Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb8f4f37-fecd-4bc6-8edc-80be9f2fbeda.roa
File:                     cb8f4f37-fecd-4bc6-8edc-80be9f2fbeda.roa (raw, json)
Hash identifier:          tY8S1SrEnO4RzhbM7g8pZmqMmJUubqXA8eI1XkhGusA=
Subject key identifier:   85:6E:87:62:C6:38:29:EC:04:F4:EC:AF:1D:30:4D:B6:AC:55:D2:29
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       31A55624C9D6A12E62384E566287A7838F0648AD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb8f4f37-fecd-4bc6-8edc-80be9f2fbeda.roa
Signing time:             Fri 26 Sep 2025 19:41:26 +0000
ROA not before:           Fri 26 Sep 2025 19:41:26 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d03a:c000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:a5:56:24:c9:d6:a1:2e:62:38:4e:56:62:87:a7:83:8f:06:48:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:41:26 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=913589d288fb7facb22e83f74ecd257546bc93360dab2da62ef70714aee881bd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0a:f6:72:ee:df:9e:54:23:e4:b0:24:fb:ad:
                    de:d3:b0:92:32:d8:0d:ff:07:1e:fb:77:8e:39:fc:
                    d8:ef:01:dc:1b:80:4d:d9:f0:cc:50:88:0b:2d:64:
                    be:a4:b6:c1:cf:6a:42:7d:70:53:e4:5d:31:63:e6:
                    2a:c9:52:47:a0:e9:b9:6f:73:53:d6:d3:97:f5:0f:
                    81:39:d2:bc:11:9b:3b:8c:7a:e9:79:f0:7b:17:2f:
                    1d:35:23:12:00:fe:69:2a:2c:29:15:8f:1b:25:8e:
                    54:6b:23:62:98:39:b8:51:12:cd:25:0e:d8:cd:f3:
                    f8:08:1f:2c:f0:56:bd:e8:1a:6c:f0:05:43:1d:3d:
                    88:93:5a:86:6b:aa:b4:aa:a0:7f:18:46:c5:1c:b1:
                    11:09:63:8c:f8:4f:23:10:73:1c:f3:c0:ae:a8:3e:
                    d8:7b:2b:7c:72:8c:9c:de:57:d8:47:30:da:0a:f1:
                    53:04:4b:7a:6d:84:44:da:40:ff:ca:d2:f9:4c:43:
                    42:9f:65:7b:0d:8a:f0:39:a4:85:f1:94:55:59:d3:
                    96:db:fe:cd:f0:2e:07:a6:7b:fc:d6:4c:92:5a:c2:
                    1f:5a:db:05:53:8f:81:ec:d3:eb:85:0f:e4:14:02:
                    7e:b4:da:19:4d:5f:b5:76:1c:93:ab:91:db:2c:fc:
                    18:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:6E:87:62:C6:38:29:EC:04:F4:EC:AF:1D:30:4D:B6:AC:55:D2:29
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb8f4f37-fecd-4bc6-8edc-80be9f2fbeda.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d03a:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         51:f9:ce:ec:c7:71:33:d8:75:17:44:ba:70:7d:d4:10:d2:f4:
         13:08:22:42:3d:4b:c9:05:a6:d3:f2:a9:5d:0a:59:14:c6:d5:
         ff:b8:86:14:96:09:d9:4c:d5:89:c7:57:2a:93:95:46:42:56:
         eb:75:03:4e:87:b6:44:6b:5a:52:e7:65:ca:ee:eb:59:4f:1f:
         a4:b2:c4:fc:be:91:09:95:d3:c8:4d:f6:d1:6b:ab:e0:c6:f1:
         8b:cf:6c:4f:d8:87:d9:94:43:97:d8:5c:f6:46:5c:29:fa:58:
         f7:3c:56:88:e5:03:48:aa:e9:7c:0c:6d:1a:ff:5d:f4:83:9a:
         a6:9f:e6:9a:5e:25:cd:e0:44:84:66:fe:33:28:ed:35:c3:6f:
         8a:4a:80:02:3e:1c:c3:8c:b6:72:6d:1b:40:3d:97:40:c2:95:
         bc:a6:29:98:0f:8f:1a:17:39:dc:45:ba:69:0a:36:ed:0b:fd:
         1a:7f:55:9a:96:91:5b:50:07:cc:37:f6:87:0d:c0:02:7d:5c:
         d0:48:3e:38:ba:74:69:a0:c7:83:df:72:f8:81:de:f5:ab:2f:
         00:80:17:ba:2f:cd:f3:d1:e5:fd:ca:07:e9:7f:48:a4:00:c0:
         94:39:6a:1b:ad:e0:99:cc:2c:23:ff:ba:cb:dd:d5:44:6b:ae:
         a9:23:2b:eb
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMaVWJMnWoS5iOE5WYoeng48GSK0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQxMjZaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDkxMzU4OWQyODhmYjdmYWNiMjJlODNmNzRlY2QyNTc1NDZiYzkzMzYwZGFi
MmRhNjJlZjcwNzE0YWVlODgxYmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL0K9nLu355UI+SwJPut3tOwkjLYDf8HHvt3jjn82O8B3BuATdnwzFCICy1k
vqS2wc9qQn1wU+RdMWPmKslSR6DpuW9zU9bTl/UPgTnSvBGbO4x66XnwexcvHTUj
EgD+aSosKRWPGyWOVGsjYpg5uFESzSUO2M3z+AgfLPBWvegabPAFQx09iJNahmuq
tKqgfxhGxRyxEQljjPhPIxBzHPPArqg+2HsrfHKMnN5X2Ecw2grxUwRLem2ERNpA
/8rS+UxDQp9lew2K8DmkhfGUVVnTltv+zfAuB6Z7/NZMklrCH1rbBVOPgezT64UP
5BQCfrTaGU1ftXYck6uR2yz8GK0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSFbodi
xjgp7AT07K8dME22rFXSKTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2I4ZjRmMzctZmVjZC00YmM2LThlZGMtODBiZTlmMmZiZWRhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DrA
MA0GCSqGSIb3DQEBCwUAA4IBAQBR+c7sx3Ez2HUXRLpwfdQQ0vQTCCJCPUvJBabT
8qldClkUxtX/uIYUlgnZTNWJx1cqk5VGQlbrdQNOh7ZEa1pS52XK7utZTx+kssT8
vpEJldPITfbRa6vgxvGLz2xP2IfZlEOX2Fz2Rlwp+lj3PFaI5QNIqul8DG0a/130
g5qmn+aaXiXN4ESEZv4zKO01w2+KSoACPhzDjLZybRtAPZdAwpW8pimYD48aFznc
RbppCjbtC/0af1WalpFbUAfMN/aHDcACfVzQSD44unRpoMeD33L4gd71qy8AgBe6
L83z0eX9ygfpf0ikAMCUOWobreCZzCwj/7rL3dVEa66pIyvr
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:18 2025 by rpki-client