Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bed4158d-91b8-4ba5-81d9-75a65b550b92.roa
File:                     bed4158d-91b8-4ba5-81d9-75a65b550b92.roa (raw, json)
Hash identifier:          1vCjvnTt3Ze+/8+ymd5fAPU+uVOCCtJiWNJeh0vG/Zo=
Subject key identifier:   09:8F:71:41:21:C2:86:59:B6:E0:75:2C:85:E0:8E:E5:7B:4B:A7:3B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7E7707B777E65B6471E25E9E9DB5943ED4CACEF3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bed4158d-91b8-4ba5-81d9-75a65b550b92.roa
Signing time:             Fri 26 Sep 2025 18:21:08 +0000
ROA not before:           Fri 26 Sep 2025 18:21:08 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:60c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:77:07:b7:77:e6:5b:64:71:e2:5e:9e:9d:b5:94:3e:d4:ca:ce:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:21:08 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=1707bae6a8c78e4ac03bdfaa5030d453accd883372f378b3c9cb25873b55f5f0, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c5:5f:0a:2a:ea:e7:10:27:bf:95:49:77:de:
                    a5:de:16:52:20:9b:53:56:ac:35:fe:18:d5:cd:3f:
                    82:a2:f9:a8:0f:cf:52:7d:01:17:60:58:2b:01:41:
                    2a:1e:96:6f:4c:93:11:13:e4:a9:03:fb:db:61:86:
                    bb:18:ea:25:99:79:27:8e:1d:b4:e3:c2:63:a4:f0:
                    60:00:ca:e0:be:1e:2c:f8:ac:cf:64:a8:92:76:ed:
                    8d:ae:11:a2:3c:a0:99:c7:72:10:d3:c1:ef:d8:fd:
                    0c:17:b2:a2:91:9d:cd:8e:1f:f5:e5:3d:7e:72:5d:
                    33:83:99:ad:6d:3e:a3:47:48:92:7a:96:55:f1:76:
                    22:7d:64:74:8e:6d:33:a6:88:bd:58:d3:d5:3d:d8:
                    f2:16:2b:c4:d4:f2:48:1b:8b:4b:b2:3b:2d:c3:c9:
                    b1:bb:24:61:14:02:dc:9d:e5:85:66:03:68:c1:a6:
                    2c:2b:48:38:26:75:fb:6d:47:9a:54:f8:bc:dd:e8:
                    8d:4c:4a:de:c1:8a:b4:3e:2a:9f:87:49:29:5b:ee:
                    d2:ac:3f:a0:38:91:19:ff:76:c8:bd:b5:e0:1b:c9:
                    76:13:95:de:ed:5c:5a:1f:81:e6:d9:af:44:2e:3c:
                    73:55:61:8f:c6:2f:87:bb:6c:d8:63:3e:d7:3c:a3:
                    70:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:8F:71:41:21:C2:86:59:B6:E0:75:2C:85:E0:8E:E5:7B:4B:A7:3B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bed4158d-91b8-4ba5-81d9-75a65b550b92.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:60c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:26:db:12:2f:a8:2c:a2:62:b0:23:20:6f:2f:b1:6a:90:3e:
         2b:bd:3d:48:8a:b9:e6:26:be:05:be:9b:06:e8:61:5e:29:17:
         a9:55:9d:40:f7:b7:41:c6:98:be:be:e0:1f:c2:68:1d:a0:50:
         e9:f3:7c:7c:56:01:15:c9:55:58:b0:84:02:07:fa:c6:00:d0:
         ba:88:a1:c1:2c:a5:31:23:5f:cc:93:96:f8:36:87:8c:3a:cf:
         95:f6:87:32:01:6c:60:5a:ca:e6:aa:2a:79:53:de:b1:d9:34:
         b5:1b:b0:cd:2d:78:c8:b7:be:fd:21:30:43:f1:30:48:2a:17:
         3c:fc:63:0e:97:ca:ec:49:d7:d7:e8:1d:9d:43:43:1e:d8:db:
         78:f6:1c:dc:80:6e:80:88:b0:9c:d5:75:ef:90:0a:65:65:35:
         d9:d0:36:9b:62:04:ff:9e:df:c8:21:72:7c:10:8c:b4:63:c7:
         65:ca:72:4f:77:a5:02:b8:0f:aa:91:7c:b4:7c:56:6d:65:11:
         53:4c:b1:3c:b5:b4:01:bb:c1:83:6a:53:59:f6:75:7c:58:bf:
         80:eb:b0:40:c1:95:26:d7:eb:96:15:04:02:19:d2:82:72:2e:
         0d:d7:f1:b2:0b:16:1d:a5:af:d1:de:96:6d:cb:a4:82:6c:1e:
         a9:37:c1:cb
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUfncHt3fmW2Rx4l6enbWUPtTKzvMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODIxMDhaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDE3MDdiYWU2YThjNzhlNGFjMDNiZGZhYTUwMzBkNDUzYWNjZDg4MzM3MmYz
NzhiM2M5Y2IyNTg3M2I1NWY1ZjAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIrFXwoq6ucQJ7+VSXfepd4WUiCbU1asNf4Y1c0/gqL5qA/PUn0BF2BYKwFB
Kh6Wb0yTERPkqQP722GGuxjqJZl5J44dtOPCY6TwYADK4L4eLPisz2Soknbtja4R
ojygmcdyENPB79j9DBeyopGdzY4f9eU9fnJdM4OZrW0+o0dIknqWVfF2In1kdI5t
M6aIvVjT1T3Y8hYrxNTySBuLS7I7LcPJsbskYRQC3J3lhWYDaMGmLCtIOCZ1+21H
mlT4vN3ojUxK3sGKtD4qn4dJKVvu0qw/oDiRGf92yL214BvJdhOV3u1cWh+B5tmv
RC48c1Vhj8Yvh7ts2GM+1zyjcI0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQJj3FB
IcKGWbbgdSyF4I7le0unOzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmVkNDE1OGQtOTFiOC00YmE1LTgxZDktNzVhNjViNTUwYjkyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ABg
wDANBgkqhkiG9w0BAQsFAAOCAQEAcCbbEi+oLKJisCMgby+xapA+K709SIq55ia+
Bb6bBuhhXikXqVWdQPe3QcaYvr7gH8JoHaBQ6fN8fFYBFclVWLCEAgf6xgDQuoih
wSylMSNfzJOW+DaHjDrPlfaHMgFsYFrK5qoqeVPesdk0tRuwzS14yLe+/SEwQ/Ew
SCoXPPxjDpfK7EnX1+gdnUNDHtjbePYc3IBugIiwnNV175AKZWU12dA2m2IE/57f
yCFyfBCMtGPHZcpyT3elArgPqpF8tHxWbWURU0yxPLW0AbvBg2pTWfZ1fFi/gOuw
QMGVJtfrlhUEAhnSgnIuDdfxsgsWHaWv0d6WbcukgmweqTfByw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:20 2025 by rpki-client