Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b89b3c5d-e121-4769-9f3e-0d4c4f0780db.roa
File:                     b89b3c5d-e121-4769-9f3e-0d4c4f0780db.roa (raw, json)
Hash identifier:          B2PJ8gI8IuMaVM73wV0JgQSmhwuZRnWNfG6Xsw/CABw=
Subject key identifier:   E4:80:95:EC:75:66:F9:95:81:79:ED:DE:D5:03:5A:24:9B:37:B2:A9
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3E68BDCA7EFBAA59D8D2C557C8FCBAD02404A288
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b89b3c5d-e121-4769-9f3e-0d4c4f0780db.roa
Signing time:             Fri 10 Oct 2025 17:04:57 +0000
ROA not before:           Fri 10 Oct 2025 17:04:57 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d059:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:68:bd:ca:7e:fb:aa:59:d8:d2:c5:57:c8:fc:ba:d0:24:04:a2:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 10 17:04:57 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=1e586ca4d9ef9ea630420e889128e019e3ca9865bf662f2d3aea9fa1fdd3d013, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f5:49:20:01:ac:38:60:2a:60:4e:f4:a8:5c:
                    6d:86:89:0c:4b:ff:9f:85:a6:f8:b5:1b:2d:7a:bb:
                    fe:05:35:48:38:a2:1b:2f:ae:92:02:30:f6:5e:b7:
                    4f:69:e4:b7:a1:bf:1b:a7:91:53:3f:23:b4:e3:48:
                    11:b7:6a:a5:19:3e:28:02:38:8b:05:cc:16:82:71:
                    31:3e:cc:64:fe:e3:52:5a:a5:de:00:60:b7:a8:08:
                    e8:26:fe:ca:16:f5:2c:68:e5:50:07:6a:04:a6:5a:
                    d4:26:39:52:9e:b9:3e:69:37:3f:f7:af:b1:d9:86:
                    6f:b1:a9:98:fb:0c:fc:b6:e0:64:93:fc:74:1e:ae:
                    50:0c:bd:24:98:d7:b8:62:30:6a:bd:c2:eb:37:f2:
                    66:4b:d6:97:03:77:1c:a6:be:b3:81:72:23:82:a7:
                    55:9f:cb:10:6f:d5:16:4f:d4:f0:01:21:4c:ad:46:
                    ec:ba:1f:22:2e:2d:f8:16:10:7e:c2:60:02:be:f3:
                    23:72:91:6c:c0:2f:14:9d:f4:a0:92:cb:62:47:7c:
                    79:a0:9a:f1:b8:35:79:4d:54:2e:64:7f:ac:5f:ea:
                    96:4d:f8:f9:88:3e:fb:08:70:97:c4:9d:b5:f7:cd:
                    fc:33:db:3d:be:6b:da:d9:24:e0:64:ad:a8:54:08:
                    58:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:80:95:EC:75:66:F9:95:81:79:ED:DE:D5:03:5A:24:9B:37:B2:A9
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b89b3c5d-e121-4769-9f3e-0d4c4f0780db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d059:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c5:e0:60:a9:8c:44:8f:89:a5:c9:9e:c0:30:c3:a8:47:41:e0:
         96:53:51:18:ab:59:c4:89:27:be:a8:08:dd:a7:fb:7c:2c:97:
         1a:32:b4:d9:c6:02:ce:63:7c:88:4c:d9:12:a6:7a:3a:bb:b5:
         f9:ea:38:cf:ee:33:f1:3e:fb:38:dc:3b:65:0d:29:c4:bb:13:
         8a:4f:de:e0:0a:d9:c2:bc:9f:99:e1:04:5e:cc:98:53:9b:02:
         67:3e:a4:53:d5:21:94:0f:0f:b3:9d:ba:76:d3:e8:ba:71:4f:
         94:f9:3e:81:b9:bc:95:81:90:4b:d8:cb:38:d5:97:e4:88:27:
         fa:25:68:25:c2:b2:a7:56:86:bd:25:f9:3d:e6:31:22:bd:b3:
         40:65:68:1f:e0:89:ba:58:a8:99:ef:8b:9c:2c:db:03:99:37:
         63:bf:28:ed:96:9f:fe:b6:7b:39:0e:2b:a1:69:9e:75:cd:72:
         7e:8c:ec:40:7e:00:70:73:91:9f:e7:94:b1:d0:bf:f1:5c:3a:
         5d:e2:5b:e2:ff:56:07:44:68:41:e4:6e:2f:0b:c3:bf:0c:b1:
         9d:c1:f4:66:d8:eb:89:ed:6b:f2:df:e5:95:ee:15:30:bb:a0:
         f5:62:3f:c6:65:f4:64:d1:ab:79:8e:03:ed:4f:56:4e:36:7e:
         3c:15:38:0d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPmi9yn77qlnY0sVXyPy60CQEoogwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzA0NTdaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDFlNTg2Y2E0ZDllZjllYTYzMDQyMGU4ODkxMjhlMDE5ZTNjYTk4NjViZjY2
MmYyZDNhZWE5ZmExZmRkM2QwMTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL71SSABrDhgKmBO9KhcbYaJDEv/n4Wm+LUbLXq7/gU1SDiiGy+ukgIw9l63
T2nkt6G/G6eRUz8jtONIEbdqpRk+KAI4iwXMFoJxMT7MZP7jUlql3gBgt6gI6Cb+
yhb1LGjlUAdqBKZa1CY5Up65Pmk3P/evsdmGb7GpmPsM/LbgZJP8dB6uUAy9JJjX
uGIwar3C6zfyZkvWlwN3HKa+s4FyI4KnVZ/LEG/VFk/U8AEhTK1G7LofIi4t+BYQ
fsJgAr7zI3KRbMAvFJ30oJLLYkd8eaCa8bg1eU1ULmR/rF/qlk34+Yg++whwl8Sd
tffN/DPbPb5r2tkk4GStqFQIWJsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTkgJXs
dWb5lYF57d7VA1okmzeyqTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Yjg5YjNjNWQtZTEyMS00NzY5LTlmM2UtMGQ0YzRmMDc4MGRiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Flg
MA0GCSqGSIb3DQEBCwUAA4IBAQDF4GCpjESPiaXJnsAww6hHQeCWU1EYq1nEiSe+
qAjdp/t8LJcaMrTZxgLOY3yITNkSpno6u7X56jjP7jPxPvs43DtlDSnEuxOKT97g
CtnCvJ+Z4QRezJhTmwJnPqRT1SGUDw+znbp20+i6cU+U+T6BubyVgZBL2Ms41Zfk
iCf6JWglwrKnVoa9Jfk95jEivbNAZWgf4Im6WKiZ74ucLNsDmTdjvyjtlp/+tns5
DiuhaZ51zXJ+jOxAfgBwc5Gf55Sx0L/xXDpd4lvi/1YHRGhB5G4vC8O/DLGdwfRm
2OuJ7Wvy3+WV7hUwu6D1Yj/GZfRk0at5jgPtT1ZONn48FTgN
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:19 2025 by rpki-client