Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad017d4e-10ed-4706-a728-1b3d3feae80f.roa
File:                     ad017d4e-10ed-4706-a728-1b3d3feae80f.roa (raw, json)
Hash identifier:          HxaDplcGYviI2Tb+gh7xfq0GKxSEST13l+nLo2FgFLU=
Subject key identifier:   1B:8C:5E:DF:8E:9B:A7:17:97:9B:C1:5F:46:E9:AC:EA:DA:DF:A6:01
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4059B8888955D3C7AAC074A58D7F23171795E77C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad017d4e-10ed-4706-a728-1b3d3feae80f.roa
Signing time:             Fri 26 Sep 2025 19:21:02 +0000
ROA not before:           Fri 26 Sep 2025 19:21:02 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d06f:4000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:59:b8:88:89:55:d3:c7:aa:c0:74:a5:8d:7f:23:17:17:95:e7:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:21:02 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=eb8986e11332cb3183aedfc25aa3490acf9a2547f3aa381018b84b2e350e9ad1, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:5a:98:e4:b2:77:ef:ac:c8:e2:20:51:2a:4d:
                    23:b5:02:19:49:d6:9f:cc:dd:fb:f0:53:0d:64:c1:
                    a2:f3:63:f8:23:c9:49:62:cf:b4:0a:f0:2a:d3:93:
                    ab:88:cb:42:e6:ca:d2:4a:16:f1:c9:3c:42:cb:16:
                    03:98:e2:5c:17:87:b5:23:3e:53:7e:9e:e2:c0:18:
                    d5:f3:95:9d:ba:9a:b9:cf:29:e7:91:88:2b:b6:32:
                    52:b9:6a:fd:f8:9f:f3:47:9b:fc:0d:bc:02:ec:b1:
                    ce:a3:89:02:7c:a5:6d:9e:a4:34:17:9a:71:14:9f:
                    cf:bb:e2:86:04:74:e0:3f:73:9e:9a:f4:7b:c2:05:
                    c4:b7:e8:c7:24:94:21:9a:4d:22:43:5c:eb:98:02:
                    7c:f6:8c:eb:cd:56:be:f9:6b:4a:d2:5f:1d:dc:fd:
                    a6:86:bf:15:ba:e5:10:3a:c8:80:18:5b:6f:37:ff:
                    36:3c:ea:0f:11:0c:70:85:b3:f0:76:14:f4:72:2c:
                    f7:04:af:6e:f1:aa:d6:71:ea:5c:d9:81:e6:74:26:
                    66:e3:15:b0:73:5c:ca:c4:ea:13:1b:0e:69:d5:aa:
                    e8:fa:13:19:31:a5:98:eb:de:12:87:e6:3a:e0:4b:
                    6c:0a:02:8f:c3:27:18:f4:e5:12:02:a1:f0:d1:00:
                    db:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:8C:5E:DF:8E:9B:A7:17:97:9B:C1:5F:46:E9:AC:EA:DA:DF:A6:01
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad017d4e-10ed-4706-a728-1b3d3feae80f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d06f:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a5:6f:af:42:6a:8a:34:e4:eb:53:e0:d5:2d:86:92:d7:06:a5:
         44:58:fb:4c:bb:8b:f2:b6:65:f5:d2:54:d8:07:84:b2:47:91:
         76:df:42:af:c4:c8:cd:a5:6c:25:f8:be:2a:88:ea:ae:ae:93:
         c8:a3:88:80:a3:d5:d3:00:cf:18:00:4f:64:f5:b7:ff:47:51:
         31:41:b4:ec:52:84:cb:0f:a9:9d:b6:d8:38:75:bb:84:31:d6:
         a3:57:66:93:2d:41:80:9a:f2:94:aa:f6:96:3a:71:00:36:51:
         02:0c:6d:8c:cb:d2:99:51:81:e4:ff:a1:d6:31:04:02:50:c0:
         5e:d1:ef:4c:3a:5e:cd:0f:a8:1d:b3:4d:43:bb:b4:dd:92:32:
         f6:0d:bb:e0:5e:c7:74:39:ea:e7:67:a2:46:9d:8b:d1:d0:52:
         96:44:39:94:03:aa:6d:e3:65:d1:82:d3:8d:ac:a4:22:aa:87:
         78:59:05:3e:c5:26:55:25:9b:dd:fe:21:8d:c6:2a:20:65:00:
         a5:68:1a:dd:2c:dd:f2:4e:84:55:93:59:86:ab:bf:8f:cd:87:
         51:44:2e:24:8a:1e:0b:cd:e8:1e:2f:d2:69:74:0d:28:6d:7d:
         5e:de:99:5b:d7:03:2f:73:48:2f:50:e5:28:c9:77:1d:56:14:
         09:1e:7b:b1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQFm4iIlV08eqwHSljX8jFxeV53wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTIxMDJaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGViODk4NmUxMTMzMmNiMzE4M2FlZGZjMjVhYTM0OTBhY2Y5YTI1NDdmM2Fh
MzgxMDE4Yjg0YjJlMzUwZTlhZDExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ9amOSyd++syOIgUSpNI7UCGUnWn8zd+/BTDWTBovNj+CPJSWLPtArwKtOT
q4jLQubK0koW8ck8QssWA5jiXBeHtSM+U36e4sAY1fOVnbqauc8p55GIK7YyUrlq
/fif80eb/A28AuyxzqOJAnylbZ6kNBeacRSfz7vihgR04D9znpr0e8IFxLfoxySU
IZpNIkNc65gCfPaM681WvvlrStJfHdz9poa/FbrlEDrIgBhbbzf/NjzqDxEMcIWz
8HYU9HIs9wSvbvGq1nHqXNmB5nQmZuMVsHNcysTqExsOadWq6PoTGTGlmOveEofm
OuBLbAoCj8MnGPTlEgKh8NEA27ECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQbjF7f
jpunF5ebwV9G6azq2t+mATAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWQwMTdkNGUtMTBlZC00NzA2LWE3MjgtMWIzZDNmZWFlODBmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G9A
MA0GCSqGSIb3DQEBCwUAA4IBAQClb69Caoo05OtT4NUthpLXBqVEWPtMu4vytmX1
0lTYB4SyR5F230KvxMjNpWwl+L4qiOqurpPIo4iAo9XTAM8YAE9k9bf/R1ExQbTs
UoTLD6mdttg4dbuEMdajV2aTLUGAmvKUqvaWOnEANlECDG2My9KZUYHk/6HWMQQC
UMBe0e9MOl7ND6gds01Du7TdkjL2DbvgXsd0OernZ6JGnYvR0FKWRDmUA6pt42XR
gtONrKQiqod4WQU+xSZVJZvd/iGNxiogZQClaBrdLN3yToRVk1mGq7+PzYdRRC4k
ih4LzegeL9JpdA0obX1e3plb1wMvc0gvUOUoyXcdVhQJHnux
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:07 2025 by rpki-client