Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c6b4bacc-5824-4f9c-a10d-49f145db8549.roa
File:                     c6b4bacc-5824-4f9c-a10d-49f145db8549.roa (raw, json)
Hash identifier:          +nCZWWwmNl9LJ80fIfAk6paXJyFM2DOXKYj+lBWDVFw=
Subject key identifier:   52:C7:C1:A9:0A:AE:86:CE:A2:C4:94:8F:81:A8:E6:1D:06:85:00:B8
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0EC5B67488B511D369151F6F1AB465D2E5B83866
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c6b4bacc-5824-4f9c-a10d-49f145db8549.roa
Signing time:             Mon 29 Sep 2025 15:24:39 +0000
ROA not before:           Mon 29 Sep 2025 15:24:39 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d02f::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:c5:b6:74:88:b5:11:d3:69:15:1f:6f:1a:b4:65:d2:e5:b8:38:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 29 15:24:39 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=c2e064c38211c4e5532e0cbd639fae99f7a597bb5f1da52a60356911b0c4696d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d3:1b:fc:27:20:23:36:30:7e:f1:ff:62:94:
                    31:b7:c7:f6:c0:67:4e:88:89:58:46:63:5c:75:2b:
                    d8:1d:6b:08:65:0f:83:7e:36:f4:5f:b1:ef:67:77:
                    a9:2b:a1:39:5b:32:30:a8:2a:db:1c:1e:6e:a9:56:
                    39:c3:94:b6:cf:2e:a7:1a:6c:dc:02:29:93:ea:d4:
                    61:46:7f:05:16:fb:a7:b9:c6:f3:d8:37:2a:43:dd:
                    d4:32:af:ab:a1:ee:a3:31:02:aa:a8:3a:20:ad:1e:
                    f1:19:5f:2a:ab:4c:59:73:56:a5:49:f2:ca:b0:dc:
                    77:88:3e:66:4e:10:d4:0b:72:ec:fa:50:68:98:b6:
                    b6:e6:ae:40:c3:50:71:52:ff:b8:33:e0:fc:61:b8:
                    3a:71:8d:bc:78:28:c0:a5:8f:ec:68:ba:27:a1:d0:
                    ab:4b:80:ec:9e:ea:39:fa:a2:93:d8:28:59:8c:7d:
                    a1:5e:f2:3d:7f:5e:31:2d:70:ff:a2:43:22:a4:f9:
                    ac:6d:ca:a0:de:cc:b4:2d:78:10:3b:c0:ff:a5:b4:
                    86:d8:cb:97:ca:80:b2:b1:7a:5b:e8:ad:2b:c6:52:
                    a8:ab:98:6f:6e:8b:52:86:0a:2f:a3:47:ec:67:37:
                    50:27:bd:e5:52:d1:db:64:e8:f7:f2:b0:fc:16:30:
                    38:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:C7:C1:A9:0A:AE:86:CE:A2:C4:94:8F:81:A8:E6:1D:06:85:00:B8
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c6b4bacc-5824-4f9c-a10d-49f145db8549.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d02f::/36

    Signature Algorithm: sha256WithRSAEncryption
         9c:e9:5a:00:ef:b7:c7:00:c3:d5:22:fe:13:6c:b5:6f:82:8e:
         f3:49:9c:d6:6b:b0:51:8b:d7:84:90:9e:34:14:1b:4e:a0:e9:
         d2:d2:11:8a:97:1a:52:7e:64:08:bf:99:bf:4e:ea:b8:80:c1:
         a5:55:0c:6e:fa:f3:78:b1:5a:41:27:6e:6d:06:a6:1a:98:fe:
         c0:cb:ef:ef:63:14:34:50:22:4f:45:01:d7:b2:60:54:b5:63:
         0b:71:a9:ed:f2:e7:62:77:7f:ac:c6:3a:46:8f:df:fe:e3:fe:
         0f:7c:73:13:a5:31:70:03:94:50:fa:c1:27:a7:d1:9c:76:e1:
         c9:88:58:cf:a6:e9:6b:65:60:eb:ba:ac:cd:e9:d3:ca:9e:f0:
         da:5a:5c:8b:96:86:05:68:f2:36:0e:c3:b8:9b:6e:d6:68:91:
         a4:c3:e1:91:72:e2:b6:cc:e4:73:e5:f9:f7:b3:05:c3:3b:99:
         5c:29:68:1c:3a:b9:20:47:f5:46:14:a4:34:74:ff:55:b7:7f:
         3c:b2:8f:f5:48:62:3a:b7:bb:6b:c8:40:d5:bf:ae:4c:87:ee:
         5c:49:87:98:05:72:27:6a:c3:84:7a:c4:d6:c3:e2:9b:06:0c:
         d7:0d:56:82:c5:42:8e:c2:f9:41:76:ef:71:1b:3e:62:11:f8:
         ff:59:e7:10
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDsW2dIi1EdNpFR9vGrRl0uW4OGYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjkxNTI0MzlaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGMyZTA2NGMzODIxMWM0ZTU1MzJlMGNiZDYzOWZhZTk5ZjdhNTk3YmI1ZjFk
YTUyYTYwMzU2OTExYjBjNDY5NmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMzTG/wnICM2MH7x/2KUMbfH9sBnToiJWEZjXHUr2B1rCGUPg3429F+x72d3
qSuhOVsyMKgq2xwebqlWOcOUts8upxps3AIpk+rUYUZ/BRb7p7nG89g3KkPd1DKv
q6HuozECqqg6IK0e8RlfKqtMWXNWpUnyyrDcd4g+Zk4Q1Aty7PpQaJi2tuauQMNQ
cVL/uDPg/GG4OnGNvHgowKWP7Gi6J6HQq0uA7J7qOfqik9goWYx9oV7yPX9eMS1w
/6JDIqT5rG3KoN7MtC14EDvA/6W0htjLl8qAsrF6W+itK8ZSqKuYb26LUoYKL6NH
7Gc3UCe95VLR22To9/Kw/BYwOH8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRSx8Gp
Cq6GzqLElI+BqOYdBoUAuDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzZiNGJhY2MtNTgyNC00ZjljLWExMGQtNDlmMTQ1ZGI4NTQ5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0C8A
MA0GCSqGSIb3DQEBCwUAA4IBAQCc6VoA77fHAMPVIv4TbLVvgo7zSZzWa7BRi9eE
kJ40FBtOoOnS0hGKlxpSfmQIv5m/Tuq4gMGlVQxu+vN4sVpBJ25tBqYamP7Ay+/v
YxQ0UCJPRQHXsmBUtWMLcant8udid3+sxjpGj9/+4/4PfHMTpTFwA5RQ+sEnp9Gc
duHJiFjPpulrZWDruqzN6dPKnvDaWlyLloYFaPI2DsO4m27WaJGkw+GRcuK2zORz
5fn3swXDO5lcKWgcOrkgR/VGFKQ0dP9Vt388so/1SGI6t7tryEDVv65Mh+5cSYeY
BXInasOEesTWw+KbBgzXDVaCxUKOwvlBdu9xGz5iEfj/WecQ
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:47 2025 by rpki-client