Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a5a5a5a-fd59-4048-875c-f0e74ec0a0f1.roa
File:                     9a5a5a5a-fd59-4048-875c-f0e74ec0a0f1.roa (raw, json)
Hash identifier:          /s9Y8JvYNSvuyO+chbBompN+KNFs98GIAD/kMA/ZPGA=
Subject key identifier:   77:E9:33:B7:2A:4D:83:B8:FD:C2:EE:1A:B7:45:E6:C6:3D:22:0D:C6
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       637EE057037E5AAEA0DDBFF2C95FDF917ECE7C56
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a5a5a5a-fd59-4048-875c-f0e74ec0a0f1.roa
Signing time:             Fri 17 Oct 2025 23:20:17 +0000
ROA not before:           Fri 17 Oct 2025 23:20:17 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07b:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:7e:e0:57:03:7e:5a:ae:a0:dd:bf:f2:c9:5f:df:91:7e:ce:7c:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 17 23:20:17 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=4452179adfa7a83a6d93c0428e3a90c367868ee4c4d7ddeed8f2a1c27afd78df, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:56:e3:67:a7:31:2f:97:0d:5f:a8:10:6f:81:
                    79:3f:6b:c1:f9:b0:d9:66:dc:21:16:a8:97:c9:02:
                    4d:64:58:d9:53:8a:65:d1:64:cf:4b:c7:13:9e:22:
                    78:51:43:c4:a6:7e:86:ea:13:b5:c5:13:70:9c:d2:
                    3c:c1:f1:1b:6d:d9:55:75:0f:1c:66:f7:04:be:59:
                    27:c5:e0:02:46:bb:8c:ac:70:a4:f9:1e:04:c2:09:
                    d5:f9:13:bc:2c:1e:2b:83:24:90:55:c6:a8:c4:c6:
                    44:cf:fb:1d:73:7c:43:20:29:34:09:b9:a9:3b:98:
                    12:58:a9:55:8d:ff:3d:b4:5d:3c:ca:92:32:a0:e0:
                    26:12:e7:a1:66:af:15:d3:43:fd:f7:c1:50:3b:c3:
                    eb:88:b0:62:5c:de:44:ad:f5:06:75:9a:12:79:5c:
                    20:1a:24:2e:ee:05:e1:bb:45:0c:f9:7e:dc:63:91:
                    39:1a:bd:57:5e:09:71:f1:cc:37:ed:77:1b:5b:f5:
                    34:08:76:0a:82:9d:3b:32:a6:27:4b:a9:c1:8d:ff:
                    34:47:49:6e:ff:72:29:d6:dc:ca:37:18:bf:a8:f7:
                    21:2b:03:ad:ee:6b:3d:85:c6:8a:56:b9:e8:13:9d:
                    5b:08:5a:87:85:6b:04:4a:45:60:5f:0a:41:3e:87:
                    f7:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:E9:33:B7:2A:4D:83:B8:FD:C2:EE:1A:B7:45:E6:C6:3D:22:0D:C6
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a5a5a5a-fd59-4048-875c-f0e74ec0a0f1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07b:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         97:a8:11:d2:a4:88:c4:2c:e4:a2:2a:e8:70:08:a5:ab:c0:c3:
         1a:e2:f1:6b:0b:24:e4:4a:1a:a8:f1:9d:e6:0e:62:28:bd:3e:
         c9:f7:5d:4b:20:ea:34:9e:10:ce:2f:4c:93:c2:56:2a:b1:8e:
         0e:9b:46:25:4f:60:7b:80:5c:f2:54:42:4c:bf:4a:fa:4e:8a:
         55:f7:71:04:57:3b:5d:3f:bd:c3:79:5a:44:20:69:e7:14:19:
         23:45:33:1e:df:da:ee:c1:ab:bc:15:1f:5f:40:e8:df:39:35:
         96:33:86:e7:6d:4d:71:c5:8d:e6:0f:bd:62:33:88:90:f3:45:
         17:0e:b5:27:fb:c0:01:8e:9e:b9:99:71:e4:3f:b9:ef:69:5a:
         5c:bf:42:dc:ab:72:a0:46:ef:9f:c4:76:67:1a:0e:95:1c:99:
         4f:53:c8:cb:2a:b3:6e:59:57:6a:8c:90:0f:d1:21:6e:b2:3f:
         9c:2b:82:93:31:40:a4:d2:7a:80:70:7f:df:75:40:76:a7:32:
         45:fe:3b:a9:5b:c3:1b:6a:45:d1:1c:01:0f:78:3b:be:50:a3:
         43:a5:4d:e0:4f:df:4b:cc:04:3a:48:49:01:94:04:c2:51:56:
         c4:1d:58:28:da:fb:fe:39:e7:77:ef:91:d9:55:bb:e0:88:c8:
         2c:47:19:2a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUY37gVwN+Wq6g3b/yyV/fkX7OfFYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTcyMzIwMTdaFw0yNTExMjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ0NTIxNzlhZGZhN2E4M2E2ZDkzYzA0MjhlM2E5MGMzNjc4NjhlZTRjNGQ3
ZGRlZWQ4ZjJhMWMyN2FmZDc4ZGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALNW42enMS+XDV+oEG+BeT9rwfmw2WbcIRaol8kCTWRY2VOKZdFkz0vHE54i
eFFDxKZ+huoTtcUTcJzSPMHxG23ZVXUPHGb3BL5ZJ8XgAka7jKxwpPkeBMIJ1fkT
vCweK4MkkFXGqMTGRM/7HXN8QyApNAm5qTuYElipVY3/PbRdPMqSMqDgJhLnoWav
FdND/ffBUDvD64iwYlzeRK31BnWaEnlcIBokLu4F4btFDPl+3GORORq9V14JcfHM
N+13G1v1NAh2CoKdOzKmJ0upwY3/NEdJbv9yKdbcyjcYv6j3ISsDre5rPYXGila5
6BOdWwhah4VrBEpFYF8KQT6H988CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR36TO3
Kk2DuP3C7hq3RebGPSINxjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWE1YTVhNWEtZmQ1OS00MDQ4LTg3NWMtZjBlNzRlYzBhMGYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hvg
MA0GCSqGSIb3DQEBCwUAA4IBAQCXqBHSpIjELOSiKuhwCKWrwMMa4vFrCyTkShqo
8Z3mDmIovT7J911LIOo0nhDOL0yTwlYqsY4Om0YlT2B7gFzyVEJMv0r6TopV93EE
VztdP73DeVpEIGnnFBkjRTMe39ruwau8FR9fQOjfOTWWM4bnbU1xxY3mD71iM4iQ
80UXDrUn+8ABjp65mXHkP7nvaVpcv0Lcq3KgRu+fxHZnGg6VHJlPU8jLKrNuWVdq
jJAP0SFusj+cK4KTMUCk0nqAcH/fdUB2pzJF/jupW8MbakXRHAEPeDu+UKNDpU3g
T99LzAQ6SEkBlATCUVbEHVgo2vv+Oed375HZVbvgiMgsRxkq
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:29 2025 by rpki-client