Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf0cf493-d65d-4886-a341-bcbb40fbf10b.roa
File:                     bf0cf493-d65d-4886-a341-bcbb40fbf10b.roa (raw, json)
Hash identifier:          6eV7GJfqWz2SM9N4yLAlLp2kx9kLwyOeeVS8EInr1Tc=
Subject key identifier:   E6:26:B0:89:FE:4F:C7:24:DA:AA:71:1F:39:C6:87:BA:ED:55:E9:35
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7A2108B1BC04D74495C1F54D0DE56CF8C34C9AC9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf0cf493-d65d-4886-a341-bcbb40fbf10b.roa
Signing time:             Mon 13 Oct 2025 17:55:56 +0000
ROA not before:           Mon 13 Oct 2025 17:55:56 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d074:4000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:21:08:b1:bc:04:d7:44:95:c1:f5:4d:0d:e5:6c:f8:c3:4c:9a:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 13 17:55:56 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=3016b23c4300b9ea0dd597e89ce76c37c233d80c428b54d1baac4b336259490a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:86:0a:2a:23:2c:bc:e8:7b:51:43:4e:e8:e1:
                    18:1b:2b:65:83:58:10:e5:97:41:d3:e3:8d:3a:cb:
                    83:d4:6b:d5:96:db:66:79:d7:ce:f1:85:1e:38:90:
                    60:4e:46:dc:f8:83:db:b4:16:22:c0:b4:f5:1d:87:
                    d5:30:e2:ca:af:3b:11:ec:90:0e:d1:66:20:02:84:
                    85:6d:59:4f:58:f6:c2:b9:99:ad:bd:10:62:46:4b:
                    d0:27:62:e9:89:77:7d:09:64:31:50:60:99:b5:89:
                    5d:c1:0d:62:2a:3a:87:a1:83:86:b1:df:16:87:54:
                    5d:4d:78:64:19:16:e4:ad:8c:c1:18:f6:24:9b:42:
                    90:08:fe:93:5f:bb:87:eb:ec:9f:40:0e:0c:fe:b4:
                    da:68:4a:be:ca:00:e6:ad:cc:21:d4:91:9a:d3:90:
                    8b:c7:2d:8a:35:59:25:f3:cd:ff:0d:34:02:8a:47:
                    4d:04:86:44:30:96:f0:f8:c7:a4:21:9e:3c:5f:49:
                    42:e1:f5:51:3e:07:8b:06:19:6f:93:01:2b:a1:e1:
                    0a:04:45:ed:8e:38:05:b2:fd:fe:32:8f:cb:19:6e:
                    60:c6:12:fe:a1:2b:b3:6e:c4:bf:ae:64:d0:e7:b6:
                    4b:d2:82:89:80:63:09:44:0e:a2:fb:5d:9c:e1:81:
                    30:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:26:B0:89:FE:4F:C7:24:DA:AA:71:1F:39:C6:87:BA:ED:55:E9:35
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf0cf493-d65d-4886-a341-bcbb40fbf10b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d074:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         36:d8:f8:aa:50:ee:ab:c7:91:91:19:eb:bb:72:18:2e:9f:a5:
         22:80:85:da:e5:54:49:6d:40:a1:c7:9a:fe:3a:c7:1d:2f:ce:
         93:37:ce:34:73:14:c1:db:88:4d:84:c9:49:5c:d9:2a:66:22:
         47:9b:e9:f7:7f:c8:9a:c2:49:f4:c8:af:2f:52:9d:14:6a:d5:
         4c:fe:e8:c4:5d:1a:52:aa:2c:69:4e:62:95:80:72:4e:a2:31:
         12:12:c0:47:1d:aa:06:75:55:5b:6c:22:1c:68:58:b6:8c:df:
         9a:06:47:fb:83:75:c2:4c:e0:0d:29:77:6d:f1:d2:79:65:7a:
         79:ed:85:19:20:ba:f4:43:30:d6:4d:7f:23:9b:15:29:e6:24:
         ef:42:7a:f0:f5:b2:cb:60:24:f8:9d:64:9d:82:06:f0:80:e7:
         e3:f5:e7:68:b5:41:29:3f:6b:bd:b3:d6:79:93:65:d9:80:c4:
         1d:70:41:3e:9d:ad:d9:d5:f9:f3:15:8c:cd:5e:53:db:8d:6d:
         5b:3e:51:6a:43:b5:bd:0e:82:ed:b7:50:73:8b:50:5e:dc:2c:
         68:50:f4:76:fe:d0:c1:f4:58:11:8a:94:46:07:44:2c:a9:0f:
         e6:09:5f:c3:af:ca:4a:f5:54:05:94:70:10:3e:53:50:3e:f1:
         90:74:9b:14
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUeiEIsbwE10SVwfVNDeVs+MNMmskwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxNzU1NTZaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDMwMTZiMjNjNDMwMGI5ZWEwZGQ1OTdlODljZTc2YzM3YzIzM2Q4MGM0Mjhi
NTRkMWJhYWM0YjMzNjI1OTQ5MGExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMGGCiojLLzoe1FDTujhGBsrZYNYEOWXQdPjjTrLg9Rr1ZbbZnnXzvGFHjiQ
YE5G3PiD27QWIsC09R2H1TDiyq87EeyQDtFmIAKEhW1ZT1j2wrmZrb0QYkZL0Cdi
6Yl3fQlkMVBgmbWJXcENYio6h6GDhrHfFodUXU14ZBkW5K2MwRj2JJtCkAj+k1+7
h+vsn0AODP602mhKvsoA5q3MIdSRmtOQi8ctijVZJfPN/w00AopHTQSGRDCW8PjH
pCGePF9JQuH1UT4HiwYZb5MBK6HhCgRF7Y44BbL9/jKPyxluYMYS/qErs27Ev65k
0Oe2S9KCiYBjCUQOovtdnOGBMLMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTmJrCJ
/k/HJNqqcR85xoe67VXpNTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmYwY2Y0OTMtZDY1ZC00ODg2LWEzNDEtYmNiYjQwZmJmMTBiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HRA
MA0GCSqGSIb3DQEBCwUAA4IBAQA22PiqUO6rx5GRGeu7chgun6UigIXa5VRJbUCh
x5r+OscdL86TN840cxTB24hNhMlJXNkqZiJHm+n3f8iawkn0yK8vUp0UatVM/ujE
XRpSqixpTmKVgHJOojESEsBHHaoGdVVbbCIcaFi2jN+aBkf7g3XCTOANKXdt8dJ5
ZXp57YUZILr0QzDWTX8jmxUp5iTvQnrw9bLLYCT4nWSdggbwgOfj9edotUEpP2u9
s9Z5k2XZgMQdcEE+na3Z1fnzFYzNXlPbjW1bPlFqQ7W9DoLtt1Bzi1Be3CxoUPR2
/tDB9FgRipRGB0QsqQ/mCV/Dr8pK9VQFlHAQPlNQPvGQdJsU
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:57 2025 by rpki-client