Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c1ddcd29-5dff-414a-8d78-2ea6872d3cfc.roa
File:                     c1ddcd29-5dff-414a-8d78-2ea6872d3cfc.roa (raw, json)
Hash identifier:          KbAZNu5IHNOBBSIQ52JkO0JH7yuzELdg1UZa9RhYa5Q=
Subject key identifier:   14:14:73:50:13:23:9C:5F:02:7F:90:58:A5:6B:51:A2:C9:11:FE:C3
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       63A3E1CAB660101BCFA465180CBBAC9D8699375E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c1ddcd29-5dff-414a-8d78-2ea6872d3cfc.roa
Signing time:             Fri 17 Oct 2025 21:10:13 +0000
ROA not before:           Fri 17 Oct 2025 21:10:13 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:c000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:a3:e1:ca:b6:60:10:1b:cf:a4:65:18:0c:bb:ac:9d:86:99:37:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 17 21:10:13 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=52540ea6910af078d0e55f6040ec0e41cc9523b1bbb1f7c7d08181cdcfa01abf, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:2f:97:25:fc:69:6c:38:89:66:74:75:36:de:
                    18:ef:11:aa:49:c2:38:61:5e:bf:1d:1e:e0:38:1d:
                    67:e9:e3:8e:4a:c9:6b:6f:a4:72:f1:0a:c2:d1:02:
                    bd:ef:97:37:1a:b5:c5:49:1f:bd:1a:88:46:1a:93:
                    d1:ee:14:74:c4:bd:35:75:bf:c5:27:7b:b1:20:df:
                    a6:db:78:6f:8b:34:cd:d2:d8:21:b8:d0:5b:59:f3:
                    7e:3b:6c:c0:51:91:7a:dc:b2:ff:1b:a2:74:09:ba:
                    f9:7e:a6:d7:05:aa:00:f4:b7:31:f7:28:99:50:cb:
                    c0:6a:fa:2a:f1:22:ac:e9:7a:ca:77:7f:4b:3f:86:
                    86:22:62:3c:f2:3d:01:f1:28:21:1a:44:56:9f:fa:
                    6c:39:69:a3:71:d8:07:7b:3b:07:eb:80:d6:93:b1:
                    37:e4:c6:09:77:19:a2:d5:c7:70:3a:01:54:9c:14:
                    43:80:5b:c8:a4:3d:b4:c6:48:cf:d0:5a:06:c7:ae:
                    df:db:5a:0e:82:1e:2d:3d:b2:bc:fb:13:c1:f1:07:
                    bb:17:12:e0:da:ce:42:b1:85:24:f4:48:7f:56:cf:
                    c4:48:50:d1:7b:e4:56:38:ce:72:0e:ef:0e:c6:0e:
                    c8:5c:41:59:66:40:fb:8a:81:41:b0:90:9a:72:6c:
                    78:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:14:73:50:13:23:9C:5F:02:7F:90:58:A5:6B:51:A2:C9:11:FE:C3
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c1ddcd29-5dff-414a-8d78-2ea6872d3cfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         67:a5:e9:e8:3c:e4:54:d0:19:79:50:ea:49:38:92:5a:1f:69:
         76:35:60:f1:8a:bb:d5:08:f7:24:c2:c1:5d:c6:ed:b7:3b:81:
         55:eb:63:68:b3:f9:77:9d:d8:31:1d:c2:52:67:f4:84:57:45:
         94:ae:18:3d:3c:2d:fd:19:7c:14:76:4c:a1:c3:4c:7c:3e:27:
         9d:37:09:02:fc:49:c2:99:31:29:c4:bf:5b:ca:85:7c:5f:f1:
         d9:4b:46:fc:49:a7:d8:64:d3:ce:80:ee:35:3b:f0:12:31:3a:
         1f:f1:4b:72:9d:21:ea:8c:02:8a:26:f6:23:90:69:8a:bc:cf:
         59:7a:de:20:7a:ea:23:28:e2:a5:ba:b3:18:92:a1:ae:9a:0c:
         ac:62:03:9e:7e:32:25:af:21:62:bf:b7:61:9a:7b:42:b9:01:
         34:ca:5c:8a:00:66:59:9f:5f:01:11:e9:bd:81:df:c8:3a:01:
         76:12:94:1d:7f:e6:46:ce:3f:9e:81:73:26:1a:da:c0:31:f3:
         24:2e:6a:df:29:96:ec:d7:02:3d:08:72:fd:e7:a1:64:5c:4f:
         8d:b1:6b:52:86:85:eb:74:d6:1b:ac:a3:59:36:e0:8d:63:c1:
         b2:cd:e9:04:54:b2:a3:62:39:a4:b8:69:19:64:d3:cf:b3:9c:
         7b:7f:39:a4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUY6PhyrZgEBvPpGUYDLusnYaZN14wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTcyMTEwMTNaFw0yNTExMjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDUyNTQwZWE2OTEwYWYwNzhkMGU1NWY2MDQwZWMwZTQxY2M5NTIzYjFiYmIx
ZjdjN2QwODE4MWNkY2ZhMDFhYmYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL4vlyX8aWw4iWZ0dTbeGO8RqknCOGFevx0e4DgdZ+njjkrJa2+kcvEKwtEC
ve+XNxq1xUkfvRqIRhqT0e4UdMS9NXW/xSd7sSDfptt4b4s0zdLYIbjQW1nzfjts
wFGRetyy/xuidAm6+X6m1wWqAPS3MfcomVDLwGr6KvEirOl6ynd/Sz+GhiJiPPI9
AfEoIRpEVp/6bDlpo3HYB3s7B+uA1pOxN+TGCXcZotXHcDoBVJwUQ4BbyKQ9tMZI
z9BaBseu39taDoIeLT2yvPsTwfEHuxcS4NrOQrGFJPRIf1bPxEhQ0XvkVjjOcg7v
DsYOyFxBWWZA+4qBQbCQmnJseEcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQUFHNQ
EyOcXwJ/kFila1GiyRH+wzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzFkZGNkMjktNWRmZi00MTRhLThkNzgtMmVhNjg3MmQzY2ZjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DXA
MA0GCSqGSIb3DQEBCwUAA4IBAQBnpenoPORU0Bl5UOpJOJJaH2l2NWDxirvVCPck
wsFdxu23O4FV62Nos/l3ndgxHcJSZ/SEV0WUrhg9PC39GXwUdkyhw0x8PiedNwkC
/EnCmTEpxL9byoV8X/HZS0b8SafYZNPOgO41O/ASMTof8UtynSHqjAKKJvYjkGmK
vM9Zet4geuojKOKlurMYkqGumgysYgOefjIlryFiv7dhmntCuQE0ylyKAGZZn18B
Eem9gd/IOgF2EpQdf+ZGzj+egXMmGtrAMfMkLmrfKZbs1wI9CHL956FkXE+NsWtS
hoXrdNYbrKNZNuCNY8GyzekEVLKjYjmkuGkZZNPPs5x7fzmk
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:58 2025 by rpki-client