Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ca3f4d11-dc6b-4a82-be61-68f1d7838f90.roa
File:                     ca3f4d11-dc6b-4a82-be61-68f1d7838f90.roa (raw, json)
Hash identifier:          OlmeTUbeq8g14c7bZRUlB4DJiMw0aRezVuUvSQYTwk0=
Subject key identifier:   8A:92:A2:EA:5C:31:36:4C:9D:83:4F:FA:C5:FC:0C:88:FE:F7:54:56
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       696D3B7D044CE3308385B8004CCCEA69120E8217
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ca3f4d11-dc6b-4a82-be61-68f1d7838f90.roa
Signing time:             Fri 26 Sep 2025 19:11:44 +0000
ROA not before:           Fri 26 Sep 2025 19:11:44 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:1000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:6d:3b:7d:04:4c:e3:30:83:85:b8:00:4c:cc:ea:69:12:0e:82:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:11:44 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=c068b10cddb7613c36f59981d0654f3fbe0e83cd0798529ec070d1bb7942e0f3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:61:07:9a:68:ab:d2:01:21:64:36:fa:cc:34:
                    d8:1c:37:2d:6e:08:42:0f:a9:2b:41:12:eb:bb:a6:
                    ec:58:ab:8a:7b:b5:01:ec:e2:52:d6:fd:54:f2:c0:
                    69:8b:af:83:07:10:fb:15:1e:97:18:a7:28:65:b9:
                    1b:ee:05:8a:0b:be:16:19:68:b1:2d:de:77:91:a7:
                    b6:f5:6c:45:5b:dc:3e:f5:d3:4a:58:9d:3b:43:0b:
                    78:4c:fd:ac:98:72:c6:c7:8d:71:fd:0e:80:b2:a5:
                    cb:33:72:ae:c2:d1:8a:6a:74:92:12:12:ad:63:fa:
                    dd:cc:d0:b7:d4:43:bf:18:ca:f0:69:59:8d:4a:c4:
                    7c:26:4c:b4:d5:f6:7f:c8:e4:60:df:62:ad:f2:8d:
                    19:fc:b2:bf:0e:1d:96:c3:8c:93:ee:05:22:6c:58:
                    f2:89:8e:f6:cf:9b:b7:bd:8e:e0:c1:b8:ef:4d:fb:
                    c7:bf:d8:d6:35:c1:98:46:01:4c:11:64:6f:3f:18:
                    25:d2:6b:96:7b:f0:8d:7d:b3:fe:51:50:38:07:06:
                    5e:cd:5a:c7:ac:f6:ba:87:2a:2c:bf:3a:0a:3a:21:
                    9a:dc:a5:74:a9:a8:a3:e3:27:c0:35:20:90:92:2c:
                    e5:b1:02:67:e6:3f:0d:85:47:50:f1:57:a4:1b:cf:
                    3a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:92:A2:EA:5C:31:36:4C:9D:83:4F:FA:C5:FC:0C:88:FE:F7:54:56
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ca3f4d11-dc6b-4a82-be61-68f1d7838f90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1c:fe:a4:57:d7:57:88:a7:54:1e:50:3a:cc:30:55:60:f8:4b:
         6a:38:43:73:78:db:77:2f:7c:44:fc:a0:98:25:bc:c5:65:17:
         8b:ab:ad:44:77:6b:33:52:59:3f:d8:13:cb:73:c6:20:2b:61:
         80:f9:23:80:44:65:c0:70:37:5f:2f:16:b2:52:38:f1:d2:0a:
         ca:14:c3:b4:fc:3c:65:76:93:8c:49:31:c8:17:a1:47:05:68:
         95:20:2a:c4:01:d1:aa:04:b8:da:2c:5d:f4:8e:2c:85:1b:e1:
         3e:86:09:63:2f:fd:74:ea:a7:a5:c3:95:85:9f:5b:c5:85:5a:
         db:a4:d0:76:eb:3a:7c:f3:b1:ef:66:55:a8:a4:09:45:fd:45:
         31:29:d6:11:c6:68:85:a4:3f:5d:39:67:e2:c4:e8:19:8b:e9:
         bb:0b:e3:bf:b2:7a:50:49:46:07:f6:e5:10:26:4f:3c:e4:94:
         70:bc:4e:9f:22:f0:8f:bf:e0:ca:de:92:79:a6:70:a2:94:ad:
         57:c9:6c:41:14:c6:d7:59:f4:61:fb:9c:6a:22:bc:4b:66:aa:
         b0:23:67:46:9c:bb:4e:78:6d:de:36:aa:34:42:fd:0f:ef:dd:
         df:57:c3:f1:55:fb:8e:30:1e:60:83:56:18:d2:f7:4c:a9:4d:
         38:cf:bb:ce
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUaW07fQRM4zCDhbgATMzqaRIOghcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTExNDRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGMwNjhiMTBjZGRiNzYxM2MzNmY1OTk4MWQwNjU0ZjNmYmUwZTgzY2QwNzk4
NTI5ZWMwNzBkMWJiNzk0MmUwZjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALphB5poq9IBIWQ2+sw02Bw3LW4IQg+pK0ES67um7Firinu1AeziUtb9VPLA
aYuvgwcQ+xUelxinKGW5G+4Figu+FhlosS3ed5GntvVsRVvcPvXTSlidO0MLeEz9
rJhyxseNcf0OgLKlyzNyrsLRimp0khISrWP63czQt9RDvxjK8GlZjUrEfCZMtNX2
f8jkYN9irfKNGfyyvw4dlsOMk+4FImxY8omO9s+bt72O4MG47037x7/Y1jXBmEYB
TBFkbz8YJdJrlnvwjX2z/lFQOAcGXs1ax6z2uocqLL86CjohmtyldKmoo+MnwDUg
kJIs5bECZ+Y/DYVHUPFXpBvPOs8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSKkqLq
XDE2TJ2DT/rF/AyI/vdUVjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2EzZjRkMTEtZGM2Yi00YTgyLWJlNjEtNjhmMWQ3ODM4ZjkwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H8Q
MA0GCSqGSIb3DQEBCwUAA4IBAQAc/qRX11eIp1QeUDrMMFVg+EtqOENzeNt3L3xE
/KCYJbzFZReLq61Ed2szUlk/2BPLc8YgK2GA+SOARGXAcDdfLxayUjjx0grKFMO0
/DxldpOMSTHIF6FHBWiVICrEAdGqBLjaLF30jiyFG+E+hgljL/106qelw5WFn1vF
hVrbpNB26zp887HvZlWopAlF/UUxKdYRxmiFpD9dOWfixOgZi+m7C+O/snpQSUYH
9uUQJk885JRwvE6fIvCPv+DK3pJ5pnCilK1XyWxBFMbXWfRh+5xqIrxLZqqwI2dG
nLtOeG3eNqo0Qv0P793fV8PxVfuOMB5gg1YY0vdMqU04z7vO
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:56 2025 by rpki-client