Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/be609ec8-2ad0-42f7-9159-0a3ece35241f.roa
File:                     be609ec8-2ad0-42f7-9159-0a3ece35241f.roa (raw, json)
Hash identifier:          coqolZOIZUegzCQjmC1uiimF4usCM+43IxpBgsSQOHc=
Subject key identifier:   02:75:D5:59:BF:D3:C0:5E:68:A9:81:0F:DE:AE:3E:43:FF:96:82:70
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7607E7FD346DFCFE89146B6C02444D115A6E3644
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/be609ec8-2ad0-42f7-9159-0a3ece35241f.roa
Signing time:             Sun 19 Oct 2025 23:50:08 +0000
ROA not before:           Sun 19 Oct 2025 23:50:08 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d050:800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:07:e7:fd:34:6d:fc:fe:89:14:6b:6c:02:44:4d:11:5a:6e:36:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 19 23:50:08 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=1b5fe7ab77982aff5ec90863da6326fcb2ceadee55f2b5a8bf4e62b347dcb757, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c8:fd:9f:f6:d6:47:f4:9e:eb:ed:1e:87:c1:
                    64:7a:b2:55:70:22:5d:3e:62:33:31:a3:24:8a:cb:
                    a0:38:79:1d:05:a6:92:5b:15:db:90:97:4c:77:5f:
                    4e:ce:72:db:58:9c:3e:f9:a7:73:a8:4d:18:06:b9:
                    6b:d9:08:7e:14:5d:e8:09:37:1f:d2:29:b4:90:d4:
                    08:45:e6:fe:42:b8:b2:00:24:e9:b8:9f:2a:de:b9:
                    37:98:69:24:4b:04:ea:aa:71:9a:15:f6:c5:e6:e8:
                    b5:5a:54:59:53:d0:b2:6e:0c:42:19:f7:ab:d0:0a:
                    90:1d:31:bd:ea:cd:99:12:8f:85:6c:b5:a6:6b:98:
                    c3:1d:03:8d:69:66:77:af:01:03:ec:4e:09:95:78:
                    4a:ae:30:41:65:7b:96:5c:8a:3c:07:44:be:05:b8:
                    94:43:bf:cd:9e:08:77:0e:70:56:3c:28:86:62:88:
                    e4:cb:29:b4:cc:63:4b:0e:ac:3e:43:53:f4:46:b0:
                    c6:cc:f4:03:09:95:f6:0f:2b:82:2d:1f:77:d5:c9:
                    3b:5d:f1:78:ae:9e:3c:c5:c1:81:5c:e7:0b:d1:72:
                    36:2a:d4:bc:ad:bc:2e:e7:8d:b1:69:46:93:a6:3a:
                    92:df:db:74:59:f8:c3:7a:28:4e:44:60:9c:ec:42:
                    f3:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:75:D5:59:BF:D3:C0:5E:68:A9:81:0F:DE:AE:3E:43:FF:96:82:70
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/be609ec8-2ad0-42f7-9159-0a3ece35241f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d050:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         1c:66:8f:12:1c:bb:da:b1:df:99:e9:ea:20:0d:f0:79:9a:17:
         e3:be:88:0f:82:5b:12:1d:59:ef:8e:84:03:d9:4c:79:98:20:
         a2:bf:58:da:c1:0c:f7:28:fe:66:f2:bb:a7:69:bc:72:80:27:
         fe:0b:56:9b:9d:d2:37:1e:ac:86:22:87:d4:7a:66:a4:01:04:
         e4:80:c0:ac:fc:16:28:79:ef:22:ef:2d:ef:08:8e:48:4f:d9:
         e0:8f:3d:58:ff:0d:ff:42:7b:8c:c8:92:cc:b8:c7:17:d2:fe:
         53:5b:91:d3:60:13:c7:ba:9e:4b:fb:54:1a:33:7e:e2:9c:f7:
         77:a8:14:b1:69:b4:e0:a4:ad:45:04:9d:b2:df:62:a4:9b:26:
         11:81:2f:d4:d9:70:91:16:2c:f7:d5:5e:1b:ea:6e:93:73:f5:
         c1:d8:3e:e4:31:51:14:1d:22:e1:e4:80:3f:bf:f0:21:fd:9b:
         ce:03:83:61:fd:cf:d0:9e:63:6f:6a:21:20:18:5c:98:66:7b:
         eb:4d:ac:af:6a:ff:a7:3c:96:cb:76:6a:6b:ed:c2:1c:7e:a3:
         4c:48:bb:57:dd:7b:55:2b:75:e8:28:a7:ab:ea:30:77:4c:c9:
         9c:54:a1:e5:3d:94:46:b9:1d:bc:bb:cb:2d:e1:91:88:9a:4e:
         8e:fd:99:e2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdgfn/TRt/P6JFGtsAkRNEVpuNkQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTkyMzUwMDhaFw0yNTExMjMyMzU5NTlaMHoxSTBHBgNV
BAUTQDFiNWZlN2FiNzc5ODJhZmY1ZWM5MDg2M2RhNjMyNmZjYjJjZWFkZWU1NWYy
YjVhOGJmNGU2MmIzNDdkY2I3NTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKTI/Z/21kf0nuvtHofBZHqyVXAiXT5iMzGjJIrLoDh5HQWmklsV25CXTHdf
Ts5y21icPvmnc6hNGAa5a9kIfhRd6Ak3H9IptJDUCEXm/kK4sgAk6bifKt65N5hp
JEsE6qpxmhX2xebotVpUWVPQsm4MQhn3q9AKkB0xverNmRKPhWy1pmuYwx0DjWlm
d68BA+xOCZV4Sq4wQWV7llyKPAdEvgW4lEO/zZ4Idw5wVjwohmKI5MsptMxjSw6s
PkNT9Eawxsz0AwmV9g8rgi0fd9XJO13xeK6ePMXBgVznC9FyNirUvK28LueNsWlG
k6Y6kt/bdFn4w3ooTkRgnOxC8xUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQCddVZ
v9PAXmipgQ/erj5D/5aCcDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmU2MDllYzgtMmFkMC00MmY3LTkxNTktMGEzZWNlMzUyNDFmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FAI
MA0GCSqGSIb3DQEBCwUAA4IBAQAcZo8SHLvasd+Z6eogDfB5mhfjvogPglsSHVnv
joQD2Ux5mCCiv1jawQz3KP5m8runabxygCf+C1abndI3HqyGIofUemakAQTkgMCs
/BYoee8i7y3vCI5IT9ngjz1Y/w3/QnuMyJLMuMcX0v5TW5HTYBPHup5L+1QaM37i
nPd3qBSxabTgpK1FBJ2y32KkmyYRgS/U2XCRFiz31V4b6m6Tc/XB2D7kMVEUHSLh
5IA/v/Ah/ZvOA4Nh/c/QnmNvaiEgGFyYZnvrTayvav+nPJbLdmpr7cIcfqNMSLtX
3XtVK3XoKKer6jB3TMmcVKHlPZRGuR28u8st4ZGImk6O/Zni
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:57 2025 by rpki-client