Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d6931f13-0c44-4edc-b1b7-89dc8e035321.roa
File:                     d6931f13-0c44-4edc-b1b7-89dc8e035321.roa (raw, json)
Hash identifier:          1Bd1vSxDfSMigbIsbLAoNkJv0vRg8b8a4HSFCxmToFo=
Subject key identifier:   A1:86:1A:E4:B5:9F:93:05:29:5A:B9:FE:B6:2B:BD:CE:0C:C2:26:7F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3493EA2A57F9CCE97D443C764A5074C51D2A188F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d6931f13-0c44-4edc-b1b7-89dc8e035321.roa
Signing time:             Fri 26 Sep 2025 19:51:04 +0000
ROA not before:           Fri 26 Sep 2025 19:51:04 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d058::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:93:ea:2a:57:f9:cc:e9:7d:44:3c:76:4a:50:74:c5:1d:2a:18:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:51:04 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=862fcbd84463b2578c955ba2586b6401f0522b9b2bd6f6720d71968e17b0a253, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:70:4a:ba:52:c8:06:24:98:8e:8f:dd:54:71:
                    67:4f:af:9c:0f:43:2b:31:7a:9f:e4:6f:27:ea:92:
                    f1:fe:74:af:f7:9c:d0:61:a4:b0:6d:90:d4:f6:87:
                    45:bb:48:0a:dd:86:32:b5:ab:9d:6a:83:28:d5:7b:
                    38:08:ab:cd:af:a8:bf:eb:0d:f4:6c:ca:3c:f8:e2:
                    69:ad:96:e4:c5:8a:52:e6:13:51:02:fc:68:07:be:
                    51:37:8e:d0:c3:4c:a5:59:05:80:3f:2c:65:cd:4a:
                    d4:7b:5a:11:cc:e6:85:4e:fa:a4:3d:b7:fb:46:3b:
                    a3:2c:1d:c4:8a:58:5f:03:85:97:16:e1:81:e4:2b:
                    c8:4d:a2:eb:96:58:ed:b6:8a:d9:77:a1:ed:47:16:
                    64:5a:5e:d5:7b:b8:80:32:11:6f:a4:e9:a8:3f:ea:
                    01:ab:ca:78:2f:02:8e:77:1b:ab:8b:30:4b:ca:43:
                    e8:2a:43:4c:93:c6:59:1e:6a:f7:07:3a:ec:6f:8f:
                    50:f8:84:b6:e6:c1:46:ee:47:97:54:cd:40:08:f8:
                    11:03:05:93:6b:5f:a7:6a:58:30:c7:79:9c:55:74:
                    06:76:5a:25:b0:ab:4d:a0:01:60:11:5a:04:a2:2f:
                    ed:a5:17:c9:37:30:b8:78:77:8b:c4:a3:af:01:77:
                    ba:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:86:1A:E4:B5:9F:93:05:29:5A:B9:FE:B6:2B:BD:CE:0C:C2:26:7F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d6931f13-0c44-4edc-b1b7-89dc8e035321.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d058::/32

    Signature Algorithm: sha256WithRSAEncryption
         5f:59:34:df:45:04:ee:39:1d:c8:9f:76:a7:6d:23:90:e2:9e:
         6f:31:01:ab:44:8b:85:4c:cd:99:84:20:ad:37:9f:74:af:cf:
         c0:03:6b:55:b9:ca:66:f0:a1:ae:83:0d:14:77:a9:9b:79:aa:
         70:52:e9:15:40:6c:9c:1f:03:e9:99:90:98:04:e2:ce:49:9f:
         8f:1a:13:54:fa:26:99:52:8e:ad:84:2c:3b:98:18:0d:cb:ed:
         3e:41:d1:fe:85:85:24:e8:b2:44:bd:f4:d6:76:37:63:b0:23:
         6c:06:95:1f:c4:ba:a4:ae:09:75:8f:e2:18:60:48:03:21:8b:
         7b:67:7a:99:76:85:15:d1:b6:81:4c:66:a9:84:d9:dd:83:71:
         b7:b1:d2:66:24:c2:2f:68:85:16:61:0d:32:54:d6:2d:ae:95:
         9d:21:20:42:11:39:41:81:af:a9:a1:fa:69:77:ba:33:a7:5c:
         ad:bb:c1:08:ec:cb:58:9a:a3:5a:72:9c:1c:2d:4b:04:87:98:
         dc:35:d6:83:fb:a2:fb:c3:a3:8e:85:ed:cd:c2:e0:d6:08:ef:
         1b:3a:3f:af:77:b3:b0:5c:61:0d:9c:55:69:41:84:bc:63:1a:
         9f:81:4e:d0:25:f9:71:d5:3f:d0:e4:af:6f:b7:86:ff:24:7d:
         77:c4:26:67
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUNJPqKlf5zOl9RDx2SlB0xR0qGI8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTUxMDRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDg2MmZjYmQ4NDQ2M2IyNTc4Yzk1NWJhMjU4NmI2NDAxZjA1MjJiOWIyYmQ2
ZjY3MjBkNzE5NjhlMTdiMGEyNTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ1wSrpSyAYkmI6P3VRxZ0+vnA9DKzF6n+RvJ+qS8f50r/ec0GGksG2Q1PaH
RbtICt2GMrWrnWqDKNV7OAirza+ov+sN9GzKPPjiaa2W5MWKUuYTUQL8aAe+UTeO
0MNMpVkFgD8sZc1K1HtaEczmhU76pD23+0Y7oywdxIpYXwOFlxbhgeQryE2i65ZY
7baK2Xeh7UcWZFpe1Xu4gDIRb6TpqD/qAavKeC8Cjncbq4swS8pD6CpDTJPGWR5q
9wc67G+PUPiEtubBRu5Hl1TNQAj4EQMFk2tfp2pYMMd5nFV0BnZaJbCrTaABYBFa
BKIv7aUXyTcwuHh3i8SjrwF3umUCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBShhhrk
tZ+TBSlauf62K73ODMImfzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDY5MzFmMTMtMGM0NC00ZWRjLWIxYjctODlkYzhlMDM1MzIxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoF0Fgw
DQYJKoZIhvcNAQELBQADggEBAF9ZNN9FBO45HcifdqdtI5Dinm8xAatEi4VMzZmE
IK03n3Svz8ADa1W5ymbwoa6DDRR3qZt5qnBS6RVAbJwfA+mZkJgE4s5Jn48aE1T6
JplSjq2ELDuYGA3L7T5B0f6FhSToskS99NZ2N2OwI2wGlR/EuqSuCXWP4hhgSAMh
i3tnepl2hRXRtoFMZqmE2d2Dcbex0mYkwi9ohRZhDTJU1i2ulZ0hIEIROUGBr6mh
+ml3ujOnXK27wQjsy1iao1pynBwtSwSHmNw11oP7ovvDo46F7c3C4NYI7xs6P693
s7BcYQ2cVWlBhLxjGp+BTtAl+XHVP9Dkr2+3hv8kfXfEJmc=
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:54 2025 by rpki-client