Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ba2d5a01-fa17-4fb3-97e7-c21c6e89f9fb.roa
File:                     ba2d5a01-fa17-4fb3-97e7-c21c6e89f9fb.roa (raw, json)
Hash identifier:          u+GepWvclpR1c1hdvAjNxN13jaFPglKYCmU+spEQ8/Y=
Subject key identifier:   F5:AA:9E:65:60:CB:82:4F:0D:D9:F4:1B:6E:DC:DF:73:45:77:03:66
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1C07CB72D3D0D74682CA0641712DCCDBBE248896
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ba2d5a01-fa17-4fb3-97e7-c21c6e89f9fb.roa
Signing time:             Fri 26 Sep 2025 19:21:28 +0000
ROA not before:           Fri 26 Sep 2025 19:21:28 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2a05:d06f:1000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:07:cb:72:d3:d0:d7:46:82:ca:06:41:71:2d:cc:db:be:24:88:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:21:28 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=3e7fee7f7a8129c6a946c9e5559ec90240812c5a347a8de4faf782b47f360def, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:08:64:ea:9c:85:a0:41:51:42:f2:5e:48:b4:
                    c0:83:fe:0d:04:79:38:3e:87:5d:f9:b0:36:96:b0:
                    81:e0:e2:3a:6c:b7:da:bf:eb:77:6e:63:73:1c:3f:
                    5e:9b:19:cd:02:fa:19:4b:9a:ec:02:d6:ba:9c:cf:
                    99:fc:99:ee:eb:47:3e:79:71:7d:3c:6c:f1:9b:3e:
                    02:ea:6c:e5:11:f0:6e:a3:61:2d:c0:8b:78:7b:e1:
                    50:b9:12:a0:6b:66:af:83:8a:f7:e5:4e:62:ab:78:
                    e7:22:d6:9a:ab:e0:6a:29:94:4c:b8:63:28:90:2b:
                    99:a1:77:35:72:60:df:be:6c:8b:e4:cd:70:1b:79:
                    79:a8:11:5d:e7:9e:98:d1:d1:6d:b9:50:28:b0:5a:
                    a0:b3:ea:0a:6c:88:aa:30:28:6a:3d:17:f1:ac:ae:
                    53:35:23:83:d8:b3:a1:db:b8:25:a1:da:7b:2c:4a:
                    b9:ab:38:ec:f7:0b:04:d2:ac:a3:2e:20:e6:18:ed:
                    99:ad:c3:98:8a:67:74:9f:d9:33:46:18:11:aa:83:
                    0b:b2:a0:b5:30:d7:88:6d:4f:a1:6c:8e:dc:ec:7d:
                    5f:a4:70:e5:b0:5c:17:a6:96:17:d7:82:6e:6b:b4:
                    63:19:6a:5c:17:a0:bd:c8:f2:21:79:7d:85:31:36:
                    86:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:AA:9E:65:60:CB:82:4F:0D:D9:F4:1B:6E:DC:DF:73:45:77:03:66
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ba2d5a01-fa17-4fb3-97e7-c21c6e89f9fb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d06f:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         20:de:cf:38:aa:d7:ee:75:9c:75:3c:d7:1d:60:2c:30:68:36:
         d4:84:8f:0c:a1:1c:7e:02:2f:39:63:a5:dc:0c:6d:71:0f:cc:
         3e:78:d8:15:5a:f5:4c:f4:9d:82:9d:25:10:21:15:be:ff:33:
         50:78:c8:23:46:56:4e:40:3e:96:ff:25:ff:bf:8e:7b:27:39:
         08:0a:e8:d4:d5:92:ba:fb:f0:93:52:d6:98:01:e5:16:d8:dd:
         05:1d:36:a4:99:10:cc:4b:ac:0c:18:40:68:a8:5d:8c:ef:ea:
         71:05:53:dc:41:ab:09:fe:ea:c9:fc:47:19:03:23:e3:84:40:
         d3:2f:ed:8f:6d:7b:75:7e:83:ed:23:92:37:08:e1:17:9b:d9:
         bb:d5:55:ff:c1:90:46:8e:81:ff:e6:55:da:2b:42:b5:12:f7:
         18:96:ec:50:67:a3:1e:31:c5:70:cc:86:b5:e0:62:50:75:1c:
         a7:8c:b8:b5:f3:11:0e:8a:36:4a:c7:0f:da:73:4e:d2:29:8a:
         58:a0:a3:e6:fd:0f:b2:74:54:c0:04:d3:ed:4e:45:66:3d:77:
         fb:0e:f2:21:62:fd:6a:4a:92:1e:26:1e:f0:d4:0e:fd:f6:e2:
         db:55:82:a1:9a:72:d7:e8:f6:6d:c1:d5:f9:b3:86:1e:21:ff:
         11:24:dd:7f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUHAfLctPQ10aCygZBcS3M274kiJYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTIxMjhaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDNlN2ZlZTdmN2E4MTI5YzZhOTQ2YzllNTU1OWVjOTAyNDA4MTJjNWEzNDdh
OGRlNGZhZjc4MmI0N2YzNjBkZWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALgIZOqchaBBUULyXki0wIP+DQR5OD6HXfmwNpawgeDiOmy32r/rd25jcxw/
XpsZzQL6GUua7ALWupzPmfyZ7utHPnlxfTxs8Zs+Aups5RHwbqNhLcCLeHvhULkS
oGtmr4OK9+VOYqt45yLWmqvgaimUTLhjKJArmaF3NXJg375si+TNcBt5eagRXeee
mNHRbblQKLBaoLPqCmyIqjAoaj0X8ayuUzUjg9izodu4JaHaeyxKuas47PcLBNKs
oy4g5hjtma3DmIpndJ/ZM0YYEaqDC7KgtTDXiG1PoWyO3Ox9X6Rw5bBcF6aWF9eC
bmu0YxlqXBegvcjyIXl9hTE2hnECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT1qp5l
YMuCTw3Z9Btu3N9zRXcDZjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmEyZDVhMDEtZmExNy00ZmIzLTk3ZTctYzIxYzZlODlmOWZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G8Q
MA0GCSqGSIb3DQEBCwUAA4IBAQAg3s84qtfudZx1PNcdYCwwaDbUhI8MoRx+Ai85
Y6XcDG1xD8w+eNgVWvVM9J2CnSUQIRW+/zNQeMgjRlZOQD6W/yX/v457JzkICujU
1ZK6+/CTUtaYAeUW2N0FHTakmRDMS6wMGEBoqF2M7+pxBVPcQasJ/urJ/EcZAyPj
hEDTL+2PbXt1foPtI5I3COEXm9m71VX/wZBGjoH/5lXaK0K1EvcYluxQZ6MeMcVw
zIa14GJQdRynjLi18xEOijZKxw/ac07SKYpYoKPm/Q+ydFTABNPtTkVmPXf7DvIh
Yv1qSpIeJh7w1A799uLbVYKhmnLX6PZtwdX5s4YeIf8RJN1/
-----END CERTIFICATE-----
Generated at Mon Oct 20 11:47:12 2025 by rpki-client