Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cceafdf4-c97a-45c6-a4d2-b319afc6f49e.roa
File:                     cceafdf4-c97a-45c6-a4d2-b319afc6f49e.roa (raw, json)
Hash identifier:          sINRU1Y9atN6c2nn2/Q4nNdhj9IvY1b2vWPGpJH7EvQ=
Subject key identifier:   34:CE:33:9C:A7:46:3E:D8:34:21:86:CF:67:11:81:7A:56:48:B8:C3
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6D1C048C5520B0A2D7125AE55630A3F7596FBD9E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cceafdf4-c97a-45c6-a4d2-b319afc6f49e.roa
Signing time:             Mon 06 Oct 2025 18:00:36 +0000
ROA not before:           Mon 06 Oct 2025 18:00:36 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d073:8040::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:1c:04:8c:55:20:b0:a2:d7:12:5a:e5:56:30:a3:f7:59:6f:bd:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct  6 18:00:36 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=fe2c5ff8d2e14046591c580ffe752fa7bea29107658e2f88c1b49b978c3783f2, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:bd:5a:a7:d3:89:e7:5b:fb:dc:2c:21:67:98:
                    ce:cf:b2:e2:16:92:fd:07:f0:2a:d8:b6:8d:f2:54:
                    34:0a:8f:3f:d2:74:c6:24:b9:c0:13:75:51:a2:f8:
                    bf:05:b5:34:c5:ed:b0:bb:71:9e:79:bc:b9:11:e2:
                    bf:6c:28:66:14:22:02:f4:a6:74:a7:5f:c5:2e:bd:
                    fa:15:a2:cd:03:8f:35:bb:5f:6b:4e:95:2e:03:aa:
                    e4:f2:f7:8b:a9:30:2c:1c:57:2d:f4:fd:40:07:77:
                    0f:38:16:ad:d7:06:dc:0c:ea:3e:63:1a:1b:8d:b5:
                    33:81:c6:cd:56:8c:ab:74:9e:a3:56:71:5f:a9:ba:
                    37:50:85:a1:e4:01:4a:70:c5:33:30:2c:e4:26:ab:
                    95:78:a0:77:fa:d9:d7:24:0c:78:a0:44:d7:ed:22:
                    d6:9c:f6:bf:ad:a7:10:94:6f:b8:ed:ae:4a:da:f1:
                    76:9d:e3:67:5f:0e:44:eb:d5:e4:b9:6f:70:e4:a3:
                    08:54:2c:f8:0e:2a:08:b1:04:b8:74:81:11:0d:d6:
                    3a:e2:db:0b:d7:93:e0:18:e1:38:c0:3d:ea:f1:48:
                    ee:b6:a9:62:18:17:ee:7b:c1:b3:ed:f5:95:17:6a:
                    40:5c:93:82:7c:38:9c:b4:15:b6:a3:ba:bd:5a:a5:
                    83:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:CE:33:9C:A7:46:3E:D8:34:21:86:CF:67:11:81:7A:56:48:B8:C3
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cceafdf4-c97a-45c6-a4d2-b319afc6f49e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d073:8040::/46

    Signature Algorithm: sha256WithRSAEncryption
         51:9a:9b:ec:ea:55:05:e8:55:cd:0b:a9:33:29:cc:5e:a8:b9:
         30:5e:02:d7:86:3b:64:78:90:4d:e5:a8:9b:a7:ad:85:14:e1:
         16:29:e8:75:c9:93:94:68:12:eb:33:1c:1d:95:10:e8:57:7d:
         13:04:47:96:ff:63:a3:d9:9b:16:f4:20:f1:da:0c:cb:64:ac:
         eb:92:a1:eb:76:5a:8e:d9:3f:01:31:9c:af:ee:ca:0b:7b:2d:
         60:28:b1:14:e4:4e:64:87:0b:f9:ce:45:a5:36:6f:72:46:fd:
         1d:37:46:69:cd:87:21:63:46:f6:90:87:9e:7b:6e:bd:d4:14:
         a6:e7:ff:fe:ac:37:d2:6c:a3:23:47:8d:55:b4:fb:ab:f3:6b:
         e1:25:fb:dc:46:f3:8f:5e:29:1d:01:95:f5:45:f7:f4:b7:61:
         22:f3:1e:8c:0b:8d:5a:71:0e:3f:b4:a1:eb:e0:f7:9b:32:07:
         23:5a:9e:96:53:4f:8d:e6:8b:c1:c2:57:08:2a:6b:6c:76:23:
         03:f8:5f:45:c6:09:ae:15:20:bc:2f:49:2a:bb:98:e9:c0:11:
         8d:21:71:c2:f9:02:ac:7e:c1:09:3c:fd:f3:8d:4e:86:e3:48:
         e3:5c:fb:18:51:07:e4:a1:c3:f9:00:13:07:e1:0d:07:86:c9:
         70:03:41:52
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUbRwEjFUgsKLXElrlVjCj91lvvZ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODAwMzZaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGZlMmM1ZmY4ZDJlMTQwNDY1OTFjNTgwZmZlNzUyZmE3YmVhMjkxMDc2NThl
MmY4OGMxYjQ5Yjk3OGMzNzgzZjIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI29WqfTiedb+9wsIWeYzs+y4haS/QfwKti2jfJUNAqPP9J0xiS5wBN1UaL4
vwW1NMXtsLtxnnm8uRHiv2woZhQiAvSmdKdfxS69+hWizQOPNbtfa06VLgOq5PL3
i6kwLBxXLfT9QAd3DzgWrdcG3AzqPmMaG421M4HGzVaMq3Seo1ZxX6m6N1CFoeQB
SnDFMzAs5CarlXigd/rZ1yQMeKBE1+0i1pz2v62nEJRvuO2uStrxdp3jZ18OROvV
5LlvcOSjCFQs+A4qCLEEuHSBEQ3WOuLbC9eT4BjhOMA96vFI7rapYhgX7nvBs+31
lRdqQFyTgnw4nLQVtqO6vVqlg4MCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQ0zjOc
p0Y+2DQhhs9nEYF6Vki4wzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2NlYWZkZjQtYzk3YS00NWM2LWE0ZDItYjMxOWFmYzZmNDllLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HOA
QDANBgkqhkiG9w0BAQsFAAOCAQEAUZqb7OpVBehVzQupMynMXqi5MF4C14Y7ZHiQ
TeWom6ethRThFinodcmTlGgS6zMcHZUQ6Fd9EwRHlv9jo9mbFvQg8doMy2Ss65Kh
63Zajtk/ATGcr+7KC3stYCixFOROZIcL+c5FpTZvckb9HTdGac2HIWNG9pCHnntu
vdQUpuf//qw30myjI0eNVbT7q/Nr4SX73Ebzj14pHQGV9UX39LdhIvMejAuNWnEO
P7Sh6+D3mzIHI1qellNPjeaLwcJXCCprbHYjA/hfRcYJrhUgvC9JKruY6cARjSFx
wvkCrH7BCTz9841OhuNI41z7GFEH5KHD+QATB+ENB4bJcANBUg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:07 2025 by rpki-client