Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c91ab8e7-8370-48ed-9e25-0dc260ba196b.roa
File:                     c91ab8e7-8370-48ed-9e25-0dc260ba196b.roa (raw, json)
Hash identifier:          VTl47b3xIQ6oE//+469n4RqF1i9rnjbl6TI/xjRkOWY=
Subject key identifier:   9D:DC:AB:B0:07:D4:4F:93:1A:7F:C5:A2:11:74:14:9D:8A:A1:E8:5A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       023AE9488D598E5B6513D837F2704D804CB6765C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c91ab8e7-8370-48ed-9e25-0dc260ba196b.roa
Signing time:             Fri 26 Sep 2025 18:42:25 +0000
ROA not before:           Fri 26 Sep 2025 18:42:25 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:60c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:3a:e9:48:8d:59:8e:5b:65:13:d8:37:f2:70:4d:80:4c:b6:76:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:42:25 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=02df9120e4c59b3b168854e9346b8c65eab841d559022ae4141421741ecf3586, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e5:14:bb:ae:c9:47:db:35:14:6a:58:89:36:
                    be:95:42:82:6d:bd:66:0a:a8:e2:c3:65:98:3f:99:
                    3a:b0:00:39:55:5a:66:93:a5:c0:af:c9:a1:a0:92:
                    89:d5:cf:47:a1:9f:f2:0a:52:83:0f:83:48:34:56:
                    7f:6d:08:2d:7c:d8:0a:9d:27:bb:b8:60:e6:4b:ff:
                    fc:53:3f:d6:f9:99:1e:43:9b:32:ba:bd:e6:68:73:
                    07:d0:b2:4c:63:4d:82:e7:0d:57:76:b4:52:0c:bc:
                    09:f5:ed:14:02:b7:8f:4e:47:d9:df:40:26:3b:c9:
                    f4:b3:9c:99:0c:c8:27:34:bc:6e:bf:71:e8:50:f3:
                    46:08:21:7e:28:a7:6a:b6:cd:44:d4:ae:9e:59:a6:
                    5d:4c:07:99:6e:fa:66:ad:2f:a2:78:3c:2d:8c:6a:
                    e6:66:81:df:2c:0e:30:9d:a8:3b:1d:b2:3e:98:e2:
                    a9:5b:2a:7d:28:79:dd:5a:59:6b:96:2e:9f:a9:46:
                    ab:c2:46:ec:af:c1:f5:88:30:07:b3:f3:bd:1c:e3:
                    55:b8:c5:b4:a5:30:fa:7f:b1:26:b9:32:b2:24:ef:
                    61:97:47:4e:fc:2d:81:b2:1b:0a:f1:c0:fc:a3:36:
                    7e:70:8d:8a:43:02:c3:ce:d7:2c:ed:1a:79:cd:7a:
                    1d:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:DC:AB:B0:07:D4:4F:93:1A:7F:C5:A2:11:74:14:9D:8A:A1:E8:5A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c91ab8e7-8370-48ed-9e25-0dc260ba196b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:60c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:b2:39:37:02:9d:e7:40:98:8e:87:37:56:96:6d:a4:91:af:
         53:c0:97:56:f6:3d:62:20:4d:a9:08:59:f3:7d:21:57:b4:d1:
         f1:cb:ad:0d:0c:43:cc:a9:a5:34:54:e2:49:59:6e:47:58:18:
         89:b9:17:3c:20:4e:67:ac:b6:71:40:1f:ce:f3:9e:22:eb:88:
         f6:96:13:65:81:e3:25:5e:11:a8:d0:db:a2:b3:75:c6:64:b5:
         45:46:c7:ae:69:d5:92:eb:34:df:39:9e:c0:40:88:d0:60:84:
         ed:ec:56:3e:ba:43:05:d3:81:e7:e8:37:f4:62:c5:1c:63:fe:
         ef:b3:26:d7:bb:63:b1:d7:5f:b9:5f:49:10:6a:91:ea:2e:11:
         56:27:90:d9:6a:6d:be:62:3c:1b:d8:3b:25:e3:05:26:5f:b5:
         02:7a:1d:77:d3:ee:a1:32:1e:2c:55:6a:39:ac:ea:39:f2:03:
         dc:10:83:0b:bb:e3:45:18:77:8d:be:f9:73:22:43:af:97:c8:
         0f:64:56:30:3b:5d:17:8a:d9:ad:27:6e:78:a4:2c:6e:06:29:
         36:ba:29:80:76:38:17:4e:5b:c5:99:ab:8c:e3:08:4d:3e:5f:
         63:c6:38:7a:7d:e7:17:9e:b6:98:e7:7b:66:56:56:10:d1:d4:
         bb:b4:23:59
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUAjrpSI1ZjltlE9g38nBNgEy2dlwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODQyMjVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDAyZGY5MTIwZTRjNTliM2IxNjg4NTRlOTM0NmI4YzY1ZWFiODQxZDU1OTAy
MmFlNDE0MTQyMTc0MWVjZjM1ODYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM3lFLuuyUfbNRRqWIk2vpVCgm29Zgqo4sNlmD+ZOrAAOVVaZpOlwK/JoaCS
idXPR6Gf8gpSgw+DSDRWf20ILXzYCp0nu7hg5kv//FM/1vmZHkObMrq95mhzB9Cy
TGNNgucNV3a0Ugy8CfXtFAK3j05H2d9AJjvJ9LOcmQzIJzS8br9x6FDzRgghfiin
arbNRNSunlmmXUwHmW76Zq0vong8LYxq5maB3ywOMJ2oOx2yPpjiqVsqfSh53VpZ
a5Yun6lGq8JG7K/B9YgwB7PzvRzjVbjFtKUw+n+xJrkysiTvYZdHTvwtgbIbCvHA
/KM2fnCNikMCw87XLO0aec16HTECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSd3Kuw
B9RPkxp/xaIRdBSdiqHoWjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzkxYWI4ZTctODM3MC00OGVkLTllMjUtMGRjMjYwYmExOTZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HJg
wDANBgkqhkiG9w0BAQsFAAOCAQEAH7I5NwKd50CYjoc3VpZtpJGvU8CXVvY9YiBN
qQhZ830hV7TR8cutDQxDzKmlNFTiSVluR1gYibkXPCBOZ6y2cUAfzvOeIuuI9pYT
ZYHjJV4RqNDborN1xmS1RUbHrmnVkus03zmewECI0GCE7exWPrpDBdOB5+g39GLF
HGP+77Mm17tjsddfuV9JEGqR6i4RVieQ2WptvmI8G9g7JeMFJl+1Anodd9PuoTIe
LFVqOazqOfID3BCDC7vjRRh3jb75cyJDr5fID2RWMDtdF4rZrSdueKQsbgYpNrop
gHY4F05bxZmrjOMITT5fY8Y4en3nF562mOd7ZlZWENHUu7QjWQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:45 2025 by rpki-client