Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c4acf4ba-05c5-4e0a-9dfd-70cf32218bb4.roa
File:                     c4acf4ba-05c5-4e0a-9dfd-70cf32218bb4.roa (raw, json)
Hash identifier:          gJRYj5fqIL6kwtYG33Unzq7vX8B2A+jaI1sOE2ujoW0=
Subject key identifier:   88:7B:F8:20:01:7E:1F:65:8B:1B:7A:B5:6C:DD:81:61:9A:41:3B:ED
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       184CFA6B095D2476860D72784325E1D6860CF5F0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c4acf4ba-05c5-4e0a-9dfd-70cf32218bb4.roa
Signing time:             Fri 26 Sep 2025 18:41:14 +0000
ROA not before:           Fri 26 Sep 2025 18:41:14 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:40e0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:4c:fa:6b:09:5d:24:76:86:0d:72:78:43:25:e1:d6:86:0c:f5:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:41:14 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=f0049cac2abba64473f9c86b6a35942b6840325288b424cd6f9b1143b91707eb, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:9d:c8:37:39:d2:53:2f:97:4d:c9:3a:1c:fc:
                    d1:1b:6e:2f:6a:d6:2a:de:2a:bb:ef:13:94:25:16:
                    ff:6a:31:f6:26:05:cb:70:cd:32:a7:15:d2:8e:02:
                    25:e0:fb:16:17:5c:7f:7a:a0:db:87:30:54:fe:95:
                    81:9b:b0:bc:3c:db:2e:ff:f9:9d:69:4c:7d:24:02:
                    0e:5c:22:75:60:b9:0c:e2:90:af:5c:a7:ae:12:9e:
                    25:d3:b8:96:b5:51:cb:8f:97:c0:24:1a:7b:12:df:
                    2f:3d:61:cf:84:47:48:b1:8a:ce:c0:fe:d4:55:33:
                    9e:3e:4f:23:15:e1:64:bd:73:9f:30:34:79:7d:2e:
                    59:09:ff:e1:8b:37:a4:a7:36:72:86:20:6c:9b:22:
                    c5:5b:d7:3a:b2:be:76:72:02:cf:3d:c0:11:25:0d:
                    9c:38:aa:65:0c:8e:69:10:72:f1:5e:6d:77:56:d8:
                    c4:1b:fe:96:34:00:50:10:8f:a6:aa:18:18:df:ca:
                    eb:81:f3:30:e3:ac:13:bf:cf:52:e5:89:1d:f0:23:
                    9a:8a:35:85:9d:ce:0b:ba:5f:ec:e2:bd:40:e3:71:
                    b9:62:35:30:2d:29:ae:f2:11:7a:fd:38:22:f5:dc:
                    2b:83:40:30:d3:b9:b4:1a:a7:09:c3:2f:83:59:e5:
                    6b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:7B:F8:20:01:7E:1F:65:8B:1B:7A:B5:6C:DD:81:61:9A:41:3B:ED
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c4acf4ba-05c5-4e0a-9dfd-70cf32218bb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:40e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:ea:22:4c:01:fc:6b:49:61:5a:ed:88:5e:9f:ee:23:03:a5:
         26:28:3c:61:43:16:65:ae:40:13:b5:41:90:a2:af:53:15:71:
         c4:f4:b7:5a:2b:8a:27:00:ff:bd:cf:ab:8d:f0:60:df:c6:eb:
         1a:e3:ab:25:e6:8b:b8:8f:33:5c:01:b1:42:70:1d:b3:5c:7d:
         35:6e:3c:8a:9b:2e:83:e9:a9:9d:27:d4:74:2e:ed:76:0f:b6:
         63:2b:f5:e4:1e:22:64:39:4e:ad:68:76:d3:31:11:30:7b:8f:
         90:6b:93:eb:78:01:b4:54:09:c4:43:48:fd:9d:7c:36:64:ef:
         c6:9e:f7:bf:a7:26:07:85:05:c2:7f:df:1f:86:05:39:93:20:
         fe:fe:b4:82:c9:57:51:09:fe:10:1f:06:ed:98:e1:40:74:f9:
         00:e5:33:77:7e:a1:6f:64:1a:09:53:3b:e3:1e:63:b1:67:46:
         cb:4f:c0:d7:8b:7f:06:3c:2b:9f:41:9f:e6:78:52:d9:99:91:
         30:42:7b:49:97:d2:ee:e2:c7:c7:82:cb:ed:b0:59:b2:10:25:
         8a:b6:40:09:c6:91:cf:fb:26:c7:20:93:7e:71:7f:87:ca:28:
         0e:f4:35:4f:45:87:2a:db:b9:08:ae:7f:74:43:d5:0d:f3:32:
         d4:ab:81:89
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUGEz6awldJHaGDXJ4QyXh1oYM9fAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODQxMTRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGYwMDQ5Y2FjMmFiYmE2NDQ3M2Y5Yzg2YjZhMzU5NDJiNjg0MDMyNTI4OGI0
MjRjZDZmOWIxMTQzYjkxNzA3ZWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJGdyDc50lMvl03JOhz80RtuL2rWKt4qu+8TlCUW/2ox9iYFy3DNMqcV0o4C
JeD7Fhdcf3qg24cwVP6VgZuwvDzbLv/5nWlMfSQCDlwidWC5DOKQr1ynrhKeJdO4
lrVRy4+XwCQaexLfLz1hz4RHSLGKzsD+1FUznj5PIxXhZL1znzA0eX0uWQn/4Ys3
pKc2coYgbJsixVvXOrK+dnICzz3AESUNnDiqZQyOaRBy8V5td1bYxBv+ljQAUBCP
pqoYGN/K64HzMOOsE7/PUuWJHfAjmoo1hZ3OC7pf7OK9QONxuWI1MC0prvIRev04
IvXcK4NAMNO5tBqnCcMvg1nla1ECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSIe/gg
AX4fZYsberVs3YFhmkE77TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzRhY2Y0YmEtMDVjNS00ZTBhLTlkZmQtNzBjZjMyMjE4YmI0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ABA
4DANBgkqhkiG9w0BAQsFAAOCAQEAhuoiTAH8a0lhWu2IXp/uIwOlJig8YUMWZa5A
E7VBkKKvUxVxxPS3WiuKJwD/vc+rjfBg38brGuOrJeaLuI8zXAGxQnAds1x9NW48
ipsug+mpnSfUdC7tdg+2Yyv15B4iZDlOrWh20zERMHuPkGuT63gBtFQJxENI/Z18
NmTvxp73v6cmB4UFwn/fH4YFOZMg/v60gslXUQn+EB8G7ZjhQHT5AOUzd36hb2Qa
CVM74x5jsWdGy0/A14t/Bjwrn0Gf5nhS2ZmRMEJ7SZfS7uLHx4LL7bBZshAlirZA
CcaRz/smxyCTfnF/h8ooDvQ1T0WHKtu5CK5/dEPVDfMy1KuBiQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:31 2025 by rpki-client