Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2cf476c-9f39-4ea8-a6d5-79a82c4a4dfa.roa
File:                     d2cf476c-9f39-4ea8-a6d5-79a82c4a4dfa.roa (raw, json)
Hash identifier:          b/XcSiLz4PtsXFWan2zuaUIqQla7XnckedILwcVegCM=
Subject key identifier:   7C:46:7D:B6:DE:0E:C1:5B:18:99:F0:E8:0B:A0:8F:18:8E:DE:1D:07
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1200C537DF0B3CA6191476172D2A26B0EC6905C6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2cf476c-9f39-4ea8-a6d5-79a82c4a4dfa.roa
Signing time:             Mon 29 Sep 2025 15:24:42 +0000
ROA not before:           Mon 29 Sep 2025 15:24:42 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d02f::/37 maxlen: 37
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:00:c5:37:df:0b:3c:a6:19:14:76:17:2d:2a:26:b0:ec:69:05:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 29 15:24:42 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=d812e6beacaa930bb9653338943a91b8a5c4191a3759c80c1322be356eb34919, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:53:40:c8:9b:21:24:77:72:24:30:5c:df:26:
                    19:dc:c6:17:ed:9a:a7:6f:68:bf:7b:29:cb:ee:e0:
                    d8:fa:4e:9a:9e:cc:d9:91:89:9c:5b:47:c0:3e:ee:
                    33:6c:d0:b7:3c:db:d5:e7:8e:0d:86:cf:1d:a7:99:
                    e2:c1:41:e7:88:5f:10:b4:a0:5b:b9:01:36:c2:45:
                    22:f5:6c:17:b8:18:cb:d7:24:2f:97:42:f4:89:aa:
                    75:cf:64:09:f8:5b:94:67:fd:a0:db:f6:80:79:85:
                    47:f4:af:53:e0:68:b9:b7:3f:27:1d:e9:05:75:10:
                    91:0b:21:a6:61:d0:00:62:87:1d:d1:3c:dd:c9:05:
                    f2:91:7a:6d:89:9e:92:d0:b4:4d:59:e3:98:6c:ff:
                    bb:ba:3b:2f:28:9d:12:5f:e3:61:75:87:44:fd:a0:
                    d4:06:2d:b1:8e:9b:35:05:e4:e2:74:eb:c7:dc:03:
                    b1:52:a9:af:bf:34:0f:09:44:b8:a5:de:c8:63:7c:
                    0a:8b:d9:9c:06:9a:25:36:db:e3:12:8c:6a:85:16:
                    45:96:88:98:10:97:ef:d1:9f:ba:d1:99:74:c7:54:
                    c1:e7:3b:ba:63:5d:bd:2d:60:74:de:2f:ef:78:a9:
                    0d:fb:18:e6:15:9b:48:f8:99:3f:03:4c:fd:c1:ed:
                    b0:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:46:7D:B6:DE:0E:C1:5B:18:99:F0:E8:0B:A0:8F:18:8E:DE:1D:07
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2cf476c-9f39-4ea8-a6d5-79a82c4a4dfa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d02f::/37

    Signature Algorithm: sha256WithRSAEncryption
         8b:72:c7:c6:6e:60:9f:3e:73:98:1d:e4:cd:85:25:e5:b5:0b:
         fc:62:24:b6:44:02:92:ee:bf:73:35:7f:3a:0d:ae:47:bf:fc:
         81:96:d4:f9:b1:cc:b8:0a:bd:34:5e:81:a1:94:f7:e5:56:69:
         8b:49:e7:d0:75:a4:14:13:57:11:e4:e2:ff:5f:f0:4c:98:8c:
         5d:f5:d2:5d:90:bf:29:c5:00:58:5f:f7:6b:92:17:06:80:ed:
         ab:46:db:32:2c:6c:d4:4b:53:15:31:b4:ae:e0:33:aa:99:7c:
         da:bc:54:43:ad:d6:b1:b6:a4:8c:71:60:d4:76:41:a6:bb:04:
         3b:c9:49:7d:fd:84:67:74:35:db:ac:d9:f6:c6:62:99:8f:4b:
         9c:a8:19:82:94:f0:2f:e2:38:cb:7b:91:3c:76:d5:a1:c5:c3:
         39:ce:00:05:26:f0:7c:7d:fb:eb:8e:b9:64:e9:99:f6:98:e9:
         90:41:86:04:7b:5e:b0:20:af:7c:54:dd:42:7d:7d:9d:db:f5:
         9b:35:7f:ec:f9:c0:bf:62:ba:11:e8:dc:eb:92:50:73:fb:53:
         a6:c2:57:7d:24:a8:36:3d:9a:a5:19:ea:d2:04:f7:7b:52:93:
         2c:52:45:6a:4b:ff:3d:2e:0f:93:87:6c:aa:d5:65:03:25:dd:
         9a:04:14:2b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUEgDFN98LPKYZFHYXLSomsOxpBcYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjkxNTI0NDJaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ4MTJlNmJlYWNhYTkzMGJiOTY1MzMzODk0M2E5MWI4YTVjNDE5MWEzNzU5
YzgwYzEzMjJiZTM1NmViMzQ5MTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALlTQMibISR3ciQwXN8mGdzGF+2ap29ov3spy+7g2PpOmp7M2ZGJnFtHwD7u
M2zQtzzb1eeODYbPHaeZ4sFB54hfELSgW7kBNsJFIvVsF7gYy9ckL5dC9Imqdc9k
CfhblGf9oNv2gHmFR/SvU+Boubc/Jx3pBXUQkQshpmHQAGKHHdE83ckF8pF6bYme
ktC0TVnjmGz/u7o7LyidEl/jYXWHRP2g1AYtsY6bNQXk4nTrx9wDsVKpr780DwlE
uKXeyGN8CovZnAaaJTbb4xKMaoUWRZaImBCX79GfutGZdMdUwec7umNdvS1gdN4v
73ipDfsY5hWbSPiZPwNM/cHtsGMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR8Rn22
3g7BWxiZ8OgLoI8Yjt4dBzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDJjZjQ3NmMtOWYzOS00ZWE4LWE2ZDUtNzlhODJjNGE0ZGZhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAyoF0C8A
MA0GCSqGSIb3DQEBCwUAA4IBAQCLcsfGbmCfPnOYHeTNhSXltQv8YiS2RAKS7r9z
NX86Da5Hv/yBltT5scy4Cr00XoGhlPflVmmLSefQdaQUE1cR5OL/X/BMmIxd9dJd
kL8pxQBYX/drkhcGgO2rRtsyLGzUS1MVMbSu4DOqmXzavFRDrdaxtqSMcWDUdkGm
uwQ7yUl9/YRndDXbrNn2xmKZj0ucqBmClPAv4jjLe5E8dtWhxcM5zgAFJvB8ffvr
jrlk6Zn2mOmQQYYEe16wIK98VN1CfX2d2/WbNX/s+cC/YroR6NzrklBz+1Omwld9
JKg2PZqlGerSBPd7UpMsUkVqS/89Lg+Th2yq1WUDJd2aBBQr
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:19 2025 by rpki-client