Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c39dd71c-f22c-4bb4-9c6f-dfc8c6a02ffd.roa
File:                     c39dd71c-f22c-4bb4-9c6f-dfc8c6a02ffd.roa (raw, json)
Hash identifier:          f/YjDLCRvhL7N+G2UO0pva+cTzBtEw6ZkuZQD1wg67c=
Subject key identifier:   03:92:85:01:45:2B:F0:AC:5F:81:06:30:AB:8A:F3:27:0D:AD:FC:9C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4A78D076C2321297780812A3B5ADEF9F946C3950
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c39dd71c-f22c-4bb4-9c6f-dfc8c6a02ffd.roa
Signing time:             Fri 26 Sep 2025 19:38:53 +0000
ROA not before:           Fri 26 Sep 2025 19:38:53 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07e:a000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:78:d0:76:c2:32:12:97:78:08:12:a3:b5:ad:ef:9f:94:6c:39:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:38:53 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=6797a8ab0d6d31813d4fecb88b3f4fa9ef475fa9623c685013f2180f6a5414fd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:5e:ff:33:de:6e:64:e0:4e:75:6c:48:54:63:
                    8f:8c:8a:2e:ab:e8:f7:f5:d9:e2:81:ac:a5:57:ff:
                    b3:f7:05:a4:13:3a:10:22:ec:8c:0d:72:5d:a9:ea:
                    6e:f0:6f:c4:a5:cc:88:53:e3:2e:66:f0:ad:28:93:
                    d9:88:67:71:40:6a:a6:c4:f2:20:ac:84:99:91:de:
                    52:62:6c:7c:99:8c:ec:74:ee:58:20:c2:c8:24:fd:
                    23:74:57:26:78:09:27:6e:f2:35:72:df:57:e2:7b:
                    43:6a:1b:4d:90:18:d2:de:be:94:55:e8:3f:a0:ab:
                    5a:0c:3d:c5:2c:93:18:71:8c:dd:35:07:00:ac:83:
                    23:66:69:d4:54:8c:94:1b:e3:e2:b2:57:85:46:b6:
                    67:21:8c:4d:e3:28:9d:1e:91:16:29:26:bd:18:4d:
                    11:c7:cb:59:c7:bf:ee:12:ea:31:0b:ba:84:14:53:
                    10:d2:10:a9:c7:a9:73:56:7e:81:13:d9:1a:65:c9:
                    57:eb:e0:33:4e:93:7e:1e:fe:71:ef:6b:e9:a8:25:
                    16:c1:97:b5:60:51:e7:6e:1a:04:9d:75:08:fa:00:
                    35:70:49:d2:f0:26:bb:e4:46:55:9a:5a:0e:4a:b7:
                    0c:53:b8:2c:54:6d:c1:87:87:a7:96:02:e9:a1:c0:
                    06:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:92:85:01:45:2B:F0:AC:5F:81:06:30:AB:8A:F3:27:0D:AD:FC:9C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c39dd71c-f22c-4bb4-9c6f-dfc8c6a02ffd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07e:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         10:29:e1:86:0e:c8:1c:5d:3c:02:44:f6:c8:4d:9a:2a:c1:99:
         ea:e6:94:c6:7f:a8:1c:fe:33:d2:4e:7d:d4:12:1e:4c:e9:ae:
         52:26:e6:ae:dc:51:dc:db:34:dc:32:5a:6a:70:20:cd:dd:16:
         9b:fc:0f:8d:58:35:ee:ef:68:26:85:40:0f:30:aa:4a:4b:be:
         f8:ae:f4:c8:35:4b:6e:ad:15:21:98:f3:fb:49:dc:66:a4:10:
         ca:c6:6e:87:8e:b3:eb:01:3a:8b:67:c4:22:71:48:93:89:f5:
         bd:8d:68:00:e8:31:95:36:bf:eb:a3:11:51:54:13:6e:29:c0:
         c6:a8:ad:85:79:02:48:a4:e1:ae:c6:2a:dd:1c:23:67:93:45:
         29:37:57:ba:fa:97:20:f4:d8:7a:7b:47:b2:6f:e6:07:84:cf:
         ac:0a:80:58:52:db:49:88:70:d8:ef:f9:47:ba:5c:c8:d2:f8:
         cb:da:9d:ca:20:f9:3c:24:47:56:1e:d2:77:ae:7e:b6:9e:b8:
         6f:2f:4c:a2:39:bb:77:a5:3f:34:91:2a:fc:ff:ff:31:51:77:
         37:c0:bc:0f:4a:8c:5d:77:b6:a8:23:46:66:57:83:e7:0c:89:
         75:5f:9b:1f:0f:71:a4:0e:76:13:bc:1b:aa:23:05:fb:a0:ec:
         03:6f:c3:63
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUSnjQdsIyEpd4CBKjta3vn5RsOVAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTM4NTNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDY3OTdhOGFiMGQ2ZDMxODEzZDRmZWNiODhiM2Y0ZmE5ZWY0NzVmYTk2MjNj
Njg1MDEzZjIxODBmNmE1NDE0ZmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOBe/zPebmTgTnVsSFRjj4yKLqvo9/XZ4oGspVf/s/cFpBM6ECLsjA1yXanq
bvBvxKXMiFPjLmbwrSiT2YhncUBqpsTyIKyEmZHeUmJsfJmM7HTuWCDCyCT9I3RX
JngJJ27yNXLfV+J7Q2obTZAY0t6+lFXoP6CrWgw9xSyTGHGM3TUHAKyDI2Zp1FSM
lBvj4rJXhUa2ZyGMTeMonR6RFikmvRhNEcfLWce/7hLqMQu6hBRTENIQqcepc1Z+
gRPZGmXJV+vgM06Tfh7+ce9r6aglFsGXtWBR524aBJ11CPoANXBJ0vAmu+RGVZpa
Dkq3DFO4LFRtwYeHp5YC6aHABj0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQDkoUB
RSvwrF+BBjCrivMnDa38nDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzM5ZGQ3MWMtZjIyYy00YmI0LTljNmYtZGZjOGM2YTAyZmZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H6g
MA0GCSqGSIb3DQEBCwUAA4IBAQAQKeGGDsgcXTwCRPbITZoqwZnq5pTGf6gc/jPS
Tn3UEh5M6a5SJuau3FHc2zTcMlpqcCDN3Rab/A+NWDXu72gmhUAPMKpKS774rvTI
NUturRUhmPP7SdxmpBDKxm6HjrPrATqLZ8QicUiTifW9jWgA6DGVNr/roxFRVBNu
KcDGqK2FeQJIpOGuxirdHCNnk0UpN1e6+pcg9Nh6e0eyb+YHhM+sCoBYUttJiHDY
7/lHulzI0vjL2p3KIPk8JEdWHtJ3rn62nrhvL0yiObt3pT80kSr8//8xUXc3wLwP
Soxdd7aoI0ZmV4PnDIl1X5sfD3GkDnYTvBuqIwX7oOwDb8Nj
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:22 2025 by rpki-client