Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a507fd37-f907-46ea-8c80-857b97a67610.roa
File:                     a507fd37-f907-46ea-8c80-857b97a67610.roa (raw, json)
Hash identifier:          6XbOSodZNhk6yy+JRedUU9E2ExRgJsOL7Ek4/XKLet0=
Subject key identifier:   05:8F:B0:E2:5A:C6:C2:68:BA:DC:C4:16:80:68:D7:A0:D4:F4:47:87
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       594BD2E3A9259E7AAD35112048F5553F65C85EDA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a507fd37-f907-46ea-8c80-857b97a67610.roa
Signing time:             Fri 26 Sep 2025 19:11:05 +0000
ROA not before:           Fri 26 Sep 2025 19:11:05 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:e000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:4b:d2:e3:a9:25:9e:7a:ad:35:11:20:48:f5:55:3f:65:c8:5e:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:11:05 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=39a20a334f3860aa73e4743b1adfb259a11a052012b2f3300553cf90b3765ca4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:3d:14:be:67:43:94:22:0d:d6:8b:e0:dc:cf:
                    ed:ca:05:6d:af:56:37:75:0c:c6:81:1f:f6:81:90:
                    97:08:b6:c8:8e:3d:ae:06:33:59:8d:c2:a2:2f:7c:
                    5e:d7:1a:a5:45:62:4f:82:3e:38:d7:5b:e0:52:c4:
                    d1:a9:03:8d:7b:26:76:20:7a:3a:bd:fa:9e:1b:96:
                    3b:19:70:fd:9f:36:a0:56:a5:9d:8b:27:95:22:b6:
                    39:3b:55:ab:a1:16:32:c4:5b:05:7c:a1:0e:5c:cd:
                    0f:ed:3e:2a:af:26:b1:79:80:57:04:72:6d:7b:90:
                    d4:ff:cf:f1:ca:fb:af:fa:12:d6:9d:d6:c3:2f:f8:
                    37:d9:8f:ff:6f:0c:86:98:37:97:bc:71:17:b6:52:
                    86:f7:3f:4a:b2:c3:72:64:44:49:82:7f:a4:91:a5:
                    c4:40:1c:d8:94:b2:37:1f:ba:76:de:11:13:eb:d3:
                    23:16:4e:c2:87:52:06:46:df:e5:3a:a1:e7:63:74:
                    45:09:e0:50:07:1d:a3:5b:67:c1:2d:73:0e:8b:19:
                    ce:c5:3a:af:7e:fc:b2:d2:d6:5e:1c:09:ca:74:2f:
                    5a:9c:f2:48:1b:00:ee:b1:40:48:11:bf:02:b6:93:
                    48:f0:ef:71:3b:04:43:4d:6c:f3:3f:4c:15:99:4f:
                    5f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:8F:B0:E2:5A:C6:C2:68:BA:DC:C4:16:80:68:D7:A0:D4:F4:47:87
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a507fd37-f907-46ea-8c80-857b97a67610.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         3f:5d:db:53:e1:e7:cb:f5:77:2f:39:89:94:26:43:71:b7:eb:
         83:5c:2d:e6:8e:b8:b3:f5:2b:fd:4e:2c:ef:6f:a5:b8:c6:a5:
         de:50:e2:54:09:dd:7c:3e:2f:0b:90:cf:bc:a2:5a:6f:3e:ef:
         11:93:52:4a:4d:56:c8:ce:8c:aa:3b:8a:e1:54:32:6f:1b:84:
         6f:a5:21:ad:42:df:39:b0:a1:b4:f4:0e:04:f8:64:21:71:09:
         0c:2d:42:d2:54:06:63:8f:da:c7:07:89:26:55:a7:92:91:76:
         61:82:4c:6b:06:8e:2c:3b:b7:00:9d:3c:8e:51:67:da:90:95:
         11:e7:2a:30:9e:11:e0:5c:14:ba:6f:86:60:52:e2:a9:bc:7b:
         4c:d4:f8:04:7c:eb:f1:14:92:a9:e4:6d:a6:c9:08:f6:20:86:
         07:e9:8d:5a:6d:92:1a:cd:af:e2:90:a1:4f:45:60:cd:06:fe:
         0f:f2:56:ea:82:5c:5d:a4:76:7f:28:d3:65:92:ac:8c:5c:98:
         ce:a7:ac:0e:eb:37:88:60:11:38:e8:f9:9a:58:c2:03:00:09:
         d0:c8:62:0f:06:fd:5b:a4:80:ec:fd:64:bb:7b:fe:f6:af:3a:
         23:79:49:af:6e:c3:cc:59:d7:23:44:78:e2:a2:ea:6f:11:f4:
         36:8c:46:49
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUWUvS46klnnqtNREgSPVVP2XIXtowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTExMDVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDM5YTIwYTMzNGYzODYwYWE3M2U0NzQzYjFhZGZiMjU5YTExYTA1MjAxMmIy
ZjMzMDA1NTNjZjkwYjM3NjVjYTQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALg9FL5nQ5QiDdaL4NzP7coFba9WN3UMxoEf9oGQlwi2yI49rgYzWY3Coi98
XtcapUViT4I+ONdb4FLE0akDjXsmdiB6Or36nhuWOxlw/Z82oFalnYsnlSK2OTtV
q6EWMsRbBXyhDlzND+0+Kq8msXmAVwRybXuQ1P/P8cr7r/oS1p3Wwy/4N9mP/28M
hpg3l7xxF7ZShvc/SrLDcmRESYJ/pJGlxEAc2JSyNx+6dt4RE+vTIxZOwodSBkbf
5Tqh52N0RQngUAcdo1tnwS1zDosZzsU6r378stLWXhwJynQvWpzySBsA7rFASBG/
AraTSPDvcTsEQ01s8z9MFZlPXzUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQFj7Di
WsbCaLrcxBaAaNeg1PRHhzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTUwN2ZkMzctZjkwNy00NmVhLThjODAtODU3Yjk3YTY3NjEwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HLg
MA0GCSqGSIb3DQEBCwUAA4IBAQA/XdtT4efL9XcvOYmUJkNxt+uDXC3mjriz9Sv9
Tizvb6W4xqXeUOJUCd18Pi8LkM+8olpvPu8Rk1JKTVbIzoyqO4rhVDJvG4RvpSGt
Qt85sKG09A4E+GQhcQkMLULSVAZjj9rHB4kmVaeSkXZhgkxrBo4sO7cAnTyOUWfa
kJUR5yownhHgXBS6b4ZgUuKpvHtM1PgEfOvxFJKp5G2myQj2IIYH6Y1abZIaza/i
kKFPRWDNBv4P8lbqglxdpHZ/KNNlkqyMXJjOp6wO6zeIYBE46PmaWMIDAAnQyGIP
Bv1bpIDs/WS7e/72rzojeUmvbsPMWdcjRHjioupvEfQ2jEZJ
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:23 2025 by rpki-client