Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c9cee224-c41f-451e-ba80-f0bceb6623bc.roa
File:                     c9cee224-c41f-451e-ba80-f0bceb6623bc.roa (raw, json)
Hash identifier:          akaSnnd9GkScyx+3HkRk3OXmAz6oZvS7fmBlJpZzogI=
Subject key identifier:   AE:70:B0:0A:2F:3D:E5:D3:4F:74:49:F9:69:68:E6:B5:72:E1:60:A6
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       10AFE3B2DF2D7BC8CCE23F9174960F55C1A7D48A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c9cee224-c41f-451e-ba80-f0bceb6623bc.roa
Signing time:             Mon 06 Oct 2025 18:00:05 +0000
ROA not before:           Mon 06 Oct 2025 18:00:05 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d073:4080::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:af:e3:b2:df:2d:7b:c8:cc:e2:3f:91:74:96:0f:55:c1:a7:d4:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct  6 18:00:05 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=3c9dd43ff519300347e165701de6f334a21a47e10ef7a514079fa552810c08d6, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b5:0c:0d:8f:b9:34:50:b8:24:3e:8b:90:f3:
                    5f:69:e1:85:c9:f9:0c:59:39:87:f1:6d:92:ce:a7:
                    a3:20:fb:88:6b:78:b0:fb:05:83:fb:a9:c7:15:01:
                    cb:7d:cc:c8:77:f6:df:76:c5:9a:60:54:cc:bc:fc:
                    0b:1c:9d:09:1a:16:cd:ea:3d:98:8a:09:f2:38:e9:
                    a3:94:b9:ce:77:e5:06:ce:32:a9:be:16:c9:c0:f4:
                    9b:1a:6b:7e:f9:ad:df:ff:ea:90:05:7c:5a:c1:76:
                    e4:1d:16:89:a1:71:c0:04:bb:73:24:12:39:ea:dd:
                    3f:9b:b0:70:00:ed:66:14:60:9a:d5:07:7b:00:99:
                    e6:0f:f1:73:2d:d0:4c:83:3c:67:d2:29:7b:0e:f0:
                    6d:16:70:c8:8e:e9:e8:a2:d1:01:10:92:62:54:b0:
                    ce:86:66:5d:6b:85:2a:7e:fb:b9:46:a0:f3:73:01:
                    78:3f:38:9f:ab:64:50:f2:8c:59:31:ca:9f:97:c6:
                    a0:11:bb:e8:e4:c0:aa:b2:a0:dc:54:41:10:80:a5:
                    3e:f5:08:60:31:32:98:9f:6d:0a:40:ea:23:4d:38:
                    43:61:94:c8:19:4d:60:f9:f8:d3:dc:9d:97:98:14:
                    d6:d7:78:49:ee:27:cb:08:41:e6:d9:a7:1a:43:32:
                    ef:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:70:B0:0A:2F:3D:E5:D3:4F:74:49:F9:69:68:E6:B5:72:E1:60:A6
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c9cee224-c41f-451e-ba80-f0bceb6623bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d073:4080::/46

    Signature Algorithm: sha256WithRSAEncryption
         46:af:4f:a3:d3:18:a8:f7:e4:97:e4:55:5e:5a:26:93:bc:b8:
         40:c5:95:98:b2:7f:3a:5c:47:08:16:3d:85:57:05:a7:83:de:
         37:a4:4c:eb:79:1d:2f:47:c6:3a:61:3a:aa:f3:de:2f:ca:73:
         5e:76:46:56:64:9d:89:0d:c7:3b:73:1f:76:96:9e:21:1d:b0:
         46:a7:80:cf:0f:75:14:cb:f2:25:ac:3b:af:d9:d6:2b:5d:3e:
         03:a9:f6:62:44:9a:9e:67:1f:b2:01:96:07:db:57:65:29:43:
         d4:4b:fb:02:ff:3b:fa:25:7f:06:fd:2a:07:6b:60:b6:62:09:
         9c:cb:94:3c:d1:50:ef:de:e0:34:75:fe:0c:a8:6f:89:c2:bc:
         6b:b4:b1:53:00:e8:a6:6f:cf:a0:b9:c8:00:81:a2:4c:30:8c:
         16:54:8a:91:0e:ee:15:d7:81:db:33:a1:7a:12:70:b5:c1:3e:
         72:f2:5e:92:1d:cf:c9:1c:e3:3e:5a:dc:a6:ab:bb:2a:3f:18:
         c4:e4:3f:bf:78:ac:b7:41:7c:f7:33:0a:96:d5:55:bb:55:03:
         8c:08:19:a8:a3:3f:9b:19:c8:87:cd:08:26:29:5e:af:51:44:
         ac:51:2b:b7:e7:82:4a:77:7b:73:87:b5:48:6c:3c:df:c3:99:
         a0:32:72:52
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUEK/jst8te8jM4j+RdJYPVcGn1IowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODAwMDVaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDNjOWRkNDNmZjUxOTMwMDM0N2UxNjU3MDFkZTZmMzM0YTIxYTQ3ZTEwZWY3
YTUxNDA3OWZhNTUyODEwYzA4ZDYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKq1DA2PuTRQuCQ+i5DzX2nhhcn5DFk5h/Ftks6noyD7iGt4sPsFg/upxxUB
y33MyHf233bFmmBUzLz8CxydCRoWzeo9mIoJ8jjpo5S5znflBs4yqb4WycD0mxpr
fvmt3//qkAV8WsF25B0WiaFxwAS7cyQSOerdP5uwcADtZhRgmtUHewCZ5g/xcy3Q
TIM8Z9Ipew7wbRZwyI7p6KLRARCSYlSwzoZmXWuFKn77uUag83MBeD84n6tkUPKM
WTHKn5fGoBG76OTAqrKg3FRBEIClPvUIYDEymJ9tCkDqI004Q2GUyBlNYPn409yd
l5gU1td4Se4nywhB5tmnGkMy740CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSucLAK
Lz3l0090SflpaOa1cuFgpjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzljZWUyMjQtYzQxZi00NTFlLWJhODAtZjBiY2ViNjYyM2JjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HNA
gDANBgkqhkiG9w0BAQsFAAOCAQEARq9Po9MYqPfkl+RVXlomk7y4QMWVmLJ/OlxH
CBY9hVcFp4PeN6RM63kdL0fGOmE6qvPeL8pzXnZGVmSdiQ3HO3MfdpaeIR2wRqeA
zw91FMvyJaw7r9nWK10+A6n2YkSanmcfsgGWB9tXZSlD1Ev7Av87+iV/Bv0qB2tg
tmIJnMuUPNFQ797gNHX+DKhvicK8a7SxUwDopm/PoLnIAIGiTDCMFlSKkQ7uFdeB
2zOhehJwtcE+cvJekh3PyRzjPlrcpqu7Kj8YxOQ/v3ist0F89zMKltVVu1UDjAgZ
qKM/mxnIh80IJiler1FErFErt+eCSnd7c4e1SGw838OZoDJyUg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:04 2025 by rpki-client