Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c056757c-bb27-4ef4-91ff-67b9307d3085.roa
File:                     c056757c-bb27-4ef4-91ff-67b9307d3085.roa (raw, json)
Hash identifier:          D4esaG6X0NIiblCNbEFyAPntgI09DTwkw8WkHftZwT4=
Subject key identifier:   A5:95:75:54:74:3E:DC:88:C4:AA:6F:4C:43:F6:64:0D:F0:1C:B3:AD
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       45D10C1DEE19C03F0EDEBD379FAF97A4E2E81A13
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c056757c-bb27-4ef4-91ff-67b9307d3085.roa
Signing time:             Fri 26 Sep 2025 19:00:06 +0000
ROA not before:           Fri 26 Sep 2025 19:00:06 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:50c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:d1:0c:1d:ee:19:c0:3f:0e:de:bd:37:9f:af:97:a4:e2:e8:1a:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:00:06 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=2215d582bc94d42348bfc5e31d65b8596d0f5e8c54b4bf774e8835820105948c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:77:20:0a:13:70:e6:02:a1:68:ff:26:0b:e9:
                    7e:ea:5e:89:69:3b:59:74:f5:ff:f4:63:35:db:ed:
                    33:ca:58:6d:e2:95:32:9a:b7:ee:ea:f6:5d:63:33:
                    d0:e0:30:69:05:ac:e2:6f:cf:97:89:f0:eb:cd:00:
                    a3:7b:4f:03:1c:35:54:0f:b7:e9:73:48:56:ed:1d:
                    fd:ec:fe:c3:f9:09:ed:df:77:ae:a5:dd:39:c0:88:
                    07:69:c3:27:57:61:9a:57:0f:fe:dd:d0:42:14:b7:
                    fd:49:34:aa:eb:10:58:ab:e2:35:22:a9:68:4b:9c:
                    dd:65:d5:59:f0:2b:5c:75:4f:ba:a4:88:2f:3f:f3:
                    72:50:da:0b:a1:db:0b:6b:89:51:b2:c5:57:02:1a:
                    28:71:c3:57:3f:74:0b:a6:8c:02:b5:e7:3f:69:59:
                    b5:93:24:e8:d5:13:3f:21:05:e1:3f:d5:4a:d1:8f:
                    2f:46:6a:6d:de:50:c8:9d:91:18:05:4d:bf:e1:73:
                    dc:28:a3:f2:42:6f:1b:3d:bf:cb:b6:91:10:b0:26:
                    60:4b:5c:bd:24:df:28:17:5b:a3:35:0d:f2:1b:a2:
                    82:1e:a9:51:20:4f:70:50:0f:73:7c:b5:1e:f5:ac:
                    61:b5:23:e6:cf:52:28:d9:b4:b8:32:1a:c4:31:06:
                    cd:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:95:75:54:74:3E:DC:88:C4:AA:6F:4C:43:F6:64:0D:F0:1C:B3:AD
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c056757c-bb27-4ef4-91ff-67b9307d3085.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:50c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:93:52:12:49:38:d4:9f:ee:7a:16:44:50:96:01:d3:07:0c:
         a6:8d:10:4f:43:29:a3:12:e6:53:83:91:4f:f4:50:53:74:18:
         1f:51:e5:3c:f2:80:71:d6:e1:04:29:43:8b:b3:53:5e:14:d5:
         80:2e:05:25:2a:ee:49:40:1e:be:7c:f4:3a:69:9c:ef:d1:b4:
         e9:64:7e:f9:4d:20:39:c3:a2:7f:71:d1:bb:45:21:f3:48:85:
         f4:eb:17:73:22:e9:12:f4:1a:7c:19:ee:67:ad:d8:a2:17:82:
         dd:33:db:d0:fb:b2:b0:9b:e2:3b:0e:48:db:ae:65:68:70:cb:
         09:58:2b:ed:bc:70:7e:b2:da:08:7d:a6:6d:8e:a8:10:e7:b9:
         72:18:de:bd:29:9f:59:9b:e9:53:eb:ec:9f:bc:11:ba:a1:9e:
         8d:de:c7:69:62:ac:c1:90:2d:b0:49:c2:87:27:f9:dc:24:ed:
         e1:c4:55:d4:bf:74:d8:7d:10:a5:ff:07:7e:e8:f7:70:5f:60:
         81:ea:f7:78:dd:51:e8:94:17:a9:14:9a:79:2c:a9:85:f8:fe:
         78:a9:16:aa:8b:f9:bc:8b:9b:f8:03:18:b2:6f:ee:7f:78:71:
         c5:b1:41:d4:44:b8:d8:e2:5f:ab:a8:89:1e:b8:57:42:a5:e4:
         57:39:30:c2
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIURdEMHe4ZwD8O3r03n6+XpOLoGhMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTAwMDZaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDIyMTVkNTgyYmM5NGQ0MjM0OGJmYzVlMzFkNjViODU5NmQwZjVlOGM1NGI0
YmY3NzRlODgzNTgyMDEwNTk0OGMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMZ3IAoTcOYCoWj/JgvpfupeiWk7WXT1//RjNdvtM8pYbeKVMpq37ur2XWMz
0OAwaQWs4m/Pl4nw680Ao3tPAxw1VA+36XNIVu0d/ez+w/kJ7d93rqXdOcCIB2nD
J1dhmlcP/t3QQhS3/Uk0qusQWKviNSKpaEuc3WXVWfArXHVPuqSILz/zclDaC6Hb
C2uJUbLFVwIaKHHDVz90C6aMArXnP2lZtZMk6NUTPyEF4T/VStGPL0Zqbd5QyJ2R
GAVNv+Fz3Cij8kJvGz2/y7aRELAmYEtcvSTfKBdbozUN8huigh6pUSBPcFAPc3y1
HvWsYbUj5s9SKNm0uDIaxDEGzc8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSllXVU
dD7ciMSqb0xD9mQN8ByzrTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzA1Njc1N2MtYmIyNy00ZWY0LTkxZmYtNjdiOTMwN2QzMDg1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ABQ
wDANBgkqhkiG9w0BAQsFAAOCAQEAW5NSEkk41J/uehZEUJYB0wcMpo0QT0MpoxLm
U4ORT/RQU3QYH1HlPPKAcdbhBClDi7NTXhTVgC4FJSruSUAevnz0Ommc79G06WR+
+U0gOcOif3HRu0Uh80iF9OsXcyLpEvQafBnuZ63YoheC3TPb0PuysJviOw5I265l
aHDLCVgr7bxwfrLaCH2mbY6oEOe5chjevSmfWZvpU+vsn7wRuqGejd7HaWKswZAt
sEnChyf53CTt4cRV1L902H0Qpf8Hfuj3cF9gger3eN1R6JQXqRSaeSyphfj+eKkW
qov5vIub+AMYsm/uf3hxxbFB1ES42OJfq6iJHrhXQqXkVzkwwg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:46 2025 by rpki-client