Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf5404c2-bcbe-4df4-86ce-72ceb067f666.roa
File:                     bf5404c2-bcbe-4df4-86ce-72ceb067f666.roa (raw, json)
Hash identifier:          wGcOGSHxzLS2DtmAztSXP21oSdM5kDbRPQwiVHuzReU=
Subject key identifier:   B8:FB:4F:DF:09:A3:42:BB:20:9B:BF:64:41:1F:25:68:21:01:70:02
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2507827ED0F00ED978A27C67F83A669B026A4D44
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf5404c2-bcbe-4df4-86ce-72ceb067f666.roa
Signing time:             Fri 26 Sep 2025 18:42:18 +0000
ROA not before:           Fri 26 Sep 2025 18:42:18 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:4020::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:07:82:7e:d0:f0:0e:d9:78:a2:7c:67:f8:3a:66:9b:02:6a:4d:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:42:18 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=108f85cbc345f72c1c88e6ebd5321c18179de0a71bf4ff88b1a43390b1cfba31, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:8a:cf:b2:35:6a:88:49:61:e9:81:5d:81:46:
                    38:10:99:0b:e8:c8:b8:6d:a2:64:fa:22:54:99:67:
                    df:77:20:6f:3c:e0:88:aa:9b:b7:be:2b:31:62:42:
                    e4:5a:8b:26:fc:51:f1:15:02:15:f6:e3:32:41:63:
                    f5:ac:2b:0b:b8:81:e7:f8:05:b3:a0:f6:6a:84:97:
                    9c:39:8c:99:50:b7:22:9b:0d:d7:4b:f0:17:bd:89:
                    d2:1e:4a:0e:d3:85:4d:70:95:f7:71:61:6f:f4:16:
                    13:69:77:f3:ce:3d:8d:7a:91:2c:44:be:90:bd:ad:
                    98:74:dc:fe:60:42:53:fa:5a:40:67:78:4c:a7:80:
                    56:1f:2e:e4:c5:f0:ea:c7:a8:7b:30:d7:ed:fd:0f:
                    8a:8e:3e:b9:30:5e:dd:34:1c:19:8c:c8:1e:71:95:
                    95:d8:06:12:85:0a:f2:54:23:9c:49:7a:c2:c3:1e:
                    4f:a8:77:2d:00:40:2a:42:73:d1:02:01:e1:a9:1a:
                    0b:d5:0a:22:d3:d8:96:07:83:65:8e:d2:24:c4:88:
                    59:54:83:e5:53:6f:02:e7:1d:bc:db:af:8b:a7:b1:
                    2c:8d:87:8f:75:67:0d:0c:0b:e8:b3:79:69:59:82:
                    54:8a:e4:ef:4c:d8:5a:1a:dd:c3:03:22:b2:66:ce:
                    57:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:FB:4F:DF:09:A3:42:BB:20:9B:BF:64:41:1F:25:68:21:01:70:02
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf5404c2-bcbe-4df4-86ce-72ceb067f666.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:4020::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:1a:2f:d8:7a:b3:02:84:a4:3a:67:02:2b:12:44:f9:2b:0e:
         30:9e:15:45:19:e5:af:ba:6e:d7:05:2c:be:01:94:8b:f7:2c:
         04:e9:8e:88:13:08:b6:6c:3a:59:64:84:34:1a:31:d1:da:f5:
         f1:d3:47:f9:ce:d7:72:00:67:42:d5:29:d4:81:91:96:08:cd:
         56:24:f6:72:42:15:54:ba:97:c0:f7:9f:c3:74:25:f3:b2:bb:
         33:39:e5:f8:8c:0f:ff:83:d3:f0:58:db:32:9d:34:c7:6b:6e:
         84:2c:af:0a:b4:c2:0b:2e:ab:32:2f:32:08:d6:12:31:59:77:
         c3:4d:73:b5:89:05:a0:bb:e4:1c:74:2c:c1:fa:b2:8c:64:a3:
         cf:36:26:dc:aa:63:8d:64:64:d4:1e:48:b6:7c:e9:14:90:93:
         f8:7c:ea:bd:07:a3:fc:65:b5:00:9c:45:c2:aa:3a:6f:54:a4:
         49:e8:39:95:f1:f6:25:c5:5c:cb:32:63:d9:32:e8:6b:b5:66:
         42:89:71:73:08:09:e6:a3:d7:71:0d:f5:b4:8f:a8:4a:04:a5:
         2d:8c:71:29:b4:52:00:4a:c2:5c:4f:d1:0a:c4:e8:62:6a:91:
         dd:ff:f7:a3:c4:a9:5d:da:92:44:bf:9e:d6:87:e9:77:4f:2e:
         25:50:b6:43
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUJQeCftDwDtl4onxn+DpmmwJqTUQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODQyMThaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDEwOGY4NWNiYzM0NWY3MmMxYzg4ZTZlYmQ1MzIxYzE4MTc5ZGUwYTcxYmY0
ZmY4OGIxYTQzMzkwYjFjZmJhMzExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANGKz7I1aohJYemBXYFGOBCZC+jIuG2iZPoiVJln33cgbzzgiKqbt74rMWJC
5FqLJvxR8RUCFfbjMkFj9awrC7iB5/gFs6D2aoSXnDmMmVC3IpsN10vwF72J0h5K
DtOFTXCV93Fhb/QWE2l38849jXqRLES+kL2tmHTc/mBCU/paQGd4TKeAVh8u5MXw
6seoezDX7f0Pio4+uTBe3TQcGYzIHnGVldgGEoUK8lQjnEl6wsMeT6h3LQBAKkJz
0QIB4akaC9UKItPYlgeDZY7SJMSIWVSD5VNvAucdvNuvi6exLI2Hj3VnDQwL6LN5
aVmCVIrk70zYWhrdwwMismbOV0ECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS4+0/f
CaNCuyCbv2RBHyVoIQFwAjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmY1NDA0YzItYmNiZS00ZGY0LTg2Y2UtNzJjZWIwNjdmNjY2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H9A
IDANBgkqhkiG9w0BAQsFAAOCAQEAEBov2HqzAoSkOmcCKxJE+SsOMJ4VRRnlr7pu
1wUsvgGUi/csBOmOiBMItmw6WWSENBox0dr18dNH+c7XcgBnQtUp1IGRlgjNViT2
ckIVVLqXwPefw3Ql87K7Mznl+IwP/4PT8FjbMp00x2tuhCyvCrTCCy6rMi8yCNYS
MVl3w01ztYkFoLvkHHQswfqyjGSjzzYm3KpjjWRk1B5ItnzpFJCT+HzqvQej/GW1
AJxFwqo6b1SkSeg5lfH2JcVcyzJj2TLoa7VmQolxcwgJ5qPXcQ31tI+oSgSlLYxx
KbRSAErCXE/RCsToYmqR3f/3o8SpXdqSRL+e1ofpd08uJVC2Qw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:09 2025 by rpki-client