Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bbba23f6-dc95-4602-8972-c409631731f1.roa
File:                     bbba23f6-dc95-4602-8972-c409631731f1.roa (raw, json)
Hash identifier:          /2+3s99FK570cX4ZGtpi84JVLp/QhBbJ6lddXu0808Q=
Subject key identifier:   21:FE:DC:05:4E:AE:4E:63:E1:92:75:F1:13:8E:87:CA:52:90:50:5F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       681D26D7CD6946799E34DDE9411917B0C4CEAB07
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bbba23f6-dc95-4602-8972-c409631731f1.roa
Signing time:             Fri 10 Oct 2025 17:04:18 +0000
ROA not before:           Fri 10 Oct 2025 17:04:18 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d074:800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:1d:26:d7:cd:69:46:79:9e:34:dd:e9:41:19:17:b0:c4:ce:ab:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 10 17:04:18 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=24a667ece566ca008f2c758126d52214e1582d2dee25c074ef2f7ad410f090f9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:5f:c6:ef:13:16:63:0e:cc:4b:32:c2:f7:6e:
                    c7:ce:4f:b3:de:a8:ef:9f:54:9f:fb:f2:f9:0f:cc:
                    bd:1d:29:bf:d8:c0:32:3e:4a:c4:70:76:14:25:09:
                    c7:97:fe:9e:a4:f1:5e:ae:a0:23:1f:06:47:f9:c0:
                    66:b0:51:30:51:f2:63:0f:2a:6c:73:fd:c8:59:7f:
                    f1:bf:e8:bf:94:90:c8:cd:03:4e:3d:94:b8:c4:fa:
                    ee:60:86:75:39:7a:76:4f:43:49:ad:a9:e5:0e:c6:
                    34:3d:74:f4:df:c4:60:3d:6f:9a:a5:5d:82:24:52:
                    ef:ee:7b:62:80:93:e0:b7:11:9b:64:c6:e3:8a:d7:
                    91:01:18:a9:dc:80:c6:07:88:63:cd:a4:80:c7:46:
                    f9:a3:f6:19:96:5b:73:cd:ef:53:2f:c4:03:ec:44:
                    4c:1d:17:1a:6e:32:9d:60:9c:b8:d0:78:8d:f2:c3:
                    a2:38:96:33:a7:97:05:19:d4:c7:b2:4c:82:ae:79:
                    9c:2d:41:87:05:69:76:48:6c:d9:b4:72:a2:f3:bd:
                    8b:00:b8:73:20:6d:7c:c5:74:22:17:e0:8e:32:96:
                    36:7d:a0:fd:2a:02:e8:da:ed:c4:f1:ee:5f:13:61:
                    d5:cc:f5:9b:f2:45:1a:bc:69:8a:d8:28:1f:83:75:
                    bb:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:FE:DC:05:4E:AE:4E:63:E1:92:75:F1:13:8E:87:CA:52:90:50:5F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bbba23f6-dc95-4602-8972-c409631731f1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d074:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         0c:41:ac:56:9d:01:0d:c7:9c:58:cc:b2:70:05:e0:b9:5f:7d:
         61:c2:b1:c7:63:a3:e4:62:6d:dc:a6:68:74:f6:a8:22:bb:a0:
         48:90:65:0f:d2:dc:24:6c:54:1b:5b:d5:6a:da:0d:e7:93:16:
         34:08:ec:bb:4f:37:1d:81:46:f1:ab:eb:23:4c:62:0d:fc:45:
         7e:64:b4:38:4d:12:83:bd:41:66:1a:18:2a:4b:31:ef:05:85:
         5d:36:fe:e0:b6:f8:f5:d8:54:26:78:5a:9d:69:fa:5b:60:a4:
         53:99:01:72:3d:3e:f3:7b:08:38:13:f1:f9:6d:54:45:94:58:
         7d:4a:fe:84:57:1d:73:71:d9:ce:29:e7:8e:53:33:f0:23:51:
         ad:ee:f4:1b:f4:d2:1c:a9:ad:a2:60:2d:0d:1f:ca:2d:f6:4e:
         ef:0d:bc:1e:60:7e:04:4a:31:0d:a5:fb:66:b1:4e:1a:3e:97:
         3d:e8:ce:8e:94:91:0e:31:85:63:9c:27:13:74:8e:95:75:f2:
         5e:31:a8:4e:94:bb:f8:2e:b2:0b:57:34:3b:a9:4c:26:fa:cc:
         fa:85:a0:8e:05:8a:69:c6:76:29:b4:53:10:92:00:02:cc:5a:
         cc:70:76:ec:94:2e:91:ea:04:e1:03:f8:e0:e4:e8:7b:64:94:
         47:a6:50:f0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUaB0m181pRnmeNN3pQRkXsMTOqwcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzA0MThaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDI0YTY2N2VjZTU2NmNhMDA4ZjJjNzU4MTI2ZDUyMjE0ZTE1ODJkMmRlZTI1
YzA3NGVmMmY3YWQ0MTBmMDkwZjkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJNfxu8TFmMOzEsywvdux85Ps96o759Un/vy+Q/MvR0pv9jAMj5KxHB2FCUJ
x5f+nqTxXq6gIx8GR/nAZrBRMFHyYw8qbHP9yFl/8b/ov5SQyM0DTj2UuMT67mCG
dTl6dk9DSa2p5Q7GND109N/EYD1vmqVdgiRS7+57YoCT4LcRm2TG44rXkQEYqdyA
xgeIY82kgMdG+aP2GZZbc83vUy/EA+xETB0XGm4ynWCcuNB4jfLDojiWM6eXBRnU
x7JMgq55nC1BhwVpdkhs2bRyovO9iwC4cyBtfMV0IhfgjjKWNn2g/SoC6NrtxPHu
XxNh1cz1m/JFGrxpitgoH4N1uxECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQh/twF
Tq5OY+GSdfETjofKUpBQXzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmJiYTIzZjYtZGM5NS00NjAyLTg5NzItYzQwOTYzMTczMWYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HQI
MA0GCSqGSIb3DQEBCwUAA4IBAQAMQaxWnQENx5xYzLJwBeC5X31hwrHHY6PkYm3c
pmh09qgiu6BIkGUP0twkbFQbW9Vq2g3nkxY0COy7TzcdgUbxq+sjTGIN/EV+ZLQ4
TRKDvUFmGhgqSzHvBYVdNv7gtvj12FQmeFqdafpbYKRTmQFyPT7zewg4E/H5bVRF
lFh9Sv6EVx1zcdnOKeeOUzPwI1Gt7vQb9NIcqa2iYC0NH8ot9k7vDbweYH4ESjEN
pftmsU4aPpc96M6OlJEOMYVjnCcTdI6VdfJeMahOlLv4LrILVzQ7qUwm+sz6haCO
BYppxnYptFMQkgACzFrMcHbslC6R6gThA/jg5Oh7ZJRHplDw
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:37 2025 by rpki-client