Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a5fec2d-2c40-4068-9bcf-c47d7601d087.roa
File:                     9a5fec2d-2c40-4068-9bcf-c47d7601d087.roa (raw, json)
Hash identifier:          dfSLGD+FdkjNycxpKfxmAlzmoj8NEHuNp6/s5p7CckM=
Subject key identifier:   41:F4:BA:40:11:19:70:18:DA:41:CD:C0:30:75:61:91:8B:17:A4:56
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0EEC5A3954985EF721BAB059AF0656F51C558F83
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a5fec2d-2c40-4068-9bcf-c47d7601d087.roa
Signing time:             Mon 06 Oct 2025 18:00:04 +0000
ROA not before:           Mon 06 Oct 2025 18:00:04 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d073:90c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:ec:5a:39:54:98:5e:f7:21:ba:b0:59:af:06:56:f5:1c:55:8f:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct  6 18:00:04 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=1ad714ed9e8d6333dd65fd62956bcd73c62d3fad455b1eb1b7226a15f85a2f23, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:07:de:22:e1:60:6c:3a:97:8d:2e:48:2a:34:
                    bf:2f:55:ad:4b:34:81:bf:3c:b3:7a:82:65:8b:ee:
                    3a:76:b1:a1:f2:47:0c:ff:48:96:cf:c6:cd:f4:83:
                    96:90:ed:44:ac:6c:f3:25:8a:e4:a4:cc:5b:8e:77:
                    27:fe:d3:5e:b1:8e:7d:53:30:42:f0:e6:57:64:f0:
                    0a:94:8f:ce:f3:6c:9a:9a:df:71:fa:66:c0:c8:ee:
                    33:1a:85:3d:4f:08:68:32:62:7c:83:6f:a6:cf:f4:
                    8f:69:59:9d:f6:1b:d1:b8:54:fc:82:29:93:40:53:
                    b4:33:4e:71:c4:1a:12:41:5b:ab:72:f8:ba:6f:fb:
                    52:e6:7a:b5:4f:84:eb:72:60:f5:52:24:6a:28:97:
                    92:8e:3a:cc:27:7c:26:97:32:93:b5:84:01:99:6b:
                    fe:99:e8:fa:b0:3e:70:71:d6:59:bc:f5:a2:2e:1f:
                    2f:24:f8:53:ca:7c:fb:b2:aa:9a:8b:5d:44:1a:9d:
                    3b:ca:4a:57:e9:51:8f:26:2c:28:2b:17:2c:46:b4:
                    dc:da:80:41:84:f7:58:4a:98:28:6f:fd:62:c3:45:
                    71:9a:31:fa:6d:2d:a6:be:66:2f:7f:e5:4a:66:6b:
                    46:00:f2:ef:66:ac:ad:e9:14:b6:ce:28:f2:f1:78:
                    f5:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F4:BA:40:11:19:70:18:DA:41:CD:C0:30:75:61:91:8B:17:A4:56
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a5fec2d-2c40-4068-9bcf-c47d7601d087.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d073:90c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         71:65:70:e5:b3:b2:e5:1e:95:ea:89:13:01:6e:c6:47:63:a9:
         d9:d1:64:34:bf:f2:81:21:1a:e4:16:0b:56:d8:ab:e8:aa:89:
         bc:da:d3:3a:6c:69:bc:a7:f3:c7:48:98:9b:e1:59:54:70:03:
         26:14:77:6f:d7:85:0f:68:2f:52:df:84:d4:c8:5b:b4:eb:d8:
         96:b3:50:7b:db:de:6b:df:3a:98:79:d5:52:f8:c3:9e:c3:75:
         c9:c0:9b:c4:37:86:1e:e1:ae:8b:21:9c:23:38:8d:9f:42:c3:
         67:53:42:ac:5d:5a:21:98:09:4b:ac:b8:14:34:2a:80:92:c8:
         7a:f3:c3:cc:02:61:9f:e4:83:1f:f9:9f:e9:88:b2:f1:84:a0:
         27:17:fc:9e:cd:a2:11:a2:43:7b:99:d2:e7:1d:5a:de:78:62:
         04:69:1a:7b:b0:ce:9f:56:b1:4a:8a:b9:53:fa:24:04:30:8a:
         e0:cc:f8:4a:62:97:86:4e:61:7c:2f:fd:df:0e:26:27:09:f3:
         6e:4a:17:9d:67:f5:a0:55:68:2e:e6:60:86:00:60:57:c3:34:
         fd:e2:d0:a7:4a:ab:dd:dc:7d:45:16:f5:be:1a:ed:a0:ba:08:
         88:b6:48:ed:08:c6:c7:55:50:61:a1:78:4e:fc:fb:bb:fa:d0:
         b1:18:f8:5b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUDuxaOVSYXvchurBZrwZW9RxVj4MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODAwMDRaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDFhZDcxNGVkOWU4ZDYzMzNkZDY1ZmQ2Mjk1NmJjZDczYzYyZDNmYWQ0NTVi
MWViMWI3MjI2YTE1Zjg1YTJmMjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALkH3iLhYGw6l40uSCo0vy9VrUs0gb88s3qCZYvuOnaxofJHDP9Ils/GzfSD
lpDtRKxs8yWK5KTMW453J/7TXrGOfVMwQvDmV2TwCpSPzvNsmprfcfpmwMjuMxqF
PU8IaDJifINvps/0j2lZnfYb0bhU/IIpk0BTtDNOccQaEkFbq3L4um/7UuZ6tU+E
63Jg9VIkaiiXko46zCd8Jpcyk7WEAZlr/pno+rA+cHHWWbz1oi4fLyT4U8p8+7Kq
motdRBqdO8pKV+lRjyYsKCsXLEa03NqAQYT3WEqYKG/9YsNFcZox+m0tpr5mL3/l
SmZrRgDy72asrekUts4o8vF49ScCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRB9LpA
ERlwGNpBzcAwdWGRixekVjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWE1ZmVjMmQtMmM0MC00MDY4LTliY2YtYzQ3ZDc2MDFkMDg3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HOQ
wDANBgkqhkiG9w0BAQsFAAOCAQEAcWVw5bOy5R6V6okTAW7GR2Op2dFkNL/ygSEa
5BYLVtir6KqJvNrTOmxpvKfzx0iYm+FZVHADJhR3b9eFD2gvUt+E1MhbtOvYlrNQ
e9vea986mHnVUvjDnsN1ycCbxDeGHuGuiyGcIziNn0LDZ1NCrF1aIZgJS6y4FDQq
gJLIevPDzAJhn+SDH/mf6Yiy8YSgJxf8ns2iEaJDe5nS5x1a3nhiBGkae7DOn1ax
Soq5U/okBDCK4Mz4SmKXhk5hfC/93w4mJwnzbkoXnWf1oFVoLuZghgBgV8M0/eLQ
p0qr3dx9RRb1vhrtoLoIiLZI7QjGx1VQYaF4Tvz7u/rQsRj4Ww==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:03 2025 by rpki-client