Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b0cb661c-43c3-4c2a-86e3-cc88642d6314.roa
File:                     b0cb661c-43c3-4c2a-86e3-cc88642d6314.roa (raw, json)
Hash identifier:          uw/7Z+T23PhVqyhh01QTaaNqCQN/f0trzDkKIE0WuYE=
Subject key identifier:   BB:72:2F:E2:D0:1D:35:2D:FC:61:FE:F2:B9:17:7F:22:02:EC:FA:C2
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3706FB7B72008A1A2C1457B4ABE936E9048EF588
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b0cb661c-43c3-4c2a-86e3-cc88642d6314.roa
Signing time:             Fri 26 Sep 2025 19:01:02 +0000
ROA not before:           Fri 26 Sep 2025 19:01:02 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:20c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:06:fb:7b:72:00:8a:1a:2c:14:57:b4:ab:e9:36:e9:04:8e:f5:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:01:02 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=91f90e05abdb0867079b0827a44edea5208dbad1d25da12d5145c57439b1a340, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d7:63:10:ce:ce:99:a2:81:28:ba:0f:3d:09:
                    c3:66:79:7d:2b:03:15:3b:3d:77:65:e6:84:89:b1:
                    3a:8f:05:df:76:d0:a6:0b:cb:b3:69:3c:c8:6f:3f:
                    61:e9:6b:e8:e9:2b:44:f3:23:4b:a3:bb:38:49:a1:
                    c5:ac:17:43:a7:92:01:de:cc:10:da:07:38:c6:0a:
                    3f:0c:dd:ce:3d:81:38:f6:09:ce:93:60:e9:59:5b:
                    ff:87:74:29:b0:79:a1:74:82:60:5f:e0:2a:2c:e2:
                    f3:7f:aa:ef:27:d6:5a:45:1b:7a:de:a0:91:ea:c6:
                    42:f1:29:2e:7a:4c:57:e5:6f:f1:10:a1:15:f7:86:
                    c0:df:e2:d0:f9:7e:c5:3e:0f:b0:e5:ea:14:27:57:
                    26:8e:c0:1b:df:96:bc:71:82:c1:09:03:05:b4:cc:
                    d6:6b:a1:08:bc:1d:96:eb:d7:5d:ef:6a:52:e1:51:
                    a0:3c:db:31:ec:8a:d6:2c:b7:a3:72:e3:42:ed:28:
                    1e:61:b0:1d:f1:d9:e6:78:d8:21:c1:6f:4c:43:d7:
                    9f:0f:68:fd:3e:6a:b5:eb:90:c7:1f:36:66:7a:68:
                    01:43:13:41:34:3e:9a:a5:01:94:73:51:82:f0:2c:
                    18:08:ef:f2:cc:29:cb:68:b9:8f:66:3f:9f:3f:e7:
                    a9:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:72:2F:E2:D0:1D:35:2D:FC:61:FE:F2:B9:17:7F:22:02:EC:FA:C2
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b0cb661c-43c3-4c2a-86e3-cc88642d6314.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:20c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:63:5f:31:12:20:e9:04:5e:34:3e:dd:b4:5d:16:c0:e1:1f:
         17:b1:f7:7c:e8:47:86:4a:ca:78:ed:1c:52:f1:d3:08:48:ee:
         b7:31:15:d6:f7:52:65:e0:78:d2:24:b5:42:d9:0e:61:ca:72:
         2b:d7:13:92:63:0f:ca:b0:53:7c:1b:ef:51:c0:0b:08:ca:53:
         e0:ba:d9:52:c4:df:1a:dd:89:60:71:87:df:55:69:bf:fe:e2:
         a4:c5:82:72:d2:60:e2:59:97:6e:ac:8f:6f:22:f8:fa:a9:7a:
         e4:a2:1c:49:a9:eb:50:10:f3:eb:e7:72:e6:1b:e5:7f:70:77:
         19:a7:4f:dc:cc:69:ce:f9:d5:bf:af:f6:6e:57:30:0a:32:70:
         8a:53:50:da:ad:a7:1c:63:47:c5:ff:45:20:17:eb:12:63:fc:
         ac:df:b4:99:dc:a8:d2:bb:6e:6c:f8:2c:e2:42:73:5b:b6:d0:
         b7:ea:29:44:18:65:9a:6d:26:67:89:43:92:df:dd:53:40:0f:
         9c:80:78:41:a1:8e:6a:b4:d2:97:98:4a:4a:54:61:b8:40:65:
         9c:03:f3:f3:1d:ba:bc:12:c7:a0:80:60:60:16:d7:ac:5e:13:
         a1:f2:53:8c:42:9c:c7:ce:e6:56:61:dc:7f:ab:6e:08:38:e0:
         5a:5a:c9:47
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUNwb7e3IAihosFFe0q+k26QSO9YgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTAxMDJaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDkxZjkwZTA1YWJkYjA4NjcwNzliMDgyN2E0NGVkZWE1MjA4ZGJhZDFkMjVk
YTEyZDUxNDVjNTc0MzliMWEzNDAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKvXYxDOzpmigSi6Dz0Jw2Z5fSsDFTs9d2XmhImxOo8F33bQpgvLs2k8yG8/
Yelr6OkrRPMjS6O7OEmhxawXQ6eSAd7MENoHOMYKPwzdzj2BOPYJzpNg6Vlb/4d0
KbB5oXSCYF/gKizi83+q7yfWWkUbet6gkerGQvEpLnpMV+Vv8RChFfeGwN/i0Pl+
xT4PsOXqFCdXJo7AG9+WvHGCwQkDBbTM1muhCLwdluvXXe9qUuFRoDzbMeyK1iy3
o3LjQu0oHmGwHfHZ5njYIcFvTEPXnw9o/T5qteuQxx82ZnpoAUMTQTQ+mqUBlHNR
gvAsGAjv8swpy2i5j2Y/nz/nqUMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS7ci/i
0B01Lfxh/vK5F38iAuz6wjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjBjYjY2MWMtNDNjMy00YzJhLTg2ZTMtY2M4ODY0MmQ2MzE0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DEg
wDANBgkqhkiG9w0BAQsFAAOCAQEAI2NfMRIg6QReND7dtF0WwOEfF7H3fOhHhkrK
eO0cUvHTCEjutzEV1vdSZeB40iS1QtkOYcpyK9cTkmMPyrBTfBvvUcALCMpT4LrZ
UsTfGt2JYHGH31Vpv/7ipMWCctJg4lmXbqyPbyL4+ql65KIcSanrUBDz6+dy5hvl
f3B3GadP3MxpzvnVv6/2blcwCjJwilNQ2q2nHGNHxf9FIBfrEmP8rN+0mdyo0rtu
bPgs4kJzW7bQt+opRBhlmm0mZ4lDkt/dU0APnIB4QaGOarTSl5hKSlRhuEBlnAPz
8x26vBLHoIBgYBbXrF4TofJTjEKcx87mVmHcf6tuCDjgWlrJRw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:16 2025 by rpki-client