Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c3f4b0e0-df6d-481a-8d75-7709e545d1e8.roa
File:                     c3f4b0e0-df6d-481a-8d75-7709e545d1e8.roa (raw, json)
Hash identifier:          99LguaHgtm1Y9bMzAN3zpvAA7JwF6fxBLzJ4shJtfGA=
Subject key identifier:   3A:98:94:FF:77:44:AF:F8:03:D6:A0:18:B4:9C:41:84:CB:FC:C2:B0
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       562BE852CAB455D2B0D3C922154D3984CC17E350
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c3f4b0e0-df6d-481a-8d75-7709e545d1e8.roa
Signing time:             Fri 26 Sep 2025 19:10:12 +0000
ROA not before:           Fri 26 Sep 2025 19:10:12 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:2000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:2b:e8:52:ca:b4:55:d2:b0:d3:c9:22:15:4d:39:84:cc:17:e3:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:10:12 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=ed658a97b33ae8dcfae153beaf92adf5cb9a0c4d82244f45ae416e454018f494, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:1c:3a:1a:2f:0e:5a:29:ff:29:70:a7:bc:79:
                    6f:56:0f:94:30:a7:1a:d1:68:b3:5f:5b:14:a9:bb:
                    e2:25:e6:f7:9f:1a:c8:cd:4a:a0:5d:11:d9:f7:58:
                    2e:f8:5f:05:22:b6:c7:78:05:f3:d4:ce:62:d0:29:
                    3f:5a:c5:94:e1:b5:83:e9:c0:38:fb:3f:36:24:37:
                    28:45:6a:7c:fc:9e:f0:45:ff:e6:34:46:f1:3d:cc:
                    b3:db:34:e5:86:2d:92:eb:49:2f:c2:67:ae:a2:50:
                    b9:9c:aa:7e:21:97:b5:ad:0b:ca:f9:b9:dc:19:19:
                    e2:13:f9:bd:4b:d4:1a:80:41:31:e1:f8:95:d7:d6:
                    46:bf:3e:77:cd:71:6e:fb:18:0a:91:99:a3:2b:74:
                    28:8c:7f:77:b9:a3:2f:1d:03:ce:3c:1a:77:b9:d7:
                    8a:e8:4a:38:c3:07:8b:af:de:20:9b:20:12:82:24:
                    3e:d1:3d:7b:fb:76:73:f5:56:85:55:f4:b6:5c:de:
                    06:85:ff:84:5d:10:64:8f:14:f8:d4:2d:6f:f2:46:
                    ce:60:ab:22:88:96:ea:79:06:3d:28:04:af:16:51:
                    78:0e:c8:77:d4:59:e9:51:73:8e:b1:d3:14:c6:3b:
                    20:ee:e3:63:bb:be:26:86:b7:97:23:2e:ae:b6:84:
                    32:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:98:94:FF:77:44:AF:F8:03:D6:A0:18:B4:9C:41:84:CB:FC:C2:B0
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c3f4b0e0-df6d-481a-8d75-7709e545d1e8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         3c:34:5a:b6:7e:d0:8d:b8:82:e0:18:1f:44:b4:57:4a:87:0d:
         86:f1:17:af:fa:1c:67:46:19:61:b4:14:12:bf:d8:c6:b4:47:
         43:fa:be:37:e1:fc:06:ca:84:07:b3:37:78:25:48:ec:8a:92:
         54:bb:b9:ea:3d:11:6c:7c:cd:f7:98:ef:af:0e:a5:5d:94:cb:
         44:8a:8d:d1:ba:2a:80:33:20:8c:0e:5b:bd:8d:62:33:01:8d:
         88:29:33:b3:ab:3f:94:c2:ca:4e:ec:ce:5b:05:91:c1:b4:26:
         72:f1:1a:95:1e:d2:58:55:d4:9c:24:30:b2:64:b7:dc:a2:5e:
         13:08:45:87:8f:36:fa:cc:d3:45:58:14:97:3c:af:78:c5:f4:
         e8:47:3f:41:b3:d5:6d:44:22:63:af:89:39:9b:fa:ff:60:53:
         7f:62:65:51:38:ad:ff:7a:2e:b2:b5:2a:f7:ac:42:ed:36:30:
         a6:5e:66:92:37:5f:78:37:cd:83:c0:00:83:5d:29:38:9a:3b:
         36:91:f3:1e:f7:4e:fc:ae:0c:dc:cd:d8:b0:94:7d:ec:7d:69:
         c4:af:49:0c:e2:bf:f1:e8:2b:90:26:04:fc:db:e0:47:6c:c6:
         61:af:38:db:bf:06:84:ef:82:d6:a5:13:e6:bf:6c:83:1c:6f:
         a5:e9:bb:a2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVivoUsq0VdKw08kiFU05hMwX41AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTEwMTJaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGVkNjU4YTk3YjMzYWU4ZGNmYWUxNTNiZWFmOTJhZGY1Y2I5YTBjNGQ4MjI0
NGY0NWFlNDE2ZTQ1NDAxOGY0OTQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOccOhovDlop/ylwp7x5b1YPlDCnGtFos19bFKm74iXm958ayM1KoF0R2fdY
LvhfBSK2x3gF89TOYtApP1rFlOG1g+nAOPs/NiQ3KEVqfPye8EX/5jRG8T3Ms9s0
5YYtkutJL8JnrqJQuZyqfiGXta0Lyvm53BkZ4hP5vUvUGoBBMeH4ldfWRr8+d81x
bvsYCpGZoyt0KIx/d7mjLx0Dzjwad7nXiuhKOMMHi6/eIJsgEoIkPtE9e/t2c/VW
hVX0tlzeBoX/hF0QZI8U+NQtb/JGzmCrIoiW6nkGPSgErxZReA7Id9RZ6VFzjrHT
FMY7IO7jY7u+Joa3lyMurraEMoECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ6mJT/
d0Sv+APWoBi0nEGEy/zCsDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzNmNGIwZTAtZGY2ZC00ODFhLThkNzUtNzcwOWU1NDVkMWU4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HIg
MA0GCSqGSIb3DQEBCwUAA4IBAQA8NFq2ftCNuILgGB9EtFdKhw2G8Rev+hxnRhlh
tBQSv9jGtEdD+r434fwGyoQHszd4JUjsipJUu7nqPRFsfM33mO+vDqVdlMtEio3R
uiqAMyCMDlu9jWIzAY2IKTOzqz+UwspO7M5bBZHBtCZy8RqVHtJYVdScJDCyZLfc
ol4TCEWHjzb6zNNFWBSXPK94xfToRz9Bs9VtRCJjr4k5m/r/YFN/YmVROK3/ei6y
tSr3rELtNjCmXmaSN194N82DwACDXSk4mjs2kfMe9078rgzczdiwlH3sfWnEr0kM
4r/x6CuQJgT82+BHbMZhrzjbvwaE74LWpRPmv2yDHG+l6bui
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:57 2025 by rpki-client