Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ce2bc1d7-e429-4350-b9cd-a49158d2b118.roa
File:                     ce2bc1d7-e429-4350-b9cd-a49158d2b118.roa (raw, json)
Hash identifier:          zNqgmeyMyKr4Y3+jLtSm9F8pSTDhiCffx1OlFYJ5ahU=
Subject key identifier:   13:D8:31:C4:06:08:2E:C3:61:FC:74:D1:59:E0:21:4B:CE:27:F3:9A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       15CD90ABCF7905CE6D838CC9D072ED54A1B460B2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ce2bc1d7-e429-4350-b9cd-a49158d2b118.roa
Signing time:             Fri 26 Sep 2025 19:38:40 +0000
ROA not before:           Fri 26 Sep 2025 19:38:40 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d038:a000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:cd:90:ab:cf:79:05:ce:6d:83:8c:c9:d0:72:ed:54:a1:b4:60:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:38:40 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=34c158b66fa847eb94f31068b9e64cafd3089d51d1c4b979298a04d2af80d495, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:5d:9c:be:73:fd:d1:87:48:1e:20:1f:7c:85:
                    f6:ee:6b:c9:1e:ff:81:d3:65:e7:22:a7:bf:bb:46:
                    e7:0e:39:03:fe:80:b7:e5:72:cb:04:63:b5:bc:28:
                    4b:45:1c:71:23:87:ce:48:bb:53:4c:8c:91:5e:6f:
                    40:7d:36:c3:44:7b:48:f3:5f:dc:bd:ea:e4:fd:78:
                    fc:7f:1f:ed:6a:8f:c5:20:6a:f8:94:49:9d:8f:bc:
                    60:4a:3f:08:c2:27:ab:9e:ef:30:16:1c:09:86:93:
                    04:f0:31:b7:e6:d2:8b:09:e8:cb:4f:f4:7c:af:32:
                    9f:b3:8c:4e:b6:f0:ac:9d:e1:4e:e6:b1:a9:37:4a:
                    6e:6c:3f:0e:b4:de:b0:3b:e6:ca:35:0b:2c:9f:c3:
                    97:be:77:a9:d6:82:79:3c:a2:d4:88:82:9a:0c:7c:
                    3b:af:63:f6:cb:d0:c3:cb:7c:4f:b6:0e:99:08:5d:
                    d2:0c:b2:18:71:88:74:bd:da:bd:26:7c:ea:e0:43:
                    c5:bf:b0:62:71:b0:95:bf:11:b4:01:16:3b:cc:23:
                    8e:bc:46:2d:19:1b:a8:ea:b8:12:82:43:68:62:04:
                    c1:6b:10:ec:a4:ad:43:d5:c5:f4:32:76:0d:d7:34:
                    76:ae:5b:e1:eb:8f:97:bd:a3:c8:a4:93:38:40:f5:
                    c6:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:D8:31:C4:06:08:2E:C3:61:FC:74:D1:59:E0:21:4B:CE:27:F3:9A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ce2bc1d7-e429-4350-b9cd-a49158d2b118.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d038:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         71:2a:9d:f9:e2:71:b0:ae:9b:ba:1f:01:61:43:55:13:66:ab:
         a1:59:91:67:b3:ce:a4:62:de:e7:42:6a:62:03:cb:22:eb:f8:
         f8:80:91:bb:3e:ac:54:a9:fd:70:4d:73:c3:e7:00:b3:94:44:
         07:52:92:20:6f:81:be:66:34:2c:27:8c:f3:ff:fa:e4:30:0a:
         78:8a:5c:6f:c3:a7:a7:88:af:a5:44:f7:48:9b:6c:59:be:78:
         db:2d:ef:56:4e:b6:cf:ee:3a:2e:d4:4b:ab:81:97:85:b7:c9:
         39:41:fb:21:96:87:68:46:b5:62:dc:69:a8:18:3c:ca:50:ec:
         76:cc:d6:ad:8a:b2:d6:1d:43:91:c4:8d:5d:0b:dd:f3:97:82:
         d6:a5:7a:92:d7:d4:de:be:27:f9:74:d6:74:07:d9:4d:6f:fe:
         cc:8e:33:8a:90:ba:30:d8:65:f6:d6:db:27:37:08:ce:6b:86:
         f6:fc:b2:ac:d8:4a:83:5e:10:24:06:6f:2f:60:4f:e8:b6:ee:
         75:0a:53:65:59:e9:10:72:be:57:98:b4:94:3b:cb:47:9b:3e:
         0b:2e:50:58:4a:c9:77:33:d0:40:9b:68:9a:55:84:09:66:9b:
         68:4f:4b:d2:3c:9b:c5:7c:58:89:c8:f8:bf:c3:78:d2:0f:81:
         c0:51:90:76
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFc2Qq895Bc5tg4zJ0HLtVKG0YLIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTM4NDBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDM0YzE1OGI2NmZhODQ3ZWI5NGYzMTA2OGI5ZTY0Y2FmZDMwODlkNTFkMWM0
Yjk3OTI5OGEwNGQyYWY4MGQ0OTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANJdnL5z/dGHSB4gH3yF9u5ryR7/gdNl5yKnv7tG5w45A/6At+VyywRjtbwo
S0UccSOHzki7U0yMkV5vQH02w0R7SPNf3L3q5P14/H8f7WqPxSBq+JRJnY+8YEo/
CMInq57vMBYcCYaTBPAxt+bSiwnoy0/0fK8yn7OMTrbwrJ3hTuaxqTdKbmw/DrTe
sDvmyjULLJ/Dl753qdaCeTyi1IiCmgx8O69j9svQw8t8T7YOmQhd0gyyGHGIdL3a
vSZ86uBDxb+wYnGwlb8RtAEWO8wjjrxGLRkbqOq4EoJDaGIEwWsQ7KStQ9XF9DJ2
Ddc0dq5b4euPl72jyKSTOED1xikCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQT2DHE
Bgguw2H8dNFZ4CFLzifzmjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2UyYmMxZDctZTQyOS00MzUwLWI5Y2QtYTQ5MTU4ZDJiMTE4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dig
MA0GCSqGSIb3DQEBCwUAA4IBAQBxKp354nGwrpu6HwFhQ1UTZquhWZFns86kYt7n
QmpiA8si6/j4gJG7PqxUqf1wTXPD5wCzlEQHUpIgb4G+ZjQsJ4zz//rkMAp4ilxv
w6eniK+lRPdIm2xZvnjbLe9WTrbP7jou1EurgZeFt8k5QfshlodoRrVi3GmoGDzK
UOx2zNatirLWHUORxI1dC93zl4LWpXqS19Tevif5dNZ0B9lNb/7MjjOKkLow2GX2
1tsnNwjOa4b2/LKs2EqDXhAkBm8vYE/otu51ClNlWekQcr5XmLSUO8tHmz4LLlBY
Ssl3M9BAm2iaVYQJZptoT0vSPJvFfFiJyPi/w3jSD4HAUZB2
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:10 2025 by rpki-client