Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9ff479c7-35c9-43ea-ab99-712ce7537beb.roa
File:                     9ff479c7-35c9-43ea-ab99-712ce7537beb.roa (raw, json)
Hash identifier:          cUb+CnAg52QR56YtvMSniYsQxptE0zsA0hMSgA2BGv0=
Subject key identifier:   B7:25:BA:7A:3E:42:A4:37:49:6D:FF:95:6E:9E:9F:3B:61:15:32:C6
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5DE5ABB0FB7FFD50C067ED106BAE77D487519084
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9ff479c7-35c9-43ea-ab99-712ce7537beb.roa
Signing time:             Mon 13 Oct 2025 18:00:01 +0000
ROA not before:           Mon 13 Oct 2025 18:00:01 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2a05:d030:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:e5:ab:b0:fb:7f:fd:50:c0:67:ed:10:6b:ae:77:d4:87:51:90:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 18:00:01 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=d8efe2838d045bb9440605ed44bfbacce3c1eb7599babf14277599bb31b01c46, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:66:02:67:32:49:9b:48:2c:95:20:c6:3c:e3:
                    e5:99:a4:29:b0:db:ea:02:32:61:9a:9d:a6:b5:76:
                    ea:81:17:39:3e:f0:41:bf:12:56:bc:a0:62:d8:67:
                    9a:ee:90:54:9b:b8:0c:4c:b2:46:c9:40:e8:84:05:
                    ef:d9:30:61:75:1c:77:a9:1d:03:0b:e6:94:67:e4:
                    ac:8c:19:8a:a5:30:23:84:5d:b2:d6:e6:d5:39:cc:
                    58:5b:9b:06:7a:dc:56:9f:c0:5e:97:81:2c:9c:4e:
                    f5:e8:cd:75:69:a9:96:2d:87:90:a5:dd:df:36:9a:
                    38:32:86:ed:e3:4c:af:1a:4a:d8:cc:4c:57:e5:ab:
                    67:b7:9b:0f:97:4f:87:bc:31:43:44:44:36:83:ed:
                    93:3b:25:6f:39:a6:2c:be:86:a2:ff:bf:8d:12:b2:
                    76:5f:fd:8f:6c:de:7d:54:8e:54:34:2f:b2:41:ca:
                    41:56:fc:c9:4a:8c:a3:85:a9:0d:32:df:e1:60:c7:
                    60:0b:cd:d2:00:90:27:13:3e:f7:5b:80:c3:6b:b3:
                    f3:fe:09:81:ae:a3:07:22:90:1f:9c:c1:16:a3:a5:
                    af:c7:23:60:b6:f8:44:24:06:9a:e7:a2:ed:6a:50:
                    41:f3:5a:b3:40:09:d3:9d:ed:ec:5b:5f:4f:d9:b0:
                    85:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:25:BA:7A:3E:42:A4:37:49:6D:FF:95:6E:9E:9F:3B:61:15:32:C6
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9ff479c7-35c9-43ea-ab99-712ce7537beb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d030:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7c:8c:5e:e8:b6:af:18:20:ac:fa:21:26:48:eb:4b:6b:2c:72:
         bc:04:14:bd:89:31:87:fd:d6:03:01:e6:88:ec:6f:ad:98:b8:
         b8:4c:c8:f0:2a:ca:e7:d2:4b:95:c1:d5:33:e4:b8:70:00:82:
         74:66:00:3c:ff:d4:3e:6d:b9:14:f1:03:73:1b:5c:a6:a9:85:
         57:f6:d1:1e:9c:07:9c:4d:7e:f9:21:15:04:bd:26:b8:fa:58:
         91:c3:ff:dc:0e:83:db:ff:76:7c:9f:ed:35:7e:fd:3c:aa:a6:
         87:5d:a7:ef:3f:bd:2f:4a:cf:d2:fb:68:4e:7c:3d:f2:e0:c9:
         eb:e3:66:2d:99:8d:0a:aa:73:65:9f:8d:d2:c2:ec:e9:dd:b7:
         ac:1a:49:2a:48:8a:79:ad:f8:3b:9d:c0:c1:81:c3:20:c7:80:
         bc:d4:2e:cc:4c:d0:dc:8b:d3:e3:2c:92:07:40:18:6f:ca:bb:
         bf:cf:27:fc:de:4c:f0:1d:26:04:42:db:f7:69:39:0d:90:5b:
         7e:10:09:b2:0b:90:6b:8d:e5:b7:02:94:c8:ca:2a:49:fc:3a:
         cc:f6:eb:fe:88:7a:80:83:09:64:53:2d:31:42:ae:7f:9a:86:
         96:88:a6:a8:3d:77:25:9f:a4:7b:4b:84:cf:4a:cf:22:4c:d8:
         29:c4:50:29
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXeWrsPt//VDAZ+0Qa6531IdRkIQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxODAwMDFaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ4ZWZlMjgzOGQwNDViYjk0NDA2MDVlZDQ0YmZiYWNjZTNjMWViNzU5OWJh
YmYxNDI3NzU5OWJiMzFiMDFjNDYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPBmAmcySZtILJUgxjzj5ZmkKbDb6gIyYZqdprV26oEXOT7wQb8SVrygYthn
mu6QVJu4DEyyRslA6IQF79kwYXUcd6kdAwvmlGfkrIwZiqUwI4Rdstbm1TnMWFub
BnrcVp/AXpeBLJxO9ejNdWmpli2HkKXd3zaaODKG7eNMrxpK2MxMV+WrZ7ebD5dP
h7wxQ0RENoPtkzslbzmmLL6Gov+/jRKydl/9j2zefVSOVDQvskHKQVb8yUqMo4Wp
DTLf4WDHYAvN0gCQJxM+91uAw2uz8/4Jga6jByKQH5zBFqOlr8cjYLb4RCQGmuei
7WpQQfNas0AJ053t7FtfT9mwheUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS3Jbp6
PkKkN0lt/5Vunp87YRUyxjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWZmNDc5YzctMzVjOS00M2VhLWFiOTktNzEyY2U3NTM3YmViLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DAg
MA0GCSqGSIb3DQEBCwUAA4IBAQB8jF7otq8YIKz6ISZI60trLHK8BBS9iTGH/dYD
AeaI7G+tmLi4TMjwKsrn0kuVwdUz5LhwAIJ0ZgA8/9Q+bbkU8QNzG1ymqYVX9tEe
nAecTX75IRUEvSa4+liRw//cDoPb/3Z8n+01fv08qqaHXafvP70vSs/S+2hOfD3y
4Mnr42YtmY0KqnNln43Swuzp3besGkkqSIp5rfg7ncDBgcMgx4C81C7MTNDci9Pj
LJIHQBhvyru/zyf83kzwHSYEQtv3aTkNkFt+EAmyC5BrjeW3ApTIyipJ/DrM9uv+
iHqAgwlkUy0xQq5/moaWiKaoPXcln6R7S4TPSs8iTNgpxFAp
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:09 2025 by rpki-client