Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b72a9540-51ef-4dcc-a5e2-2417249a1af3.roa
File:                     b72a9540-51ef-4dcc-a5e2-2417249a1af3.roa (raw, json)
Hash identifier:          9BtdgECivOFemfMHP+kP+iuoWYjk6ZA0j7OClHeQZlc=
Subject key identifier:   00:71:46:9A:CC:4A:37:DD:AE:3E:6A:41:45:E0:09:8A:67:57:19:8D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       244713F6F2D199FB7F5EB6F7343A52B877A1B459
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b72a9540-51ef-4dcc-a5e2-2417249a1af3.roa
Signing time:             Fri 26 Sep 2025 20:01:31 +0000
ROA not before:           Fri 26 Sep 2025 20:01:31 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d012:400::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:47:13:f6:f2:d1:99:fb:7f:5e:b6:f7:34:3a:52:b8:77:a1:b4:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 20:01:31 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=cba6528a17d4e2cffe2c8fe2118ceadf9eb383a1955d5536418964f87089b8bc, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:01:c8:ee:2d:f1:a6:96:a2:bd:06:b1:7e:3d:
                    d6:e8:24:9f:5d:87:74:ba:dc:3d:ee:2b:f5:da:57:
                    21:79:35:ef:94:67:2d:ab:11:2a:8f:03:4c:8e:51:
                    8b:fe:67:9d:f2:a7:05:f2:0b:b7:e7:f8:06:30:2a:
                    2c:69:9e:83:65:19:dc:cf:3d:47:2d:65:f5:c5:97:
                    17:d9:c7:4f:e7:8d:ce:c6:71:3c:fb:0c:9c:26:cd:
                    3f:fb:6c:88:b0:db:0d:ce:1c:4d:05:4f:99:26:d4:
                    f9:d3:72:db:6d:d0:64:16:e6:ca:cc:e1:85:2d:de:
                    7d:a2:7b:69:7b:6f:45:f7:eb:46:c2:ad:4e:34:da:
                    6e:b5:a4:6a:12:b2:05:1e:5f:fc:49:f4:b4:83:08:
                    bb:d4:67:e5:9e:33:62:ad:01:26:d3:0a:f5:ca:e4:
                    af:20:88:ec:94:bd:ba:47:e8:13:5a:de:73:84:1a:
                    02:29:bb:2b:9f:10:78:ac:d9:7b:64:f7:06:ec:1f:
                    de:91:b4:b2:58:6d:fd:6e:6e:71:df:80:09:61:d8:
                    87:89:54:84:2c:a7:81:d5:19:6f:18:db:a3:1b:c3:
                    2e:92:7c:89:39:3f:2c:1f:ce:17:15:5e:a5:54:92:
                    d6:6f:8b:51:2b:c2:28:79:d3:4d:d4:c7:25:72:76:
                    55:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:71:46:9A:CC:4A:37:DD:AE:3E:6A:41:45:E0:09:8A:67:57:19:8D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b72a9540-51ef-4dcc-a5e2-2417249a1af3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d012:400::/38

    Signature Algorithm: sha256WithRSAEncryption
         67:bd:b6:d6:03:10:b9:ec:e7:fa:ba:bc:3e:13:77:cd:cd:00:
         40:26:a5:67:03:37:de:ba:1e:f0:b0:46:a8:e2:b9:18:74:61:
         7c:f9:ea:17:d4:74:4b:17:48:e4:3e:ae:d9:2e:ec:cf:07:54:
         27:82:b8:9b:c9:ab:02:6c:51:1b:51:12:eb:1a:39:e5:17:06:
         8b:c6:69:50:77:40:2c:ac:86:7e:9f:ae:8a:ed:fd:e8:03:1d:
         fe:bd:3b:d5:7c:11:fd:c1:e5:e4:b3:3c:6d:82:75:85:c9:0a:
         a5:91:16:0d:57:d8:c2:fd:10:0a:63:ff:99:a9:a9:75:8f:8b:
         87:90:f0:00:98:7f:ed:a7:07:e2:58:e1:96:0f:b3:0c:08:26:
         eb:8f:0f:61:d9:06:b7:3e:ba:db:20:60:e8:4e:67:a9:61:ea:
         07:00:ae:ab:f8:06:5a:4a:a7:0e:e1:d5:cd:dd:07:20:37:34:
         46:69:7b:41:9c:9b:f1:6c:9e:cc:78:53:b8:04:dc:b5:a5:67:
         e6:08:64:a8:0b:84:e2:a3:04:66:06:6a:b8:4d:fd:7f:3a:00:
         b2:aa:89:fe:e2:17:7a:86:6d:12:83:bd:f2:47:fd:04:62:60:
         a5:90:98:95:87:65:a7:c1:61:16:6c:45:b0:38:a2:cb:06:de:
         b1:8d:03:b0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJEcT9vLRmft/Xrb3NDpSuHehtFkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDAxMzFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGNiYTY1MjhhMTdkNGUyY2ZmZTJjOGZlMjExOGNlYWRmOWViMzgzYTE5NTVk
NTUzNjQxODk2NGY4NzA4OWI4YmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALYByO4t8aaWor0GsX491ugkn12HdLrcPe4r9dpXIXk175RnLasRKo8DTI5R
i/5nnfKnBfILt+f4BjAqLGmeg2UZ3M89Ry1l9cWXF9nHT+eNzsZxPPsMnCbNP/ts
iLDbDc4cTQVPmSbU+dNy223QZBbmyszhhS3efaJ7aXtvRffrRsKtTjTabrWkahKy
BR5f/En0tIMIu9Rn5Z4zYq0BJtMK9crkryCI7JS9ukfoE1rec4QaAim7K58QeKzZ
e2T3Buwf3pG0slht/W5ucd+ACWHYh4lUhCyngdUZbxjboxvDLpJ8iTk/LB/OFxVe
pVSS1m+LUSvCKHnTTdTHJXJ2VekCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQAcUaa
zEo33a4+akFF4AmKZ1cZjTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjcyYTk1NDAtNTFlZi00ZGNjLWE1ZTItMjQxNzI0OWExYWYzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BIE
MA0GCSqGSIb3DQEBCwUAA4IBAQBnvbbWAxC57Of6urw+E3fNzQBAJqVnAzfeuh7w
sEao4rkYdGF8+eoX1HRLF0jkPq7ZLuzPB1QngribyasCbFEbURLrGjnlFwaLxmlQ
d0AsrIZ+n66K7f3oAx3+vTvVfBH9weXkszxtgnWFyQqlkRYNV9jC/RAKY/+Zqal1
j4uHkPAAmH/tpwfiWOGWD7MMCCbrjw9h2Qa3PrrbIGDoTmepYeoHAK6r+AZaSqcO
4dXN3QcgNzRGaXtBnJvxbJ7MeFO4BNy1pWfmCGSoC4TiowRmBmq4Tf1/OgCyqon+
4hd6hm0Sg73yR/0EYmClkJiVh2WnwWEWbEWwOKLLBt6xjQOw
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:22 2025 by rpki-client