Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a72cbea9-100c-4974-8211-87debb0f6fbd.roa
File:                     a72cbea9-100c-4974-8211-87debb0f6fbd.roa (raw, json)
Hash identifier:          6/0Pb5CwxTfI3VpvAomQDHyApw/h0/ZHC4NBr3xDuw4=
Subject key identifier:   F6:D0:6F:30:31:DC:D3:0A:71:32:72:3E:6E:0C:CC:89:C4:86:FD:D7
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       726391EC0CA7C57FE48C08387AB0189F6334A250
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a72cbea9-100c-4974-8211-87debb0f6fbd.roa
Signing time:             Fri 26 Sep 2025 19:20:14 +0000
ROA not before:           Fri 26 Sep 2025 19:20:14 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d059:8000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:63:91:ec:0c:a7:c5:7f:e4:8c:08:38:7a:b0:18:9f:63:34:a2:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:20:14 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=47bba8d370bf84799ef97a0957ef0865c6137922421d0690db9e05c89e61b39c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:43:1a:04:9b:ab:2f:50:16:92:e0:13:09:32:
                    cb:b4:68:28:35:12:ee:9b:44:80:1e:42:5c:19:12:
                    79:03:f2:c3:08:79:f9:a9:4f:56:81:93:7d:1a:87:
                    42:5e:47:16:f5:34:a9:db:5e:24:46:08:89:14:90:
                    6b:c9:fe:4d:b2:42:74:77:a7:94:c9:cc:9b:64:bd:
                    33:b7:66:5b:72:62:cc:e2:f3:0f:20:56:84:93:24:
                    33:e4:34:08:85:4a:6b:18:99:95:1b:fd:bc:4e:17:
                    7a:5f:88:b3:10:03:6b:5d:60:f6:97:13:f4:d9:77:
                    a7:53:74:65:0b:7b:27:3a:dc:00:01:72:72:4e:fd:
                    67:1c:3c:57:1e:5f:d0:cb:e3:60:62:18:33:85:e5:
                    1a:eb:9d:46:b7:4d:23:04:5f:96:8b:7d:76:20:7a:
                    81:58:39:8d:a7:01:43:f1:88:b5:ce:87:67:5a:b5:
                    8d:75:4d:88:f0:71:70:f2:a7:8e:14:0e:a1:19:54:
                    18:9c:e7:64:80:4f:a2:55:d3:ef:97:4b:11:5a:ca:
                    a5:b4:f5:42:61:02:5a:92:99:86:b4:fc:b6:9a:02:
                    68:d4:4c:a7:e0:f5:a8:b3:a6:e1:3f:4f:d9:31:19:
                    7c:cc:41:9c:c2:1c:6c:8c:76:11:e7:62:f6:93:bc:
                    2d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:D0:6F:30:31:DC:D3:0A:71:32:72:3E:6E:0C:CC:89:C4:86:FD:D7
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a72cbea9-100c-4974-8211-87debb0f6fbd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d059:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         60:a5:d6:6e:1f:44:b2:34:b9:59:bf:93:bc:58:b5:a7:d1:41:
         59:5c:a1:ff:3a:7c:cc:c4:1a:b4:bd:1b:61:d4:5c:c0:c4:76:
         59:9d:04:b6:2e:f8:2e:62:d8:08:5b:b3:6e:0f:0e:7e:22:14:
         ec:23:1c:d5:9a:23:d3:29:e4:ac:e3:8b:38:36:f1:ed:1a:55:
         b4:dd:de:fd:1a:29:6a:b1:45:16:2e:02:39:a3:a6:2f:46:3f:
         ff:53:a6:c1:2b:1f:ed:c6:b9:0f:d7:45:e3:7c:ef:2a:91:d3:
         6a:50:f1:ad:00:e4:d7:31:d4:1c:aa:b2:73:e7:bd:fe:c8:fd:
         c3:8d:c9:31:75:65:33:de:12:78:2f:04:d7:50:8c:b0:9d:bb:
         c5:5e:01:68:36:a8:d7:31:4d:4e:32:b5:e0:5e:54:ac:d6:a6:
         98:fe:5e:37:c3:43:b9:bf:d6:71:4b:39:0c:9e:39:dd:10:ad:
         84:4c:41:58:52:72:8a:b1:6c:1c:c5:cf:0c:8b:92:40:d8:ef:
         ad:35:2e:89:62:d1:53:c2:3b:fc:90:89:44:d4:7b:26:5e:62:
         0d:9d:21:00:fc:70:d7:6d:07:0b:7e:63:5f:c4:c6:5a:18:68:
         56:0f:15:a4:b2:35:f4:e4:90:9b:53:e0:75:f6:59:c7:dc:e7:
         1a:d7:54:5f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUcmOR7AynxX/kjAg4erAYn2M0olAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTIwMTRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ3YmJhOGQzNzBiZjg0Nzk5ZWY5N2EwOTU3ZWYwODY1YzYxMzc5MjI0MjFk
MDY5MGRiOWUwNWM4OWU2MWIzOWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPZDGgSbqy9QFpLgEwkyy7RoKDUS7ptEgB5CXBkSeQPywwh5+alPVoGTfRqH
Ql5HFvU0qdteJEYIiRSQa8n+TbJCdHenlMnMm2S9M7dmW3JizOLzDyBWhJMkM+Q0
CIVKaxiZlRv9vE4Xel+IsxADa11g9pcT9Nl3p1N0ZQt7JzrcAAFyck79Zxw8Vx5f
0MvjYGIYM4XlGuudRrdNIwRflot9diB6gVg5jacBQ/GItc6HZ1q1jXVNiPBxcPKn
jhQOoRlUGJznZIBPolXT75dLEVrKpbT1QmECWpKZhrT8tpoCaNRMp+D1qLOm4T9P
2TEZfMxBnMIcbIx2Eedi9pO8LfkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT20G8w
MdzTCnEycj5uDMyJxIb91zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTcyY2JlYTktMTAwYy00OTc0LTgyMTEtODdkZWJiMGY2ZmJkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FmA
MA0GCSqGSIb3DQEBCwUAA4IBAQBgpdZuH0SyNLlZv5O8WLWn0UFZXKH/OnzMxBq0
vRth1FzAxHZZnQS2LvguYtgIW7NuDw5+IhTsIxzVmiPTKeSs44s4NvHtGlW03d79
GilqsUUWLgI5o6YvRj//U6bBKx/txrkP10XjfO8qkdNqUPGtAOTXMdQcqrJz573+
yP3DjckxdWUz3hJ4LwTXUIywnbvFXgFoNqjXMU1OMrXgXlSs1qaY/l43w0O5v9Zx
SzkMnjndEK2ETEFYUnKKsWwcxc8Mi5JA2O+tNS6JYtFTwjv8kIlE1HsmXmINnSEA
/HDXbQcLfmNfxMZaGGhWDxWksjX05JCbU+B19lnH3Oca11Rf
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:52 2025 by rpki-client