Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c153f994-19fd-4682-b6f7-f4e92e6144ea.roa
File:                     c153f994-19fd-4682-b6f7-f4e92e6144ea.roa (raw, json)
Hash identifier:          HHE/gz1yl6k2r4hX8/0gg8SzfKHlppnO6EPg//iRZ80=
Subject key identifier:   09:D0:E3:AA:9B:9C:C6:A3:D9:CA:E8:5A:7F:65:81:1B:C2:8E:33:FD
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3B7F760A97F7B2F47D0A4D4A1E69CEAF0C2F72D2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c153f994-19fd-4682-b6f7-f4e92e6144ea.roa
Signing time:             Fri 26 Sep 2025 19:51:38 +0000
ROA not before:           Fri 26 Sep 2025 19:51:38 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d01c:c00::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:7f:76:0a:97:f7:b2:f4:7d:0a:4d:4a:1e:69:ce:af:0c:2f:72:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:51:38 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=55fcc4a25cc49f610d0fbd1032faf13bddc1a809ebde204c89b4b66b8f4a25ef, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:7e:40:84:49:c7:1a:56:87:69:62:0c:16:3a:
                    61:f9:41:66:49:07:1a:75:1f:00:2e:a6:c7:26:1a:
                    0f:e1:d1:fe:af:6b:19:44:4a:04:53:65:d4:75:82:
                    95:53:05:09:3f:4f:24:73:98:3d:da:b0:dd:e3:60:
                    8e:fc:73:04:8d:45:45:7b:31:a5:d9:95:fe:73:ce:
                    8a:a4:18:f7:3c:20:f7:e3:8e:01:40:e0:3d:fb:e7:
                    23:e9:96:58:7a:bd:ef:69:31:15:f4:5a:8a:a6:8f:
                    da:c1:ff:30:59:9a:8f:b6:64:13:43:ed:7b:cd:54:
                    85:a8:26:06:25:8f:91:6e:28:9f:16:5f:4c:a7:a7:
                    79:d3:b5:2d:91:bd:80:ed:af:8b:19:82:dc:a7:b3:
                    3b:0d:2d:8a:ca:f9:67:c9:85:b4:92:e1:36:30:9b:
                    4b:03:3d:23:74:13:34:bb:03:91:70:17:28:52:52:
                    6b:a4:ee:0d:95:93:89:5a:8d:94:ff:6d:79:1c:f6:
                    8b:10:18:8e:9f:25:e7:90:13:3b:a0:f6:e7:6a:7d:
                    05:0f:1a:d7:84:70:0e:98:1f:20:45:79:86:9a:84:
                    9e:fe:be:05:d1:07:06:90:09:e1:67:9a:62:33:c4:
                    fd:0e:ca:ca:00:1e:c5:60:c3:e8:5e:49:da:5a:04:
                    84:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:D0:E3:AA:9B:9C:C6:A3:D9:CA:E8:5A:7F:65:81:1B:C2:8E:33:FD
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c153f994-19fd-4682-b6f7-f4e92e6144ea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d01c:c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         1f:87:a0:b0:25:ec:b1:d4:ba:07:82:99:a7:5a:f8:f9:86:f3:
         79:24:83:8c:56:95:d7:b2:bc:7f:2a:b3:82:95:93:76:e1:05:
         fe:52:65:f9:a1:37:0b:c7:05:91:0d:82:34:63:62:cd:5a:36:
         51:29:f8:7a:49:ea:6d:5b:4c:c0:4c:6a:d1:d2:2e:3a:5f:ef:
         1f:5f:5b:69:12:90:06:57:c7:50:d9:14:83:c0:27:ec:47:f4:
         32:b1:83:2d:67:43:22:42:4d:59:55:37:72:b2:b2:92:c3:f9:
         68:45:1a:95:93:12:b2:56:f0:8d:f6:c6:9f:2c:c2:2f:9c:83:
         27:0c:36:99:cd:42:c3:e0:a6:3d:e5:de:1e:1b:4e:30:97:16:
         8c:c1:a2:21:38:2b:4f:b7:4b:4d:97:0f:48:30:3f:02:47:f1:
         f7:c8:56:2d:ce:47:b7:cb:1a:ac:70:82:e0:dd:f6:e9:6a:cc:
         5a:24:64:2c:b3:e9:91:71:a5:6f:40:b7:68:35:68:1f:3f:0f:
         9f:ec:e1:98:06:fa:a1:ca:ff:d5:8b:bb:d9:c1:a1:65:56:a6:
         58:65:46:bd:e3:0f:96:6e:fe:7c:b7:d4:e6:ef:b2:d4:bd:e1:
         6c:b7:4a:12:f0:62:43:ba:27:37:6f:0e:9e:f3:a4:29:47:8f:
         68:a8:bc:8b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUO392Cpf3svR9Ck1KHmnOrwwvctIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTUxMzhaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDU1ZmNjNGEyNWNjNDlmNjEwZDBmYmQxMDMyZmFmMTNiZGRjMWE4MDllYmRl
MjA0Yzg5YjRiNjZiOGY0YTI1ZWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMF+QIRJxxpWh2liDBY6YflBZkkHGnUfAC6mxyYaD+HR/q9rGURKBFNl1HWC
lVMFCT9PJHOYPdqw3eNgjvxzBI1FRXsxpdmV/nPOiqQY9zwg9+OOAUDgPfvnI+mW
WHq972kxFfRaiqaP2sH/MFmaj7ZkE0Pte81UhagmBiWPkW4onxZfTKenedO1LZG9
gO2vixmC3KezOw0tisr5Z8mFtJLhNjCbSwM9I3QTNLsDkXAXKFJSa6TuDZWTiVqN
lP9teRz2ixAYjp8l55ATO6D252p9BQ8a14RwDpgfIEV5hpqEnv6+BdEHBpAJ4Wea
YjPE/Q7KygAexWDD6F5J2loEhDsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQJ0OOq
m5zGo9nK6Fp/ZYEbwo4z/TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzE1M2Y5OTQtMTlmZC00NjgyLWI2ZjctZjRlOTJlNjE0NGVhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BwM
MA0GCSqGSIb3DQEBCwUAA4IBAQAfh6CwJeyx1LoHgpmnWvj5hvN5JIOMVpXXsrx/
KrOClZN24QX+UmX5oTcLxwWRDYI0Y2LNWjZRKfh6SeptW0zATGrR0i46X+8fX1tp
EpAGV8dQ2RSDwCfsR/QysYMtZ0MiQk1ZVTdysrKSw/loRRqVkxKyVvCN9safLMIv
nIMnDDaZzULD4KY95d4eG04wlxaMwaIhOCtPt0tNlw9IMD8CR/H3yFYtzke3yxqs
cILg3fbpasxaJGQss+mRcaVvQLdoNWgfPw+f7OGYBvqhyv/Vi7vZwaFlVqZYZUa9
4w+Wbv58t9Tm77LUveFst0oS8GJDuic3bw6e86QpR49oqLyL
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:14 2025 by rpki-client