Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a1796bea-01c9-41b7-b13d-6932c4f36a42.roa
File:                     a1796bea-01c9-41b7-b13d-6932c4f36a42.roa (raw, json)
Hash identifier:          xgsJCM6StlJFIbDYLRfWqEtpOcJ4BKyjTUN0YKQH1xI=
Subject key identifier:   06:9E:AC:8A:3D:24:08:29:2D:56:3D:05:E8:42:F5:EB:73:BD:B6:C6
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4513A6891EA4D1F1A21C7EEA4CFD9C3F7004BE67
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a1796bea-01c9-41b7-b13d-6932c4f36a42.roa
Signing time:             Fri 26 Sep 2025 18:51:02 +0000
ROA not before:           Fri 26 Sep 2025 18:51:02 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:a000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:13:a6:89:1e:a4:d1:f1:a2:1c:7e:ea:4c:fd:9c:3f:70:04:be:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:51:02 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=c7fbb4ee054c50b942e2a5f9f363f11f2ec94bc6371a0a0882d6a0fc7b9a988e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:cd:3d:d7:c3:7d:92:1d:60:f8:d9:34:06:a7:
                    16:c8:7f:76:8f:27:c8:2f:c3:47:0a:14:56:ea:b6:
                    53:b7:d3:ef:90:41:62:01:c2:f8:6d:38:57:2e:20:
                    63:eb:1a:5f:08:09:24:31:64:5d:b2:b5:9d:34:3b:
                    76:21:f3:3a:70:3f:e0:69:41:df:ff:b6:8d:68:db:
                    3a:7d:f6:9c:1e:50:66:3f:85:2a:57:3e:24:23:03:
                    37:cd:f2:62:8f:cd:48:2e:df:10:32:52:bd:b0:e1:
                    7a:be:f5:aa:df:90:a6:7b:26:70:f0:50:17:71:80:
                    86:e3:b9:c3:9c:12:89:40:53:ae:9a:37:72:19:02:
                    8e:5c:22:5e:85:88:ab:da:95:f7:be:9c:e2:a9:77:
                    e4:d7:52:f8:7e:62:d7:d3:1b:27:23:fb:71:9f:56:
                    c0:dd:10:09:b6:51:70:1d:c5:0f:e6:6d:c0:d9:74:
                    d8:9f:52:58:56:a1:e6:a7:bc:c7:61:f5:4f:0a:53:
                    2b:39:f7:e2:ea:eb:02:97:b1:16:8d:94:a3:f5:e2:
                    d4:85:ef:e1:96:56:b6:5a:30:63:2b:26:25:b4:7c:
                    ed:1c:7c:ea:cd:61:9d:1f:5a:66:6c:08:dc:82:8f:
                    09:72:f7:ee:f9:05:13:00:1f:9e:3b:3d:c6:5e:41:
                    98:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:9E:AC:8A:3D:24:08:29:2D:56:3D:05:E8:42:F5:EB:73:BD:B6:C6
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a1796bea-01c9-41b7-b13d-6932c4f36a42.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         63:ef:c0:c2:38:97:19:92:8c:cc:9e:1b:b4:74:9f:4f:18:ac:
         3b:4a:54:0e:07:07:5e:97:53:aa:14:98:00:0c:bf:58:68:89:
         ed:42:ed:a5:14:bc:d3:d4:cf:4f:e0:cd:2d:5c:a1:93:d3:cb:
         1c:73:36:35:d5:7c:cb:1a:e3:52:3f:66:99:14:e8:33:59:81:
         24:ee:d6:e0:de:83:f1:cb:68:6e:c0:88:05:6e:65:31:d7:01:
         2e:15:24:a0:26:97:47:0f:37:25:5b:1d:80:e4:99:2e:51:f9:
         67:03:73:f8:a9:84:68:11:81:56:76:3e:52:51:4a:a8:af:5e:
         44:59:6d:8e:6f:6d:28:5b:34:15:7b:15:1b:4d:0a:4d:de:d7:
         05:d4:0d:7a:86:c8:7a:01:09:c5:5b:dd:68:2b:d3:06:d2:e8:
         a2:63:c6:0b:4d:fa:6e:43:a2:67:51:a5:be:e0:fc:b9:b2:40:
         11:01:d6:da:a4:70:db:03:ba:60:d6:a2:4c:2d:ff:c2:f2:40:
         c9:6f:75:fa:2f:3c:29:db:95:5c:bf:d7:a6:61:ca:04:35:a0:
         db:4c:7d:8e:7b:ae:37:e9:19:50:73:25:f5:99:4b:90:09:9f:
         34:f7:bb:48:cc:da:b6:79:a7:74:84:14:2f:f8:fd:1b:a9:01:
         8b:2a:7b:9b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIURROmiR6k0fGiHH7qTP2cP3AEvmcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODUxMDJaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGM3ZmJiNGVlMDU0YzUwYjk0MmUyYTVmOWYzNjNmMTFmMmVjOTRiYzYzNzFh
MGEwODgyZDZhMGZjN2I5YTk4OGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMXNPdfDfZIdYPjZNAanFsh/do8nyC/DRwoUVuq2U7fT75BBYgHC+G04Vy4g
Y+saXwgJJDFkXbK1nTQ7diHzOnA/4GlB3/+2jWjbOn32nB5QZj+FKlc+JCMDN83y
Yo/NSC7fEDJSvbDher71qt+QpnsmcPBQF3GAhuO5w5wSiUBTrpo3chkCjlwiXoWI
q9qV976c4ql35NdS+H5i19MbJyP7cZ9WwN0QCbZRcB3FD+ZtwNl02J9SWFah5qe8
x2H1TwpTKzn34urrApexFo2Uo/Xi1IXv4ZZWtlowYysmJbR87Rx86s1hnR9aZmwI
3IKPCXL37vkFEwAfnjs9xl5BmH8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQGnqyK
PSQIKS1WPQXoQvXrc722xjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTE3OTZiZWEtMDFjOS00MWI3LWIxM2QtNjkzMmM0ZjM2YTQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DGg
MA0GCSqGSIb3DQEBCwUAA4IBAQBj78DCOJcZkozMnhu0dJ9PGKw7SlQOBwdel1Oq
FJgADL9YaIntQu2lFLzT1M9P4M0tXKGT08scczY11XzLGuNSP2aZFOgzWYEk7tbg
3oPxy2huwIgFbmUx1wEuFSSgJpdHDzclWx2A5JkuUflnA3P4qYRoEYFWdj5SUUqo
r15EWW2Ob20oWzQVexUbTQpN3tcF1A16hsh6AQnFW91oK9MG0uiiY8YLTfpuQ6Jn
UaW+4Py5skARAdbapHDbA7pg1qJMLf/C8kDJb3X6Lzwp25Vcv9emYcoENaDbTH2O
e6436RlQcyX1mUuQCZ8097tIzNq2ead0hBQv+P0bqQGLKnub
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:17 2025 by rpki-client