Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/af189eff-34de-4652-a029-d682c90d1fc5.roa
File:                     af189eff-34de-4652-a029-d682c90d1fc5.roa (raw, json)
Hash identifier:          aueTTNUTqHrtEAO1QMpMyFPzReObq4Yi6ldnYvdMeBQ=
Subject key identifier:   56:0A:E6:5F:4C:32:D0:D2:7B:7B:E9:48:2D:98:72:F7:1C:38:3C:9E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       62A8B02EBDB00B887374701A58B8A6177EB5E3D5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/af189eff-34de-4652-a029-d682c90d1fc5.roa
Signing time:             Fri 26 Sep 2025 19:11:00 +0000
ROA not before:           Fri 26 Sep 2025 19:11:00 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:80c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:a8:b0:2e:bd:b0:0b:88:73:74:70:1a:58:b8:a6:17:7e:b5:e3:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:11:00 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=000850550259a9d133acd38e9581e6e9c649b850d61d7b0c3a79c95bfbbaeea1, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0d:47:b0:23:61:1a:2f:46:c1:cf:f8:54:93:
                    4b:51:5d:a7:e3:8a:2d:84:3b:32:f5:04:c1:23:79:
                    cc:45:2b:f1:e9:df:22:a6:b5:f5:82:96:3d:ec:f0:
                    87:8c:e8:74:05:96:38:55:f6:cd:e3:f2:ac:ee:91:
                    45:59:c3:f0:bf:1b:b9:31:3b:08:bb:9b:d1:64:03:
                    bd:60:43:90:cd:af:36:9f:26:13:19:ae:44:c5:6e:
                    36:a1:cf:67:89:6a:c4:7d:c0:9d:81:55:31:4a:ec:
                    4e:e0:af:4a:f7:dd:5f:7a:b6:26:a9:31:2d:8b:42:
                    9c:b8:61:0d:97:a3:f7:c3:fe:c8:6f:bb:8d:d1:4a:
                    6e:42:13:a0:62:dd:af:a2:1e:b1:14:7a:05:ce:32:
                    f1:ad:7f:16:28:ef:d5:1c:76:a0:4d:a8:d3:0a:b6:
                    88:4a:c1:b6:8a:a5:4a:19:f7:b3:c3:25:b6:6a:88:
                    51:a3:c4:2d:e1:20:2b:d6:ad:63:c5:62:9c:fa:4d:
                    a0:0c:59:af:32:5b:96:03:aa:5a:00:47:7e:f2:dc:
                    4c:be:de:ad:e5:fb:08:c0:15:c2:f4:8d:f7:04:dd:
                    49:89:99:9e:24:a0:02:e3:16:7b:18:b9:bd:10:e4:
                    05:bb:dd:4c:8e:f3:4d:80:c7:1c:6c:b9:e4:5e:e4:
                    51:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:0A:E6:5F:4C:32:D0:D2:7B:7B:E9:48:2D:98:72:F7:1C:38:3C:9E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/af189eff-34de-4652-a029-d682c90d1fc5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:80c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:19:07:31:cb:0d:0c:8f:31:4f:64:c6:66:e7:9e:2b:fc:f7:
         37:06:7c:ab:89:b0:20:55:71:9a:80:f2:a5:f7:1f:94:b5:13:
         ed:da:e3:3d:02:77:d9:8b:97:b7:7e:5f:0e:62:a5:29:20:17:
         7b:bd:d2:37:b9:c1:7a:4c:9a:ae:a0:81:bc:88:c2:6e:da:40:
         e7:07:7e:ef:72:91:34:42:53:19:18:36:d9:e2:52:6f:fb:00:
         f2:0c:c3:7c:08:e6:fe:e9:8b:e3:63:f9:51:74:ad:b8:a0:cf:
         06:60:5b:e5:c3:6a:65:84:b9:cf:1d:a5:2e:d0:81:a3:f6:2c:
         13:b7:f5:cb:0f:a4:fc:43:aa:8a:b2:a2:01:1d:6c:90:09:70:
         da:98:6f:52:5f:5d:c6:2c:54:20:32:1d:54:44:0e:69:40:19:
         a2:a9:0a:24:4a:a4:fa:ae:ed:13:65:2e:fe:72:62:76:6a:9d:
         a1:52:e5:98:1f:25:46:98:98:e7:aa:e8:3c:01:6d:f8:a5:93:
         7f:9a:25:8e:d9:de:97:31:e6:23:70:31:c6:1d:4d:c0:7b:c3:
         99:0c:42:08:d1:20:a4:98:25:25:97:67:48:09:e2:60:4d:19:
         a2:0a:72:a4:e2:5c:3c:b8:22:2b:4c:1c:ed:81:cc:5a:0b:c0:
         0a:5f:d3:24
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUYqiwLr2wC4hzdHAaWLimF36149UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTExMDBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDAwMDg1MDU1MDI1OWE5ZDEzM2FjZDM4ZTk1ODFlNmU5YzY0OWI4NTBkNjFk
N2IwYzNhNzljOTViZmJiYWVlYTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALgNR7AjYRovRsHP+FSTS1Fdp+OKLYQ7MvUEwSN5zEUr8enfIqa19YKWPezw
h4zodAWWOFX2zePyrO6RRVnD8L8buTE7CLub0WQDvWBDkM2vNp8mExmuRMVuNqHP
Z4lqxH3AnYFVMUrsTuCvSvfdX3q2JqkxLYtCnLhhDZej98P+yG+7jdFKbkIToGLd
r6IesRR6Bc4y8a1/Fijv1Rx2oE2o0wq2iErBtoqlShn3s8MltmqIUaPELeEgK9at
Y8VinPpNoAxZrzJblgOqWgBHfvLcTL7ereX7CMAVwvSN9wTdSYmZniSgAuMWexi5
vRDkBbvdTI7zTYDHHGy55F7kURsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRWCuZf
TDLQ0nt76UgtmHL3HDg8njAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWYxODllZmYtMzRkZS00NjUyLWEwMjktZDY4MmM5MGQxZmM1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
wDANBgkqhkiG9w0BAQsFAAOCAQEAgBkHMcsNDI8xT2TGZueeK/z3NwZ8q4mwIFVx
moDypfcflLUT7drjPQJ32YuXt35fDmKlKSAXe73SN7nBekyarqCBvIjCbtpA5wd+
73KRNEJTGRg22eJSb/sA8gzDfAjm/umL42P5UXStuKDPBmBb5cNqZYS5zx2lLtCB
o/YsE7f1yw+k/EOqirKiAR1skAlw2phvUl9dxixUIDIdVEQOaUAZoqkKJEqk+q7t
E2Uu/nJidmqdoVLlmB8lRpiY56roPAFt+KWTf5oljtnelzHmI3Axxh1NwHvDmQxC
CNEgpJglJZdnSAniYE0ZogpypOJcPLgiK0wc7YHMWgvACl/TJA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:46:59 2025 by rpki-client