Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/aaddf2de-fa05-4c5d-8b77-58a3d312e2a6.roa
File:                     aaddf2de-fa05-4c5d-8b77-58a3d312e2a6.roa (raw, json)
Hash identifier:          MoavfZHz4qdUd3DuQsXau5Z/1IctVRfX4Cg8E2kEiis=
Subject key identifier:   BF:C9:DF:98:5A:3E:66:FB:83:DA:91:CA:E2:A1:E0:F9:C2:C9:04:A6
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       75AE3B63FD54A1CE90410CC5D04EE3A34B72BCC7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/aaddf2de-fa05-4c5d-8b77-58a3d312e2a6.roa
Signing time:             Fri 26 Sep 2025 18:41:40 +0000
ROA not before:           Fri 26 Sep 2025 18:41:40 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:a080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:ae:3b:63:fd:54:a1:ce:90:41:0c:c5:d0:4e:e3:a3:4b:72:bc:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:41:40 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=d402f326f762a590ed8c205f7393c1e58303afe132b97efb84e42bc37dc2f26c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:43:ea:8e:6d:35:8d:69:57:17:71:a4:fe:ca:
                    83:3b:7a:39:d0:7a:c8:b9:f2:11:41:8b:97:3c:da:
                    4d:bb:a1:65:01:01:26:fb:da:8f:67:53:2b:fe:ae:
                    54:7f:a1:8d:60:7a:d6:f5:9d:14:8e:1f:c0:74:25:
                    59:90:78:ad:0b:da:fc:d9:bb:d3:ed:d4:7a:40:6f:
                    e7:c7:54:1d:bb:e9:68:f5:d2:ae:23:a1:2f:16:fc:
                    ff:f2:8b:5e:f7:69:de:95:a8:ee:9c:88:1c:36:94:
                    81:30:d0:03:c1:58:7e:33:d9:8c:09:bc:0e:5d:42:
                    7c:37:00:e5:f8:8e:34:00:c0:05:9e:7c:22:20:bb:
                    35:fc:9d:b6:71:8d:92:8c:dd:02:4c:1d:8a:45:eb:
                    da:3d:30:82:29:86:c4:bb:3d:be:b9:20:11:57:9e:
                    e7:74:d1:50:a6:12:80:64:7d:01:bb:db:4a:2f:a9:
                    7c:83:0c:40:9f:c2:64:74:81:22:a4:27:b8:8a:2a:
                    8c:fa:ef:bd:29:1b:94:00:ac:c8:d8:53:c0:4b:91:
                    15:f2:78:ba:b8:a3:e1:11:42:90:eb:f0:fa:bb:68:
                    25:f1:c4:19:77:fc:cf:ac:0f:eb:96:3a:29:87:f9:
                    e9:be:d1:be:a2:16:83:a9:a4:4f:b1:69:24:af:6b:
                    b6:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:C9:DF:98:5A:3E:66:FB:83:DA:91:CA:E2:A1:E0:F9:C2:C9:04:A6
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/aaddf2de-fa05-4c5d-8b77-58a3d312e2a6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:a080::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:a5:d3:3b:aa:de:d7:40:1a:77:cd:0c:7e:e5:02:28:f1:44:
         b6:05:16:0c:09:50:7e:e0:11:32:cc:06:07:63:9c:3d:f8:df:
         a1:fc:2c:8f:f1:ad:43:03:54:3c:30:70:76:1f:d3:da:41:e7:
         a2:7f:ca:39:41:9b:a3:d2:65:f7:d2:a8:90:3f:b5:14:67:71:
         9d:61:20:59:1e:30:00:8d:b7:51:27:ef:f2:d2:97:f7:84:b3:
         fb:b0:af:a9:f6:45:16:e9:c0:f6:fb:e7:b1:e8:e7:24:5c:7f:
         d0:20:da:83:00:ed:ae:7b:fd:52:b7:b3:15:59:66:0f:78:35:
         e9:c4:0a:75:2e:4b:a2:5d:97:c9:a4:16:02:6d:d1:f2:49:76:
         1b:25:b4:7c:1f:f1:82:92:82:3e:89:ee:4c:13:24:ae:cb:26:
         0f:f9:9c:5e:2b:ab:70:d2:f8:3c:7e:56:b9:e2:59:34:73:f8:
         d8:86:94:8e:03:ba:e9:5c:de:98:3a:fa:4c:25:6b:23:45:e2:
         d5:02:7f:2c:03:65:60:b6:f1:77:aa:8d:69:70:e5:b7:2d:e7:
         d6:bb:e6:16:2e:24:1f:2f:00:bf:96:0c:bd:a2:f3:62:76:f5:
         79:cf:61:ff:2c:00:89:d0:01:54:7f:1c:20:fe:ec:8e:b8:47:
         46:fb:cf:d0
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUda47Y/1Uoc6QQQzF0E7jo0tyvMcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODQxNDBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ0MDJmMzI2Zjc2MmE1OTBlZDhjMjA1ZjczOTNjMWU1ODMwM2FmZTEzMmI5
N2VmYjg0ZTQyYmMzN2RjMmYyNmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL9D6o5tNY1pVxdxpP7Kgzt6OdB6yLnyEUGLlzzaTbuhZQEBJvvaj2dTK/6u
VH+hjWB61vWdFI4fwHQlWZB4rQva/Nm70+3UekBv58dUHbvpaPXSriOhLxb8//KL
Xvdp3pWo7pyIHDaUgTDQA8FYfjPZjAm8Dl1CfDcA5fiONADABZ58IiC7NfydtnGN
kozdAkwdikXr2j0wgimGxLs9vrkgEVee53TRUKYSgGR9AbvbSi+pfIMMQJ/CZHSB
IqQnuIoqjPrvvSkblACsyNhTwEuRFfJ4urij4RFCkOvw+rtoJfHEGXf8z6wP65Y6
KYf56b7RvqIWg6mkT7FpJK9rtiMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS/yd+Y
Wj5m+4PakcrioeD5wskEpjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWFkZGYyZGUtZmEwNS00YzVkLThiNzctNThhM2QzMTJlMmE2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACg
gDANBgkqhkiG9w0BAQsFAAOCAQEADKXTO6re10Aad80MfuUCKPFEtgUWDAlQfuAR
MswGB2OcPfjfofwsj/GtQwNUPDBwdh/T2kHnon/KOUGbo9Jl99KokD+1FGdxnWEg
WR4wAI23USfv8tKX94Sz+7CvqfZFFunA9vvnsejnJFx/0CDagwDtrnv9UrezFVlm
D3g16cQKdS5Lol2XyaQWAm3R8kl2GyW0fB/xgpKCPonuTBMkrssmD/mcXiurcNL4
PH5WueJZNHP42IaUjgO66VzemDr6TCVrI0Xi1QJ/LANlYLbxd6qNaXDlty3n1rvm
Fi4kHy8Av5YMvaLzYnb1ec9h/ywAidABVH8cIP7sjrhHRvvP0A==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:20 2025 by rpki-client