Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2b7a4eb-e2de-4458-a759-5125161eb686.roa
File:                     d2b7a4eb-e2de-4458-a759-5125161eb686.roa (raw, json)
Hash identifier:          hn4nzuKKeVx6LXN1JGuh5O5g2DnXLQLaWWPSPXw7IiU=
Subject key identifier:   76:86:C9:A2:C3:DF:CA:4E:EF:A8:4E:AD:1D:5E:F8:E6:BD:E6:18:C2
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7F579978AAAA460DA282EAA67DB9A761BE5AA5EF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2b7a4eb-e2de-4458-a759-5125161eb686.roa
Signing time:             Fri 10 Oct 2025 17:04:21 +0000
ROA not before:           Fri 10 Oct 2025 17:04:21 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d059:a000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:57:99:78:aa:aa:46:0d:a2:82:ea:a6:7d:b9:a7:61:be:5a:a5:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 10 17:04:21 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=ebf70e2d2fd7c96efad80a98d0324f08ed964cc91168aff2c5652e7886297fef, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:92:8f:f4:f4:b7:32:81:9c:92:0f:d9:f6:ce:
                    c3:42:d6:74:20:e9:22:80:f3:9d:99:b5:be:41:14:
                    0e:d1:93:f4:57:4e:de:3f:74:1c:6b:ea:f7:f8:0e:
                    e4:1f:b4:4e:49:2a:82:82:d5:26:43:3d:4e:fd:12:
                    0b:c1:96:ad:dd:fc:34:fb:2a:c7:73:fd:b7:19:60:
                    2e:75:04:01:10:79:54:0a:c7:44:5b:db:a0:16:e7:
                    2d:b1:89:c5:c7:a2:4d:c8:01:3a:1f:b3:42:10:02:
                    94:a7:89:6e:7e:14:7c:03:5d:12:4b:d2:60:2d:fd:
                    4e:c7:8d:cb:8a:c0:a0:d4:c0:a6:5f:8a:2c:68:45:
                    b3:33:5c:3a:58:9a:a4:e7:5c:0e:63:36:3d:f5:22:
                    bb:42:ee:33:20:73:97:64:fb:d8:9d:6c:12:cb:f8:
                    62:0c:49:cd:15:e0:0a:3b:4f:95:bd:17:2f:df:f0:
                    c6:33:83:68:2c:d1:fa:cb:7c:86:59:0d:42:1b:4e:
                    d4:67:8b:d6:dd:ab:b3:26:01:85:b2:bb:27:6f:a0:
                    bf:6c:ad:90:3f:05:02:6f:26:59:0a:f5:ad:91:91:
                    f2:2b:0f:7b:a0:d0:6e:8b:cc:63:55:cc:c0:d0:3e:
                    b6:25:b4:96:50:96:c1:c7:74:ef:c5:45:b2:79:f9:
                    6a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:86:C9:A2:C3:DF:CA:4E:EF:A8:4E:AD:1D:5E:F8:E6:BD:E6:18:C2
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2b7a4eb-e2de-4458-a759-5125161eb686.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d059:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         be:db:01:a6:7a:7d:e0:a5:67:2f:48:46:4e:2b:b9:84:fa:01:
         e3:91:66:cc:ff:0f:47:99:b7:5a:a3:b6:d7:38:39:0d:76:4f:
         82:4c:af:ab:d6:73:6e:d4:3f:fb:ee:48:7f:97:9e:c4:c0:12:
         ac:df:ec:c7:84:7a:50:b8:4a:69:23:1d:d2:af:42:3e:ff:5a:
         48:0a:3d:48:6d:40:a5:f4:ce:fb:ee:75:11:24:9b:49:51:e0:
         ad:44:2c:77:79:1c:9a:d1:00:0e:94:24:2d:3d:73:a7:df:ed:
         7a:9a:1d:f5:a2:66:3e:63:2a:25:ba:90:9f:84:a0:31:52:95:
         5f:2e:c8:04:0b:04:75:81:e6:0d:89:f3:0e:23:08:e4:05:27:
         2f:b7:6b:c7:8a:53:38:74:ae:e0:3b:45:b6:05:da:d2:53:8a:
         04:58:1e:6a:cf:02:c5:6d:e9:0f:ab:e3:9e:f6:cd:89:49:80:
         92:c7:60:83:5d:c2:d6:99:90:f4:a6:a6:f1:46:74:84:3d:c5:
         7f:60:cf:8f:df:74:8b:7d:80:15:d6:9a:1a:2f:9b:d9:de:15:
         0c:f0:c7:49:17:1e:d1:9b:76:62:42:32:96:42:8a:c4:81:e7:
         52:0f:c3:fb:c0:ba:77:32:43:99:92:e9:30:a9:8a:92:df:2d:
         44:f3:35:53
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUf1eZeKqqRg2iguqmfbmnYb5ape8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzA0MjFaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQGViZjcwZTJkMmZkN2M5NmVmYWQ4MGE5OGQwMzI0ZjA4ZWQ5NjRjYzkxMTY4
YWZmMmM1NjUyZTc4ODYyOTdmZWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJuSj/T0tzKBnJIP2fbOw0LWdCDpIoDznZm1vkEUDtGT9FdO3j90HGvq9/gO
5B+0TkkqgoLVJkM9Tv0SC8GWrd38NPsqx3P9txlgLnUEARB5VArHRFvboBbnLbGJ
xceiTcgBOh+zQhAClKeJbn4UfANdEkvSYC39TseNy4rAoNTApl+KLGhFszNcOlia
pOdcDmM2PfUiu0LuMyBzl2T72J1sEsv4YgxJzRXgCjtPlb0XL9/wxjODaCzR+st8
hlkNQhtO1GeL1t2rsyYBhbK7J2+gv2ytkD8FAm8mWQr1rZGR8isPe6DQbovMY1XM
wNA+tiW0llCWwcd078VFsnn5ai0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR2hsmi
w9/KTu+oTq0dXvjmveYYwjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDJiN2E0ZWItZTJkZS00NDU4LWE3NTktNTEyNTE2MWViNjg2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fmg
MA0GCSqGSIb3DQEBCwUAA4IBAQC+2wGmen3gpWcvSEZOK7mE+gHjkWbM/w9Hmbda
o7bXODkNdk+CTK+r1nNu1D/77kh/l57EwBKs3+zHhHpQuEppIx3Sr0I+/1pICj1I
bUCl9M777nURJJtJUeCtRCx3eRya0QAOlCQtPXOn3+16mh31omY+YyolupCfhKAx
UpVfLsgECwR1geYNifMOIwjkBScvt2vHilM4dK7gO0W2BdrSU4oEWB5qzwLFbekP
q+Oe9s2JSYCSx2CDXcLWmZD0pqbxRnSEPcV/YM+P33SLfYAV1poaL5vZ3hUM8MdJ
Fx7Rm3ZiQjKWQorEgedSD8P7wLp3MkOZkukwqYqS3y1E8zVT
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:11 2025 by rpki-client