Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9fb96617-2d2f-468d-b766-35c52d9f2681.roa
File:                     9fb96617-2d2f-468d-b766-35c52d9f2681.roa (raw, json)
Hash identifier:          3P0Rwevbydcklo4O6tJj6B7M0r1RzI5f/wQKr+yYdJM=
Subject key identifier:   53:0F:31:C4:CD:2D:54:33:8D:54:BA:C6:13:5A:AE:8A:CE:BE:8C:9C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5FDD11C24BF5EE3019140426DF2F5B7B7B9BCE64
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9fb96617-2d2f-468d-b766-35c52d9f2681.roa
Signing time:             Fri 26 Sep 2025 19:50:05 +0000
ROA not before:           Fri 26 Sep 2025 19:50:05 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d015:800::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:dd:11:c2:4b:f5:ee:30:19:14:04:26:df:2f:5b:7b:7b:9b:ce:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:50:05 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=dafaeae967770848e72f8a399d079e1322890ea14adfcb6f76e0657b997b239e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:3d:f5:31:2e:e2:e8:38:f5:b3:6e:89:82:9e:
                    42:37:72:81:63:a2:70:6e:86:0c:43:d2:fb:ec:47:
                    b1:b5:62:cf:22:6e:e8:c8:66:4c:6e:e9:7d:96:55:
                    de:ef:c7:50:06:e0:5f:bc:92:50:d1:37:f4:f5:2b:
                    d4:e5:91:d1:36:82:45:2d:20:f5:14:65:2c:1f:87:
                    ae:3b:9d:93:84:ab:fc:b3:64:d1:37:5b:8a:e4:bd:
                    af:0e:6d:56:dd:19:51:08:55:06:24:ac:57:60:25:
                    8e:97:ba:5f:1f:7c:7c:58:6f:68:27:96:b6:e0:08:
                    9d:2e:f5:56:60:3e:50:2f:d3:bb:8c:81:d9:3a:b4:
                    4f:24:91:46:f1:f2:32:21:f8:79:ca:40:06:74:db:
                    22:19:98:14:66:9f:cb:6e:cf:9e:60:de:ab:50:a7:
                    60:b8:eb:e2:03:d0:bd:e0:47:17:dd:70:97:ac:48:
                    e5:87:5c:86:86:89:89:85:56:45:ae:93:7a:50:a9:
                    07:2d:dc:3c:9f:73:04:33:6b:de:33:ea:af:65:63:
                    44:30:55:bf:4b:5a:8a:34:d4:c6:d4:b8:e3:5c:3c:
                    ab:f9:8d:a5:3d:76:63:a0:b9:d3:8f:15:06:a8:38:
                    b8:80:e1:81:a7:d0:9f:bd:cf:47:3b:5c:a7:c6:34:
                    50:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:0F:31:C4:CD:2D:54:33:8D:54:BA:C6:13:5A:AE:8A:CE:BE:8C:9C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9fb96617-2d2f-468d-b766-35c52d9f2681.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d015:800::/38

    Signature Algorithm: sha256WithRSAEncryption
         8a:44:be:96:5c:97:f3:ed:ec:2c:0e:7f:82:c0:20:f1:80:a6:
         29:f5:8d:3d:2a:18:7d:35:5f:72:b0:be:a6:a9:2a:9f:97:45:
         0b:46:c1:19:93:36:f9:18:e6:89:26:53:e5:5f:33:5f:0d:e5:
         6e:09:a4:ee:fe:a8:70:9b:a4:73:b9:41:08:a7:27:1d:a1:01:
         f3:6c:15:47:01:97:55:3f:90:c9:7d:6d:80:b9:0e:88:86:97:
         17:f2:c3:b1:82:28:b3:d4:e8:fb:ff:9f:39:56:ee:cd:f7:83:
         fd:17:34:a4:78:01:33:5b:ce:45:e4:b7:4f:bd:cc:a5:8c:7a:
         0b:49:9c:17:a4:d1:ee:79:86:a9:88:e1:05:b0:c0:7a:3b:f2:
         5d:c9:85:ad:26:9f:c0:d5:73:2b:50:70:3d:f0:5e:bf:95:d7:
         6a:84:3f:a4:af:ec:46:3b:02:96:69:7b:3b:ed:54:55:9c:0e:
         d4:31:22:0d:c1:68:4c:49:aa:db:96:7c:9a:39:98:1d:c6:c1:
         8e:8b:6a:93:55:e3:f7:c4:76:35:3a:a2:62:61:96:3f:b0:5c:
         c2:8a:5f:d1:a1:98:b5:52:a1:cb:59:0e:5a:b5:fd:1e:50:f4:
         6d:8d:06:60:d6:20:7b:f5:2f:d6:13:05:1c:04:17:68:bf:02:
         ad:36:fe:b9
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUX90Rwkv17jAZFAQm3y9be3ubzmQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTUwMDVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGRhZmFlYWU5Njc3NzA4NDhlNzJmOGEzOTlkMDc5ZTEzMjI4OTBlYTE0YWRm
Y2I2Zjc2ZTA2NTdiOTk3YjIzOWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOU99TEu4ug49bNuiYKeQjdygWOicG6GDEPS++xHsbVizyJu6MhmTG7pfZZV
3u/HUAbgX7ySUNE39PUr1OWR0TaCRS0g9RRlLB+Hrjudk4Sr/LNk0TdbiuS9rw5t
Vt0ZUQhVBiSsV2Aljpe6Xx98fFhvaCeWtuAInS71VmA+UC/Tu4yB2Tq0TySRRvHy
MiH4ecpABnTbIhmYFGafy27PnmDeq1CnYLjr4gPQveBHF91wl6xI5YdchoaJiYVW
Ra6TelCpBy3cPJ9zBDNr3jPqr2VjRDBVv0taijTUxtS441w8q/mNpT12Y6C5048V
Bqg4uIDhgafQn73PRztcp8Y0UI0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRTDzHE
zS1UM41UusYTWq6Kzr6MnDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWZiOTY2MTctMmQyZi00NjhkLWI3NjYtMzVjNTJkOWYyNjgxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BUI
MA0GCSqGSIb3DQEBCwUAA4IBAQCKRL6WXJfz7ewsDn+CwCDxgKYp9Y09Khh9NV9y
sL6mqSqfl0ULRsEZkzb5GOaJJlPlXzNfDeVuCaTu/qhwm6RzuUEIpycdoQHzbBVH
AZdVP5DJfW2AuQ6IhpcX8sOxgiiz1Oj7/585Vu7N94P9FzSkeAEzW85F5LdPvcyl
jHoLSZwXpNHueYapiOEFsMB6O/JdyYWtJp/A1XMrUHA98F6/lddqhD+kr+xGOwKW
aXs77VRVnA7UMSINwWhMSarblnyaOZgdxsGOi2qTVeP3xHY1OqJiYZY/sFzCil/R
oZi1UqHLWQ5atf0eUPRtjQZg1iB79S/WEwUcBBdovwKtNv65
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:38 2025 by rpki-client