Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2e5cd11-e33b-4080-91d5-f550f1d7a0b5.roa
File:                     d2e5cd11-e33b-4080-91d5-f550f1d7a0b5.roa (raw, json)
Hash identifier:          BFejqOESt2le9m4x0JJjZmLzX7vExaiVEPdZXUFys3k=
Subject key identifier:   80:58:A0:3E:84:E6:E6:CA:D6:72:8F:0B:49:37:9C:E4:3B:21:30:85
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7B6B80D3B4D10EF59C448F606BD51C851DBDE535
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2e5cd11-e33b-4080-91d5-f550f1d7a0b5.roa
Signing time:             Mon 29 Sep 2025 15:24:42 +0000
ROA not before:           Mon 29 Sep 2025 15:24:42 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d01f::/37 maxlen: 37
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:6b:80:d3:b4:d1:0e:f5:9c:44:8f:60:6b:d5:1c:85:1d:bd:e5:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 29 15:24:42 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=161b3d0e155d6bb41c77b04a27676bb819c44cbd5f7a08c73151f3b0f25eaaa3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:24:d5:67:d3:cf:a3:76:88:bb:a8:97:a2:fe:
                    3f:5a:63:c2:05:e4:00:0b:13:77:b7:0c:b2:96:7e:
                    76:63:b8:e5:ef:fc:0c:ba:4b:91:da:5b:94:55:70:
                    43:e0:20:dd:f6:3f:67:c4:2c:c3:e9:84:6b:ef:de:
                    d2:ad:4c:57:3b:be:32:a1:70:9b:4a:3c:5b:8a:6f:
                    48:db:6d:2e:28:44:f7:44:dc:38:d6:fb:b1:5c:1e:
                    76:35:0f:1f:ed:37:96:a9:a2:b6:e8:71:c3:f2:3b:
                    39:50:24:c4:93:cb:4f:5c:01:80:7a:91:8a:22:f5:
                    83:0a:d5:4e:c3:34:fa:cb:84:02:9b:9b:df:fe:03:
                    ec:78:dc:8e:ff:24:fa:c4:be:e8:26:dd:3f:26:53:
                    13:91:eb:7e:a1:7a:ce:eb:df:90:60:d9:e1:1f:f9:
                    b3:d0:5d:8d:24:75:6a:14:8b:24:ab:9c:cb:5e:6a:
                    31:b0:29:f5:93:9a:b6:5f:ca:68:9f:21:6c:47:47:
                    b6:16:df:12:64:94:71:30:f8:9e:1a:1f:bb:3a:6c:
                    94:3e:89:da:1d:69:bf:1a:ff:b1:8c:f5:f8:af:2f:
                    38:c7:93:31:6e:11:35:3a:03:ed:6b:c4:20:8c:b2:
                    2d:c9:09:e0:3e:5b:cd:6a:a7:0e:28:26:83:d5:70:
                    ee:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:58:A0:3E:84:E6:E6:CA:D6:72:8F:0B:49:37:9C:E4:3B:21:30:85
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2e5cd11-e33b-4080-91d5-f550f1d7a0b5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d01f::/37

    Signature Algorithm: sha256WithRSAEncryption
         4a:e4:e7:24:f9:81:43:1d:28:8d:03:5a:32:23:c8:34:93:78:
         34:ad:8d:33:63:a4:6d:a8:e9:c6:dd:19:0f:c0:eb:fb:c6:89:
         bd:91:cd:c3:af:54:64:20:72:34:cd:5f:94:af:c3:3a:32:07:
         e9:1c:0b:83:07:c2:d6:4e:6d:47:79:af:c1:10:44:ea:29:b8:
         d4:b6:a5:9c:73:2e:d2:f8:c0:bf:4a:ee:4e:ff:e6:9d:5d:ba:
         9f:10:30:a1:f0:81:0d:2c:a4:07:6a:62:1b:5c:96:e0:6c:56:
         d5:a2:c2:b4:92:38:60:f3:4d:5b:c2:c6:b8:03:71:ba:fd:7d:
         12:4e:42:69:51:26:39:b9:47:b9:c7:04:4a:9e:4c:8c:b1:95:
         74:6a:6f:d3:e1:f1:5a:0c:ef:e7:51:5f:38:be:93:77:e3:67:
         5d:97:be:f3:0e:c5:99:31:87:5a:b7:e9:18:88:23:d6:5e:9f:
         68:25:dc:32:74:18:5d:fb:70:0b:a8:c0:00:1d:f2:fe:e1:ae:
         71:13:e0:29:6b:29:af:75:95:a8:9f:10:1c:d5:77:a5:3a:2a:
         5e:fe:73:dc:2a:d2:11:c7:2e:8f:6c:ca:2e:77:7d:d2:08:c6:
         2a:99:02:9e:c9:63:3e:50:bc:4e:13:73:99:a8:af:24:26:53:
         d2:11:64:1e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUe2uA07TRDvWcRI9ga9UchR295TUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjkxNTI0NDJaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDE2MWIzZDBlMTU1ZDZiYjQxYzc3YjA0YTI3Njc2YmI4MTljNDRjYmQ1Zjdh
MDhjNzMxNTFmM2IwZjI1ZWFhYTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKkk1WfTz6N2iLuol6L+P1pjwgXkAAsTd7cMspZ+dmO45e/8DLpLkdpblFVw
Q+Ag3fY/Z8Qsw+mEa+/e0q1MVzu+MqFwm0o8W4pvSNttLihE90TcONb7sVwedjUP
H+03lqmituhxw/I7OVAkxJPLT1wBgHqRiiL1gwrVTsM0+suEApub3/4D7Hjcjv8k
+sS+6CbdPyZTE5HrfqF6zuvfkGDZ4R/5s9BdjSR1ahSLJKucy15qMbAp9ZOatl/K
aJ8hbEdHthbfEmSUcTD4nhofuzpslD6J2h1pvxr/sYz1+K8vOMeTMW4RNToD7WvE
IIyyLckJ4D5bzWqnDigmg9Vw7kMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSAWKA+
hObmytZyjwtJN5zkOyEwhTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDJlNWNkMTEtZTMzYi00MDgwLTkxZDUtZjU1MGYxZDdhMGI1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAyoF0B8A
MA0GCSqGSIb3DQEBCwUAA4IBAQBK5Ock+YFDHSiNA1oyI8g0k3g0rY0zY6RtqOnG
3RkPwOv7xom9kc3Dr1RkIHI0zV+Ur8M6MgfpHAuDB8LWTm1Hea/BEETqKbjUtqWc
cy7S+MC/Su5O/+adXbqfEDCh8IENLKQHamIbXJbgbFbVosK0kjhg801bwsa4A3G6
/X0STkJpUSY5uUe5xwRKnkyMsZV0am/T4fFaDO/nUV84vpN342ddl77zDsWZMYda
t+kYiCPWXp9oJdwydBhd+3ALqMAAHfL+4a5xE+ApaymvdZWonxAc1XelOipe/nPc
KtIRxy6PbMoud33SCMYqmQKeyWM+ULxOE3OZqK8kJlPSEWQe
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:11 2025 by rpki-client