Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab232b86-9bd6-409c-8de5-92bfff2a8b5a.roa
File:                     ab232b86-9bd6-409c-8de5-92bfff2a8b5a.roa (raw, json)
Hash identifier:          3Px7ubog3/0mDkt27am72eygXHZ+Yqf79QVnZNk+fy8=
Subject key identifier:   DB:A5:7D:D1:06:FB:E3:99:88:B2:F2:D7:AB:1C:70:8A:AE:5E:25:F5
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       62855AD82C96A86719A4F84BC7BCF9C491FD5FB2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab232b86-9bd6-409c-8de5-92bfff2a8b5a.roa
Signing time:             Fri 26 Sep 2025 18:51:33 +0000
ROA not before:           Fri 26 Sep 2025 18:51:33 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:e0c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:85:5a:d8:2c:96:a8:67:19:a4:f8:4b:c7:bc:f9:c4:91:fd:5f:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:51:33 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=43af4dbd07b64ecfa5d64995af162c6d7b42f1f5fdf6fafde4f55778e06ce3f6, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:af:3e:46:41:ba:5d:e2:cf:77:56:77:da:31:
                    fd:bf:38:0c:d1:85:a2:69:27:f1:f6:50:bc:27:24:
                    26:00:b2:20:35:80:34:65:45:3e:7a:f1:ed:cf:9d:
                    8c:4e:08:a5:a9:3c:aa:a4:40:6f:ce:dc:e8:c0:77:
                    c3:e6:dc:17:7a:d2:a1:4b:1e:40:75:0c:45:76:40:
                    69:72:ed:ff:24:bd:7d:6f:0c:f9:56:f5:21:55:01:
                    0b:7c:d1:ff:b5:05:53:3c:39:35:7c:02:f0:74:04:
                    ca:8c:f6:e7:85:ab:f6:82:df:50:32:44:25:a9:ee:
                    95:5f:01:b5:4d:31:bd:bc:50:59:61:e1:60:39:cb:
                    1f:78:6e:f6:cb:5f:6d:0c:81:20:c2:4c:80:2e:5a:
                    af:5b:2f:7d:19:df:a0:bf:9c:52:f2:13:7a:3f:9f:
                    f8:00:08:a0:87:7a:87:b3:ae:0d:a4:cb:8e:21:4c:
                    65:1f:63:97:6e:8b:72:1a:df:aa:b7:d3:45:19:ea:
                    a5:c5:5c:a4:50:77:3d:3d:39:20:07:e0:1f:e2:69:
                    2d:c0:67:be:de:8b:81:b1:88:04:f8:88:8f:d1:d4:
                    69:e8:07:8b:1e:93:66:31:42:a3:1c:a4:01:e0:d8:
                    a6:3c:b9:6d:ea:dd:da:7a:be:cc:fb:42:8a:72:3d:
                    ea:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:A5:7D:D1:06:FB:E3:99:88:B2:F2:D7:AB:1C:70:8A:AE:5E:25:F5
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab232b86-9bd6-409c-8de5-92bfff2a8b5a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:e0c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:cc:24:4a:14:ab:68:dd:a8:3e:48:e4:33:bf:c6:56:ad:e3:
         5f:28:c2:92:eb:a5:2f:dc:0a:fe:c0:a2:ef:00:f1:bd:8a:c2:
         21:67:42:f6:d0:ff:2d:5a:fc:bb:6e:53:62:8f:4b:5d:1a:39:
         ae:47:71:1b:99:ca:98:54:05:97:6b:82:28:00:bb:b8:ab:09:
         47:09:1a:c7:fa:69:1e:00:62:e0:c5:97:51:71:f3:83:fa:d4:
         81:97:d0:b4:33:dd:8d:d4:2d:ea:bb:0f:e4:f0:cf:a0:5f:83:
         b3:09:e4:fe:2f:93:95:22:c4:23:16:5a:0b:6a:26:99:01:d3:
         8d:b8:c0:7b:83:25:a9:f8:75:66:3a:50:d3:77:c0:0b:5a:ad:
         6f:46:58:f7:89:9c:50:5c:48:90:3d:c0:c6:99:66:f7:f3:92:
         89:dc:74:e1:4b:0f:57:ff:b8:a5:8d:c8:28:3e:4e:99:2b:56:
         75:ce:3b:cd:99:a0:f6:1c:5e:0d:13:d0:77:67:ed:8c:d8:f7:
         23:59:f2:dd:2b:9b:25:63:da:f9:3c:a1:76:71:92:c4:61:8a:
         28:57:7b:83:c6:31:fb:dd:43:f9:63:a4:57:02:c1:19:4a:c8:
         d4:d5:c8:d4:6b:03:8a:72:72:e3:32:10:e5:ca:6c:ef:39:ef:
         33:f0:37:e4
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUYoVa2CyWqGcZpPhLx7z5xJH9X7IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODUxMzNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQzYWY0ZGJkMDdiNjRlY2ZhNWQ2NDk5NWFmMTYyYzZkN2I0MmYxZjVmZGY2
ZmFmZGU0ZjU1Nzc4ZTA2Y2UzZjYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMSvPkZBul3iz3dWd9ox/b84DNGFomkn8fZQvCckJgCyIDWANGVFPnrx7c+d
jE4Ipak8qqRAb87c6MB3w+bcF3rSoUseQHUMRXZAaXLt/yS9fW8M+Vb1IVUBC3zR
/7UFUzw5NXwC8HQEyoz254Wr9oLfUDJEJanulV8BtU0xvbxQWWHhYDnLH3hu9stf
bQyBIMJMgC5ar1svfRnfoL+cUvITej+f+AAIoId6h7OuDaTLjiFMZR9jl26Lchrf
qrfTRRnqpcVcpFB3PT05IAfgH+JpLcBnvt6LgbGIBPiIj9HUaegHix6TZjFCoxyk
AeDYpjy5berd2nq+zPtCinI96scCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTbpX3R
BvvjmYiy8terHHCKrl4l9TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWIyMzJiODYtOWJkNi00MDljLThkZTUtOTJiZmZmMmE4YjVhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H/g
wDANBgkqhkiG9w0BAQsFAAOCAQEAFcwkShSraN2oPkjkM7/GVq3jXyjCkuulL9wK
/sCi7wDxvYrCIWdC9tD/LVr8u25TYo9LXRo5rkdxG5nKmFQFl2uCKAC7uKsJRwka
x/ppHgBi4MWXUXHzg/rUgZfQtDPdjdQt6rsP5PDPoF+Dswnk/i+TlSLEIxZaC2om
mQHTjbjAe4Mlqfh1ZjpQ03fAC1qtb0ZY94mcUFxIkD3Axplm9/OSidx04UsPV/+4
pY3IKD5OmStWdc47zZmg9hxeDRPQd2ftjNj3I1ny3SubJWPa+TyhdnGSxGGKKFd7
g8Yx+91D+WOkVwLBGUrI1NXI1GsDinJy4zIQ5cps7znvM/A35A==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:11 2025 by rpki-client