Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cfca2455-b58e-43e0-a15f-276f8a5b527f.roa
File:                     cfca2455-b58e-43e0-a15f-276f8a5b527f.roa (raw, json)
Hash identifier:          CoKVzNkoYi+j+NA9Y0nIinEJQWvg6s+ooMef0r54ZbI=
Subject key identifier:   AE:55:30:02:D6:38:25:4A:AE:BA:49:5C:0E:2B:B5:6D:C9:7B:3F:36
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7C2B36F39A117268C2C1D77230468A3146476BBF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cfca2455-b58e-43e0-a15f-276f8a5b527f.roa
Signing time:             Fri 26 Sep 2025 18:50:21 +0000
ROA not before:           Fri 26 Sep 2025 18:50:21 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:e040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:2b:36:f3:9a:11:72:68:c2:c1:d7:72:30:46:8a:31:46:47:6b:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:50:21 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=637af50781de72473a1fb5906144539a034f49784f7a4d26db104e6cc9566e4a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:08:7b:ef:ac:e4:2b:7d:63:35:4c:f4:8c:68:
                    ef:fd:74:3f:00:e9:62:40:c1:b6:b9:42:ba:b8:01:
                    6f:c5:9e:2f:c6:0b:53:47:a9:9a:34:0e:8b:0c:e2:
                    e1:8c:35:e8:21:54:55:7f:8f:91:11:28:58:92:41:
                    c3:21:ea:71:cb:06:41:81:85:6a:fe:81:84:ad:00:
                    c5:0f:54:29:74:73:c3:ec:5f:f9:98:0d:d2:26:43:
                    dc:f3:02:cd:26:a8:b5:6c:e7:93:9c:14:68:2b:7d:
                    36:37:43:ca:ff:9d:e6:40:70:93:57:a8:0d:74:ae:
                    1e:c1:99:43:75:40:ed:38:45:44:db:5b:a5:fd:c3:
                    32:38:11:ce:9e:42:2f:67:42:75:b6:5f:ad:d8:90:
                    1b:8b:b8:6c:eb:99:d5:e7:41:2a:71:f5:50:b1:34:
                    f4:ac:b5:6a:23:35:26:fa:fe:be:04:0a:23:f8:49:
                    89:94:c4:92:21:b4:39:4c:5f:8b:92:31:35:5b:f1:
                    9d:c8:9b:88:53:4b:6b:71:54:fa:5c:ff:77:98:ea:
                    65:c0:39:a6:73:6e:62:1c:67:7e:e3:ac:46:a7:1b:
                    c4:86:e6:65:16:bb:41:8f:33:78:04:86:27:da:04:
                    31:03:a6:d6:8d:8d:76:8d:d3:fa:b4:b3:aa:33:18:
                    eb:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:55:30:02:D6:38:25:4A:AE:BA:49:5C:0E:2B:B5:6D:C9:7B:3F:36
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cfca2455-b58e-43e0-a15f-276f8a5b527f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:e040::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:3c:6e:e1:44:c5:e9:63:52:af:86:81:fb:1a:e0:05:f0:38:
         52:46:f6:f8:f1:97:b1:59:8a:b0:3a:39:02:ad:24:24:57:7c:
         01:8d:8e:f6:31:f0:9f:64:a1:5f:63:a3:3a:be:07:32:63:39:
         fe:66:68:89:29:18:de:85:ca:18:df:3a:ad:74:a0:70:e0:17:
         16:f3:d5:24:b0:c7:dc:de:02:0f:55:a7:2d:ba:e9:a0:f0:52:
         75:d8:4d:1c:0f:4f:e4:1b:2b:0a:fb:b0:20:12:79:cf:69:1e:
         3b:0b:af:0a:af:75:b9:da:d4:79:1e:1a:ee:c8:bd:f6:7d:97:
         b1:9c:83:ce:67:6a:f3:1d:77:11:53:51:9f:7a:db:c8:5c:55:
         b4:63:3a:db:9c:52:af:56:db:00:7f:37:e1:99:8d:f4:0f:a9:
         80:f6:d6:fb:e6:40:07:c1:fc:05:38:75:93:85:e0:6c:d7:b6:
         46:59:97:1c:5c:f0:88:b7:5d:5c:7f:2e:68:43:f6:db:62:08:
         f9:47:f1:ba:2a:71:a1:94:07:df:ae:b5:ae:9b:dc:ec:be:db:
         9f:f3:3d:22:6c:3f:70:04:e4:d3:d5:03:d8:86:1d:c6:48:82:
         de:b9:37:42:c2:3b:b8:54:93:33:24:2b:a1:6c:ce:ac:72:73:
         ec:97:0c:f5
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUfCs285oRcmjCwddyMEaKMUZHa78wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODUwMjFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDYzN2FmNTA3ODFkZTcyNDczYTFmYjU5MDYxNDQ1MzlhMDM0ZjQ5Nzg0Zjdh
NGQyNmRiMTA0ZTZjYzk1NjZlNGExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKUIe++s5Ct9YzVM9Ixo7/10PwDpYkDBtrlCurgBb8WeL8YLU0epmjQOiwzi
4Yw16CFUVX+PkREoWJJBwyHqccsGQYGFav6BhK0AxQ9UKXRzw+xf+ZgN0iZD3PMC
zSaotWznk5wUaCt9NjdDyv+d5kBwk1eoDXSuHsGZQ3VA7ThFRNtbpf3DMjgRzp5C
L2dCdbZfrdiQG4u4bOuZ1edBKnH1ULE09Ky1aiM1Jvr+vgQKI/hJiZTEkiG0OUxf
i5IxNVvxncibiFNLa3FU+lz/d5jqZcA5pnNuYhxnfuOsRqcbxIbmZRa7QY8zeASG
J9oEMQOm1o2Ndo3T+rSzqjMY68UCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSuVTAC
1jglSq66SVwOK7VtyXs/NjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2ZjYTI0NTUtYjU4ZS00M2UwLWExNWYtMjc2ZjhhNWI1MjdmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H/g
QDANBgkqhkiG9w0BAQsFAAOCAQEABjxu4UTF6WNSr4aB+xrgBfA4Ukb2+PGXsVmK
sDo5Aq0kJFd8AY2O9jHwn2ShX2OjOr4HMmM5/mZoiSkY3oXKGN86rXSgcOAXFvPV
JLDH3N4CD1WnLbrpoPBSddhNHA9P5BsrCvuwIBJ5z2keOwuvCq91udrUeR4a7si9
9n2XsZyDzmdq8x13EVNRn3rbyFxVtGM625xSr1bbAH834ZmN9A+pgPbW++ZAB8H8
BTh1k4XgbNe2RlmXHFzwiLddXH8uaEP222II+UfxuipxoZQH3661rpvc7L7bn/M9
Imw/cATk09UD2IYdxkiC3rk3QsI7uFSTMyQroWzOrHJz7JcM9Q==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:10 2025 by rpki-client