Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cbd21b9e-7627-4ebc-a1f8-63890b5d4144.roa
File:                     cbd21b9e-7627-4ebc-a1f8-63890b5d4144.roa (raw, json)
Hash identifier:          pNUgEsIWgUfMATT9NbOHcE2yzoy0+rGLcZW0nHiDZHY=
Subject key identifier:   50:66:F5:CE:A3:12:57:24:B2:BF:B4:70:06:07:A8:E1:64:72:1C:8D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       429B46A549F325C9A9BE21E20234F893F565D621
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cbd21b9e-7627-4ebc-a1f8-63890b5d4144.roa
Signing time:             Fri 10 Oct 2025 17:04:19 +0000
ROA not before:           Fri 10 Oct 2025 17:04:19 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d059:800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:9b:46:a5:49:f3:25:c9:a9:be:21:e2:02:34:f8:93:f5:65:d6:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 10 17:04:19 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=2eb4f4669e49a853258bd1159b7e29edcfc9b26b643ed64339d0f264be702fe9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:93:c7:3d:c6:30:04:2d:75:71:45:10:56:f5:
                    96:f3:d9:6b:aa:29:0f:57:25:6c:c1:15:a8:59:bc:
                    43:e3:ee:71:45:d1:ae:e0:a3:80:8d:15:0e:e3:90:
                    e0:d5:9f:7f:78:56:8c:5c:76:97:ab:e4:0b:24:92:
                    a6:29:9e:28:4b:57:ee:19:80:16:b9:c2:ac:3b:b7:
                    e2:53:d1:b8:2c:fe:c5:72:84:56:f6:ce:3a:a7:64:
                    0c:df:4b:cd:23:50:bf:ac:c3:41:b0:5c:7f:74:8d:
                    e4:38:5b:ad:30:6f:66:38:43:d1:87:ca:99:f6:91:
                    0c:a0:37:d3:8e:52:41:5b:26:42:9a:10:07:c2:4a:
                    a7:48:50:9a:d9:39:9c:29:74:ea:fb:89:e9:29:d4:
                    21:a4:1f:c1:3e:ee:81:99:4d:fd:68:94:ad:e2:0c:
                    74:1f:2a:2e:2b:23:2d:f8:54:3d:4d:10:b8:a0:72:
                    8a:b3:74:69:62:4f:a5:c3:30:c0:79:7b:c6:03:2a:
                    d0:d3:e3:bd:e0:68:09:39:75:c9:24:79:85:ed:07:
                    e6:9e:71:60:98:57:9c:f2:4a:0b:97:3c:59:e1:12:
                    88:9a:58:5b:6c:12:4d:01:00:cf:53:a0:0f:59:e9:
                    23:47:5c:ef:c2:9a:b1:14:24:9f:6f:1b:11:c0:54:
                    31:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:66:F5:CE:A3:12:57:24:B2:BF:B4:70:06:07:A8:E1:64:72:1C:8D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cbd21b9e-7627-4ebc-a1f8-63890b5d4144.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d059:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         b7:d7:76:f2:b2:35:30:b0:57:2b:ab:d1:f8:ba:70:50:bd:19:
         d9:77:1f:83:03:6a:f8:98:ba:01:3b:95:16:66:f6:e2:0b:08:
         33:6e:36:51:7c:33:77:de:e7:ec:3d:e0:d1:da:e8:d9:4a:c0:
         de:26:46:e5:34:f4:eb:20:c2:36:78:17:b7:00:4b:a7:9f:56:
         48:05:a3:2d:23:31:b9:3f:08:ad:a9:7b:11:8a:e4:ad:86:b4:
         db:d6:51:ea:e9:db:0c:0f:79:3e:6c:86:55:4d:1f:a6:97:d4:
         fb:bc:f9:7b:8b:f1:e7:5c:47:56:50:0b:a7:b2:67:3f:1d:ab:
         f9:7c:a2:cd:13:3a:9a:a7:65:49:1b:c2:be:d4:3a:81:cc:d6:
         e8:54:9c:8a:e3:78:c8:11:ef:77:17:87:93:ae:78:9b:1c:13:
         23:32:3c:40:f3:65:44:28:90:86:46:31:6d:4a:9a:de:8b:ab:
         48:b7:bc:a4:66:65:20:f7:f3:20:af:87:ba:73:2c:96:6d:5e:
         4a:d2:ea:ba:fc:17:f4:38:c3:40:51:ab:bd:3a:f9:1f:a6:74:
         9b:67:13:24:ae:8c:0b:72:2c:83:9e:f7:66:a7:ea:d0:8f:3c:
         8f:b8:8b:a4:2e:b0:58:c1:f0:35:78:5a:fb:f2:ff:1d:9d:c2:
         5e:99:a6:34
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQptGpUnzJcmpviHiAjT4k/Vl1iEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzA0MTlaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDJlYjRmNDY2OWU0OWE4NTMyNThiZDExNTliN2UyOWVkY2ZjOWIyNmI2NDNl
ZDY0MzM5ZDBmMjY0YmU3MDJmZTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMOTxz3GMAQtdXFFEFb1lvPZa6opD1clbMEVqFm8Q+PucUXRruCjgI0VDuOQ
4NWff3hWjFx2l6vkCySSpimeKEtX7hmAFrnCrDu34lPRuCz+xXKEVvbOOqdkDN9L
zSNQv6zDQbBcf3SN5DhbrTBvZjhD0YfKmfaRDKA3045SQVsmQpoQB8JKp0hQmtk5
nCl06vuJ6SnUIaQfwT7ugZlN/WiUreIMdB8qLisjLfhUPU0QuKByirN0aWJPpcMw
wHl7xgMq0NPjveBoCTl1ySR5he0H5p5xYJhXnPJKC5c8WeESiJpYW2wSTQEAz1Og
D1npI0dc78KasRQkn28bEcBUMVcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRQZvXO
oxJXJLK/tHAGB6jhZHIcjTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2JkMjFiOWUtNzYyNy00ZWJjLWExZjgtNjM4OTBiNWQ0MTQ0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FkI
MA0GCSqGSIb3DQEBCwUAA4IBAQC313bysjUwsFcrq9H4unBQvRnZdx+DA2r4mLoB
O5UWZvbiCwgzbjZRfDN33ufsPeDR2ujZSsDeJkblNPTrIMI2eBe3AEunn1ZIBaMt
IzG5PwitqXsRiuSthrTb1lHq6dsMD3k+bIZVTR+ml9T7vPl7i/HnXEdWUAunsmc/
Hav5fKLNEzqap2VJG8K+1DqBzNboVJyK43jIEe93F4eTrnibHBMjMjxA82VEKJCG
RjFtSprei6tIt7ykZmUg9/Mgr4e6cyyWbV5K0uq6/Bf0OMNAUau9OvkfpnSbZxMk
rowLciyDnvdmp+rQjzyPuIukLrBYwfA1eFr78v8dncJemaY0
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:30 2025 by rpki-client