Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d385ff4b-7f8e-45d2-8f8b-fcde1426a050.roa
File:                     d385ff4b-7f8e-45d2-8f8b-fcde1426a050.roa (raw, json)
Hash identifier:          mkbwsvhKeoz7dRfvLm7xE7whLqppbZg7pBUW0Z2FFBs=
Subject key identifier:   C7:D5:3A:FC:3F:89:5B:E4:74:DB:53:71:74:66:9D:21:CF:F2:F5:EC
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       466C06D72759960FF8CB5D40342029014C1FCFA3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d385ff4b-7f8e-45d2-8f8b-fcde1426a050.roa
Signing time:             Fri 26 Sep 2025 19:41:17 +0000
ROA not before:           Fri 26 Sep 2025 19:41:17 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d032:1000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:6c:06:d7:27:59:96:0f:f8:cb:5d:40:34:20:29:01:4c:1f:cf:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:41:17 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=c2484e2d39d44872ff50388844fc9f7aebf66f4635f960cc96320818941c4337, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3f:9e:9a:65:5b:11:86:00:2e:ac:bd:fd:e6:
                    d4:4a:ef:92:cf:75:59:88:2e:d5:70:6a:55:31:10:
                    97:6a:4d:7c:9d:68:3d:a4:b4:47:eb:29:55:b7:ad:
                    35:5a:69:41:57:23:89:e7:76:9f:91:0f:f4:f8:3a:
                    d7:09:f2:2a:b8:8f:9d:a1:c9:4f:fa:c1:4f:af:8d:
                    7e:00:0b:c1:84:09:c5:bb:2a:e4:6b:07:34:08:9c:
                    52:54:cd:99:56:23:f8:f3:b3:65:31:d3:e3:1b:b0:
                    36:9c:51:db:22:c0:15:51:f2:45:4b:ea:15:59:b0:
                    1d:05:f2:b2:c1:e8:e5:b6:c8:d4:f7:ab:1f:d8:7d:
                    37:bb:8d:ab:89:49:8f:d7:17:9f:40:03:95:ab:35:
                    99:56:ed:b0:58:df:44:5e:ea:b6:98:db:b3:d8:e6:
                    52:1a:d5:cf:a6:8c:26:fa:81:b1:53:aa:ef:96:23:
                    5a:df:e0:93:dd:a9:68:d8:8a:8b:e8:3e:47:8a:29:
                    e7:be:b8:f0:eb:ed:96:7d:51:52:39:55:d9:00:4c:
                    4f:ae:70:56:d8:1b:8b:01:a9:fa:ce:17:ed:4d:c0:
                    a5:54:ac:dc:16:6f:2d:bb:38:a8:01:37:9a:b8:5c:
                    2f:db:7c:7b:79:28:14:96:05:72:ff:e9:ea:c6:13:
                    ec:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:D5:3A:FC:3F:89:5B:E4:74:DB:53:71:74:66:9D:21:CF:F2:F5:EC
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d385ff4b-7f8e-45d2-8f8b-fcde1426a050.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d032:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         34:23:5a:ac:ce:cf:b6:51:b9:b4:4a:be:72:9f:c0:d1:06:ae:
         26:01:62:fe:ef:a8:8e:24:08:1d:42:d4:d9:b7:ae:9b:f3:0a:
         c4:c7:63:92:02:8d:85:e1:11:e7:5d:f6:e9:2c:14:5c:77:65:
         7c:a0:30:76:c3:3c:8d:90:18:b5:b0:7c:16:a3:06:aa:21:dd:
         49:19:01:79:01:3c:11:f0:a1:47:47:5a:c4:a2:d5:3b:f0:48:
         2c:d3:0c:22:8d:af:97:d5:25:99:fe:cf:87:9a:89:11:08:c2:
         c8:36:00:41:ac:0a:3c:b1:b7:ca:e3:20:fd:c3:5d:90:94:a1:
         b7:e7:d0:1f:10:99:87:01:20:ac:54:87:d6:a1:41:c5:cb:55:
         d0:b6:d4:d6:46:08:4a:66:69:02:94:26:0d:d6:77:d3:49:d3:
         85:fe:88:a6:ba:f6:16:a1:da:bb:90:7d:c0:8d:ac:c2:ae:b9:
         4b:c9:58:a7:0f:ca:14:4d:cd:b0:3a:3d:54:72:b1:2a:e8:74:
         1e:85:6e:5b:66:34:cf:74:b2:31:9f:12:20:23:24:03:6f:d6:
         a0:3c:95:e3:64:ed:29:16:80:16:dd:af:72:39:85:50:c1:92:
         f2:6c:b9:7d:6a:61:a0:49:84:52:af:5e:8b:92:42:17:c1:6c:
         d4:02:09:e2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIURmwG1ydZlg/4y11ANCApAUwfz6MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQxMTdaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGMyNDg0ZTJkMzlkNDQ4NzJmZjUwMzg4ODQ0ZmM5ZjdhZWJmNjZmNDYzNWY5
NjBjYzk2MzIwODE4OTQxYzQzMzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALE/npplWxGGAC6svf3m1Ervks91WYgu1XBqVTEQl2pNfJ1oPaS0R+spVbet
NVppQVcjied2n5EP9Pg61wnyKriPnaHJT/rBT6+NfgALwYQJxbsq5GsHNAicUlTN
mVYj+POzZTHT4xuwNpxR2yLAFVHyRUvqFVmwHQXyssHo5bbI1PerH9h9N7uNq4lJ
j9cXn0ADlas1mVbtsFjfRF7qtpjbs9jmUhrVz6aMJvqBsVOq75YjWt/gk92paNiK
i+g+R4op57648Ovtln1RUjlV2QBMT65wVtgbiwGp+s4X7U3ApVSs3BZvLbs4qAE3
mrhcL9t8e3koFJYFcv/p6sYT7KECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTH1Tr8
P4lb5HTbU3F0Zp0hz/L17DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDM4NWZmNGItN2Y4ZS00NWQyLThmOGItZmNkZTE0MjZhMDUwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DIQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA0I1qszs+2Ubm0Sr5yn8DRBq4mAWL+76iOJAgd
QtTZt66b8wrEx2OSAo2F4RHnXfbpLBRcd2V8oDB2wzyNkBi1sHwWowaqId1JGQF5
ATwR8KFHR1rEotU78Egs0wwija+X1SWZ/s+HmokRCMLINgBBrAo8sbfK4yD9w12Q
lKG359AfEJmHASCsVIfWoUHFy1XQttTWRghKZmkClCYN1nfTSdOF/oimuvYWodq7
kH3AjazCrrlLyVinD8oUTc2wOj1UcrEq6HQehW5bZjTPdLIxnxIgIyQDb9agPJXj
ZO0pFoAW3a9yOYVQwZLybLl9amGgSYRSr16LkkIXwWzUAgni
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:32 2025 by rpki-client