4c:79:90:97:7b:34:f6:17:bb:fb:f2:
                    c5:1c:99:39:a9:18:32:6d:14:e9:e3:18:99:16:bd:
                    5f:9c:f4:06:ae:11:03:65:2f:90:28:2f:13:63:36:
                    8f:64:1d:80:fc:5f:1b:09:d2:4e:5f:2b:82:87:95:
                    82:c7:22:04:5b:4f:cf:06:29:13:49:3e:5a:92:74:
                    c4:4e:d2:b5:52:2c:b4:8e:54:cf:ab:6c:00:dc:39:
                    8c:bd:5e:a7:a9:61:12:ac:1c:9e:6a:a3:92:94:64:
                    3e:62:28:db:88:c1:76:fa:88:c0:56:6d:c1:1f:a6:
                    f8:c0:15:70:7e:f3:b1:d9:8a:05:34:6e:b2:61:0b:
                    f5:4a:f0:b1:ab:0a:c0:cd:d6:17:20:30:ee:48:dc:
                    51:0f:1d:e2:0d:d9:1a:6e:5a:82:4f:0d:af:a9:b2:
                    62:af:79:5a:73:a8:05:27:0e:88:ac:04:f2:50:18:
                    b7:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:F6:6C:3B:FE:0F:85:01:BE:DD:A9:5D:3F:88:B7:10:2C:33:79:F7
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a0196e5-a789-4daf-912c-37aa6951f379.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d030:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         01:bf:8f:12:8c:e0:9d:8b:12:29:4d:c1:3c:40:66:7d:57:ee:
         2c:b5:fd:5a:10:32:8f:de:6c:f4:91:b5:41:6c:14:86:ff:5b:
         54:25:c7:2d:b1:c7:bb:e7:58:69:95:e6:73:a7:0d:78:f8:ef:
         3c:8e:7e:cc:50:1a:79:e5:4d:88:ff:95:31:a4:a1:83:89:f6:
         ff:de:23:41:ef:ad:37:b8:b7:99:45:ba:bc:61:37:a2:14:bd:
         64:79:d2:c9:b5:93:7f:da:61:98:d1:66:d0:dc:85:a2:ec:97:
         42:07:64:39:21:3d:52:15:b5:3e:e3:40:42:fb:a9:93:b4:59:
         7a:dc:dd:ff:56:c2:47:42:5f:c2:f2:3a:6b:c6:90:45:db:83:
         24:6e:3b:dc:16:2c:02:ff:45:e7:88:21:28:69:e1:55:8d:fa:
         7f:0f:48:6a:0a:94:44:50:34:a6:8d:0a:e0:c5:0b:10:a4:66:
         b8:83:56:98:1d:79:ca:87:3c:14:32:62:00:9d:eb:64:9f:78:
         a6:74:da:f5:19:2e:da:10:98:46:4d:a5:9d:e2:e4:c9:c9:c9:
         e4:cc:15:eb:05:6d:ab:be:df:dd:83:23:42:14:3e:e8:21:2f:
         f3:3a:04:cf:6e:43:91:1c:c9:6a:45:ab:3d:0e:56:f4:c0:45:
         1b:05:3e:66
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPLCC6A5TkeRnZwX2nwSo+eEhuLMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxODAwMDVaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDA5MjY3NjdhMGNlODc5N2ZjNWI4M2ZkYzExYzM0NjE3ZDkwMjk1NWRlNTJk
YmQ1YjBlMWNlOTJkZmQ2NDNlZjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPvlNalhDEojdr5X97CU7YRUryKu5YFnPROCfEd3Ox9TEDuO924c+fFYGiqJ
d6EbnwzdgIkMMJHbe7FU3zLyfsPs3Y5G2I5/RFORmHb7rUx5kJd7NPYXu/vyxRyZ
OakYMm0U6eMYmRa9X5z0Bq4RA2UvkCgvE2M2j2QdgPxfGwnSTl8rgoeVgsciBFtP
zwYpE0k+WpJ0xE7StVIstI5Uz6tsANw5jL1ep6lhEqwcnmqjkpRkPmIo24jBdvqI
wFZtwR+m+MAVcH7zsdmKBTRusmEL9UrwsasKwM3WFyAw7kjcUQ8d4g3ZGm5agk8N
r6myYq95WnOoBScOiKwE8lAYt6kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTN9mw7
/g+FAb7dqV0/iLcQLDN59zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWEwMTk2ZTUtYTc4OS00ZGFmLTkxMmMtMzdhYTY5NTFmMzc5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DCg
MA0GCSqGSIb3DQEBCwUAA4IBAQABv48SjOCdixIpTcE8QGZ9V+4stf1aEDKP3mz0
kbVBbBSG/1tUJcctsce751hpleZzpw14+O88jn7MUBp55U2I/5UxpKGDifb/3iNB
7603uLeZRbq8YTeiFL1kedLJtZN/2mGY0WbQ3IWi7JdCB2Q5IT1SFbU+40BC+6mT
tFl63N3/VsJHQl/C8jprxpBF24MkbjvcFiwC/0XniCEoaeFVjfp/D0hqCpREUDSm
jQrgxQsQpGa4g1aYHXnKhzwUMmIAnetkn3imdNr1GS7aEJhGTaWd4uTJycnkzBXr
BW2rvt/dgyNCFD7oIS/zOgTPbkORHMlqRas9Dlb0wEUbBT5m
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:46:56 2025 by rpki-client