Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb5ee4c1-dd36-49a9-8b09-89d58aa8035e.roa
File:                     cb5ee4c1-dd36-49a9-8b09-89d58aa8035e.roa (raw, json)
Hash identifier:          YxP+byK33GDfgWOCGDK5vyZrt9NRw+SIZNkX+8Lfv7s=
Subject key identifier:   24:F5:DB:F0:79:6B:89:0E:C5:CB:8D:21:3F:CA:5A:4A:D8:58:E0:24
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0A3A2B4675D086DAB181E402C83ED5B185BF5358
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb5ee4c1-dd36-49a9-8b09-89d58aa8035e.roa
Signing time:             Fri 26 Sep 2025 20:01:08 +0000
ROA not before:           Fri 26 Sep 2025 20:01:08 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d011:c00::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:3a:2b:46:75:d0:86:da:b1:81:e4:02:c8:3e:d5:b1:85:bf:53:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 20:01:08 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=9dff8e42ab5a40153101a5c616bed19da870b9bae55e4f382fb78e7dc9a645e3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b3:5c:81:d6:6d:3a:ee:4e:ba:0d:aa:a1:67:
                    e9:0a:c2:06:34:10:ae:33:eb:21:b8:9d:4d:45:31:
                    91:84:dc:11:ac:15:39:ec:19:34:2e:42:90:ce:88:
                    86:21:4b:f8:71:e7:8d:e9:27:94:ed:bd:3b:f4:16:
                    ef:97:d2:c4:27:bd:b6:d3:af:a6:3e:71:d9:f7:fd:
                    55:cd:93:18:13:4c:54:33:88:b2:e8:a0:d1:4d:f5:
                    ea:67:7f:e5:9f:7a:0f:69:8e:fb:fa:6d:2c:f0:31:
                    bc:cb:99:86:75:d5:6b:68:d9:64:bc:27:ad:ef:1d:
                    30:8d:4e:5f:ad:65:07:33:92:e0:53:12:9d:b8:b3:
                    d0:94:34:f4:e3:b3:d4:cc:c5:8a:55:a8:2e:33:20:
                    76:24:a2:d4:58:b6:4f:cb:5a:8a:01:bb:6c:6e:d7:
                    bd:0d:85:37:f6:96:50:24:0a:ee:6f:0c:73:6d:f3:
                    75:0e:36:54:0e:d0:c4:8f:c6:e3:1d:c3:2f:e8:90:
                    6b:f5:c0:e0:ec:29:a5:b3:10:4c:c4:e4:73:c0:54:
                    80:3c:c0:34:44:84:59:de:d7:24:73:59:fb:5f:9d:
                    f2:ca:0b:c0:f0:9a:57:49:a9:b3:e9:f2:4f:59:e2:
                    f1:7e:a3:b7:7b:27:f9:23:b4:bd:b6:23:60:36:7b:
                    7e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:F5:DB:F0:79:6B:89:0E:C5:CB:8D:21:3F:CA:5A:4A:D8:58:E0:24
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb5ee4c1-dd36-49a9-8b09-89d58aa8035e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d011:c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         6f:d1:90:8f:57:1b:49:65:be:23:fb:fc:46:40:34:f1:ed:d4:
         ca:d2:b8:b6:16:2d:f8:22:3d:09:a4:bc:ad:0e:57:f1:37:12:
         84:3a:9b:21:0e:69:f6:70:4d:0b:63:bd:a0:2c:6a:50:16:c2:
         a8:06:d4:97:81:2a:59:b6:51:75:5d:70:62:4c:29:94:f0:52:
         02:66:4b:2c:2a:82:5e:3f:0f:7c:20:ec:d9:51:66:4d:39:ba:
         fe:42:59:67:f0:9d:84:39:c7:13:50:64:1f:e0:56:07:0d:d6:
         b1:6c:ca:09:ec:56:75:9a:c5:8e:40:20:f0:b1:db:8a:4d:1d:
         56:c8:a4:23:13:fb:14:62:64:90:f5:77:9a:a3:5a:13:c8:d1:
         2e:65:2a:01:df:d1:74:db:5a:6d:a3:6b:bd:ed:b5:83:ff:c7:
         85:98:3c:28:d4:19:84:99:6f:a5:51:23:ea:5b:af:2f:b3:50:
         37:37:c5:a2:ee:a6:ef:75:a1:fb:fc:d4:c6:87:3c:7e:8b:62:
         31:4d:0c:b4:fb:0a:69:ca:16:0d:c0:ce:65:1f:46:6d:81:57:
         05:93:3c:9b:a6:04:3a:32:2b:3f:1b:be:d7:ef:e9:d6:03:7e:
         b6:7a:6b:5a:9d:94:cc:41:3f:f3:0b:a1:50:f3:8c:d0:5b:66:
         ef:75:06:2e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCjorRnXQhtqxgeQCyD7VsYW/U1gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDAxMDhaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDlkZmY4ZTQyYWI1YTQwMTUzMTAxYTVjNjE2YmVkMTlkYTg3MGI5YmFlNTVl
NGYzODJmYjc4ZTdkYzlhNjQ1ZTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIezXIHWbTruTroNqqFn6QrCBjQQrjPrIbidTUUxkYTcEawVOewZNC5CkM6I
hiFL+HHnjeknlO29O/QW75fSxCe9ttOvpj5x2ff9Vc2TGBNMVDOIsuig0U316md/
5Z96D2mO+/ptLPAxvMuZhnXVa2jZZLwnre8dMI1OX61lBzOS4FMSnbiz0JQ09OOz
1MzFilWoLjMgdiSi1Fi2T8taigG7bG7XvQ2FN/aWUCQK7m8Mc23zdQ42VA7QxI/G
4x3DL+iQa/XA4OwppbMQTMTkc8BUgDzANESEWd7XJHNZ+1+d8soLwPCaV0mps+ny
T1ni8X6jt3sn+SO0vbYjYDZ7flUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQk9dvw
eWuJDsXLjSE/ylpK2FjgJDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2I1ZWU0YzEtZGQzNi00OWE5LThiMDktODlkNThhYTgwMzVlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BEM
MA0GCSqGSIb3DQEBCwUAA4IBAQBv0ZCPVxtJZb4j+/xGQDTx7dTK0ri2Fi34Ij0J
pLytDlfxNxKEOpshDmn2cE0LY72gLGpQFsKoBtSXgSpZtlF1XXBiTCmU8FICZkss
KoJePw98IOzZUWZNObr+Qlln8J2EOccTUGQf4FYHDdaxbMoJ7FZ1msWOQCDwsduK
TR1WyKQjE/sUYmSQ9Xeao1oTyNEuZSoB39F021pto2u97bWD/8eFmDwo1BmEmW+l
USPqW68vs1A3N8Wi7qbvdaH7/NTGhzx+i2IxTQy0+wppyhYNwM5lH0ZtgVcFkzyb
pgQ6Mis/G77X7+nWA362emtanZTMQT/zC6FQ84zQW2bvdQYu
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:55 2025 by rpki-client