Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bfae711e-b0c4-404f-be1f-a99990818ac6.roa
File:                     bfae711e-b0c4-404f-be1f-a99990818ac6.roa (raw, json)
Hash identifier:          BUqAd/H6BLVBG3bTI03IFXUXQ5rp9QitOYkMSok2rsM=
Subject key identifier:   02:F7:97:6B:A5:06:C0:98:25:48:E9:99:B2:17:64:B0:78:F7:95:07
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       322A6DC610A2E0772357F41B4365CBF06243B61A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bfae711e-b0c4-404f-be1f-a99990818ac6.roa
Signing time:             Fri 26 Sep 2025 20:10:23 +0000
ROA not before:           Fri 26 Sep 2025 20:10:23 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        79.125.0.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:2a:6d:c6:10:a2:e0:77:23:57:f4:1b:43:65:cb:f0:62:43:b6:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 20:10:23 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=2795c65a233dfb98eb5088b377958d34de0ae6cdfb47f3625950e650f62d2607, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:bd:50:ba:97:8a:f7:7f:80:23:48:f4:90:65:
                    d6:eb:af:31:be:98:3c:96:7d:8e:04:62:58:54:b8:
                    2c:1b:76:88:35:72:f0:4b:7d:17:73:32:c5:7b:06:
                    0c:b5:e2:56:7f:a1:36:4b:8a:33:5d:ff:ba:d9:ff:
                    ef:8f:c1:35:11:75:62:96:b0:c2:ec:3a:56:4e:c6:
                    70:b6:9a:38:ed:23:90:3b:52:9f:70:c9:b6:60:72:
                    d3:2c:72:62:ff:46:e7:fc:98:4e:1f:5e:75:69:9b:
                    bd:bf:0d:00:4b:8e:14:f6:82:2c:ce:94:bf:c9:7f:
                    6f:10:bd:8d:7d:96:fc:b0:1b:1c:8f:84:61:21:78:
                    ab:09:dd:34:80:18:52:f3:74:d8:b3:c4:f0:91:69:
                    29:14:78:67:55:8c:d1:65:94:ea:67:50:24:a8:43:
                    84:30:2d:de:1c:fa:74:c0:28:ce:73:9c:b2:10:06:
                    e5:15:d8:73:fb:53:86:be:d5:2a:8e:1d:49:66:39:
                    11:b5:b3:23:7b:02:d6:5f:7c:87:54:de:30:d1:8a:
                    9c:d2:b8:9d:07:20:aa:84:b0:63:41:e4:0e:56:e3:
                    7c:bc:39:63:06:c7:ee:f0:21:dc:37:91:1c:1f:2d:
                    22:c8:2e:43:b2:5e:1f:d1:05:65:5b:36:c3:33:7e:
                    16:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:F7:97:6B:A5:06:C0:98:25:48:E9:99:B2:17:64:B0:78:F7:95:07
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bfae711e-b0c4-404f-be1f-a99990818ac6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.125.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:7a:36:61:cd:38:09:ea:8f:f6:98:fe:93:f4:45:98:e3:23:
         ba:d5:40:89:4f:74:9c:42:af:37:69:ed:76:6f:16:dd:b1:05:
         c0:60:51:67:c0:7a:10:bc:80:4d:72:73:41:f5:10:bb:75:fb:
         bd:23:67:0d:3c:e5:b2:dc:78:1b:46:13:cd:a2:bf:e9:31:2b:
         87:62:4d:88:d9:e7:31:fc:21:1c:6d:e9:45:4b:09:7f:12:08:
         5b:7d:96:c8:80:2e:03:61:0a:0c:16:89:26:90:42:91:20:86:
         9e:1b:57:7a:f6:97:a4:10:24:47:53:1f:e6:50:c6:e1:3c:fe:
         fa:f0:7a:41:69:f5:06:21:3d:c2:09:59:f0:b0:ed:20:8d:db:
         f2:21:7e:ec:be:68:f7:95:f9:e7:a0:c8:b5:82:98:3e:05:20:
         fc:a9:4d:dc:20:3d:48:23:b5:51:8c:3a:2d:b4:82:c7:57:6e:
         11:61:f5:86:c2:29:65:42:b7:fc:35:47:3f:8a:fa:4b:93:30:
         53:37:a8:af:65:49:9c:31:f4:0a:3a:83:83:23:c4:0a:08:e8:
         a0:b4:0b:cc:e9:8e:35:df:8f:67:ef:c5:2d:b0:da:6a:57:cb:
         f3:5b:43:8e:a4:44:0b:9c:f2:5c:83:b8:82:b6:b3:1c:2a:18:
         8b:69:f6:09
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUMiptxhCi4HcjV/QbQ2XL8GJDthowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDEwMjNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDI3OTVjNjVhMjMzZGZiOThlYjUwODhiMzc3OTU4ZDM0ZGUwYWU2Y2RmYjQ3
ZjM2MjU5NTBlNjUwZjYyZDI2MDcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKi9ULqXivd/gCNI9JBl1uuvMb6YPJZ9jgRiWFS4LBt2iDVy8Et9F3MyxXsG
DLXiVn+hNkuKM13/utn/74/BNRF1Ypawwuw6Vk7GcLaaOO0jkDtSn3DJtmBy0yxy
Yv9G5/yYTh9edWmbvb8NAEuOFPaCLM6Uv8l/bxC9jX2W/LAbHI+EYSF4qwndNIAY
UvN02LPE8JFpKRR4Z1WM0WWU6mdQJKhDhDAt3hz6dMAoznOcshAG5RXYc/tThr7V
Ko4dSWY5EbWzI3sC1l98h1TeMNGKnNK4nQcgqoSwY0HkDlbjfLw5YwbH7vAh3DeR
HB8tIsguQ7JeH9EFZVs2wzN+FjUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQC95dr
pQbAmCVI6ZmyF2SwePeVBzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmZhZTcxMWUtYjBjNC00MDRmLWJlMWYtYTk5OTkwODE4YWM2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAU99ADAN
BgkqhkiG9w0BAQsFAAOCAQEAF3o2Yc04CeqP9pj+k/RFmOMjutVAiU90nEKvN2nt
dm8W3bEFwGBRZ8B6ELyATXJzQfUQu3X7vSNnDTzlstx4G0YTzaK/6TErh2JNiNnn
MfwhHG3pRUsJfxIIW32WyIAuA2EKDBaJJpBCkSCGnhtXevaXpBAkR1Mf5lDG4Tz+
+vB6QWn1BiE9wglZ8LDtII3b8iF+7L5o95X556DItYKYPgUg/KlN3CA9SCO1UYw6
LbSCx1duEWH1hsIpZUK3/DVHP4r6S5MwUzeor2VJnDH0CjqDgyPECgjooLQLzOmO
Nd+PZ+/FLbDaalfL81tDjqREC5zyXIO4grazHCoYi2n2CQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:13 2025 by rpki-client