Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d8ff7013-08b6-4e36-ab88-c4f8bd3e7a04.roa
File:                     d8ff7013-08b6-4e36-ab88-c4f8bd3e7a04.roa (raw, json)
Hash identifier:          GqaYREJJeqijMe+P4D7NbHHywYuZaIaqssxxwMjIv90=
Subject key identifier:   C2:4C:B6:01:B9:23:5B:D5:36:88:CD:E8:84:13:CD:34:DF:10:39:CD
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       21D762DFC3034E21ED66C969583C6B0BE0CB49A4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d8ff7013-08b6-4e36-ab88-c4f8bd3e7a04.roa
Signing time:             Fri 26 Sep 2025 20:10:07 +0000
ROA not before:           Fri 26 Sep 2025 20:10:07 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d024::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:d7:62:df:c3:03:4e:21:ed:66:c9:69:58:3c:6b:0b:e0:cb:49:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 20:10:07 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=e125667aec2d26cd4f4b68eb7e3a5f1f6b4bd90893c7cb9d1038c1573f77168c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:e8:fb:44:d8:96:9a:a7:34:4d:26:95:e2:54:
                    95:ea:f7:00:e9:73:53:0c:bd:77:f0:d8:00:4b:a7:
                    77:07:dd:2b:39:f2:60:c7:92:a4:3c:44:7a:97:aa:
                    d0:80:65:e8:a2:39:f7:be:01:65:7b:21:fb:c3:08:
                    24:53:a1:09:a6:8d:15:8b:9c:07:e3:85:0b:17:62:
                    be:d7:93:b7:93:30:9a:16:88:eb:ca:32:ba:d3:76:
                    fa:b9:f5:5a:9a:69:a7:ce:ac:fe:d4:f5:e8:c4:87:
                    39:53:3f:98:41:b1:f8:28:66:23:1f:a5:c8:0f:91:
                    fe:cc:bb:b8:83:5e:bd:d6:c8:00:1d:91:18:eb:1b:
                    76:cd:71:5c:f0:81:0e:19:56:53:7e:d8:ab:0b:6f:
                    c4:20:69:4b:ca:13:43:eb:4b:53:07:c7:e5:ae:00:
                    62:dd:30:18:11:db:92:82:15:62:55:35:1c:e3:19:
                    22:50:e2:8b:f6:fe:22:25:42:ff:be:f5:34:8e:35:
                    a6:d6:38:97:0c:3f:be:7c:f2:04:92:43:66:8d:cb:
                    dd:da:12:30:bd:78:60:ef:5d:14:b2:9e:36:68:15:
                    f8:a5:fe:33:c5:f9:01:16:12:f6:80:be:71:d7:97:
                    87:f7:7d:a9:48:8f:b5:79:b3:d3:ba:9d:b2:5a:ab:
                    23:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:4C:B6:01:B9:23:5B:D5:36:88:CD:E8:84:13:CD:34:DF:10:39:CD
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d8ff7013-08b6-4e36-ab88-c4f8bd3e7a04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d024::/36

    Signature Algorithm: sha256WithRSAEncryption
         a2:0e:94:c3:9f:af:65:00:c2:d5:df:f6:49:4e:df:59:2d:b1:
         cd:5e:cb:74:3d:28:76:fd:38:d5:41:b7:b3:f4:98:3c:6a:f5:
         d5:08:b1:8f:3f:c4:a5:33:40:5e:e7:89:4d:07:6e:ce:e5:e2:
         b2:5b:20:ca:ba:b9:1f:0a:66:e3:b6:fa:85:d1:fa:83:c3:60:
         ea:05:34:32:b6:af:41:44:44:df:1d:f1:0b:fb:05:56:1a:ea:
         e9:7b:49:06:21:8d:15:15:d0:d2:5d:ec:63:f9:d6:54:29:4b:
         85:05:22:e7:8f:f5:f3:4e:7c:b0:5a:b9:4b:62:5e:b6:0f:b3:
         8e:06:72:f2:92:74:72:bb:e5:2b:f4:87:eb:42:d2:33:14:e6:
         9d:8e:83:8e:3a:75:85:6d:43:25:b3:8d:2c:42:ff:8e:8a:d3:
         bd:ee:dd:0a:04:ed:61:e2:79:6c:d8:3d:9f:2d:8a:32:24:e3:
         17:e1:3a:87:41:bd:7f:e0:04:18:75:55:94:0c:3d:3e:4e:98:
         7e:b0:c5:e8:4d:5e:a4:b1:06:93:94:e3:70:45:a6:00:63:7d:
         54:89:a2:3b:22:47:c5:8c:0f:7e:25:20:e0:25:90:47:73:9d:
         2f:83:22:89:78:c2:2c:57:57:78:7b:f0:f3:fd:e3:e6:a6:c1:
         90:20:7a:6a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIddi38MDTiHtZslpWDxrC+DLSaQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDEwMDdaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGUxMjU2NjdhZWMyZDI2Y2Q0ZjRiNjhlYjdlM2E1ZjFmNmI0YmQ5MDg5M2M3
Y2I5ZDEwMzhjMTU3M2Y3NzE2OGMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANzo+0TYlpqnNE0mleJUler3AOlzUwy9d/DYAEundwfdKznyYMeSpDxEepeq
0IBl6KI5974BZXsh+8MIJFOhCaaNFYucB+OFCxdivteTt5MwmhaI68oyutN2+rn1
Wpppp86s/tT16MSHOVM/mEGx+ChmIx+lyA+R/sy7uINevdbIAB2RGOsbds1xXPCB
DhlWU37YqwtvxCBpS8oTQ+tLUwfH5a4AYt0wGBHbkoIVYlU1HOMZIlDii/b+IiVC
/771NI41ptY4lww/vnzyBJJDZo3L3doSML14YO9dFLKeNmgV+KX+M8X5ARYS9oC+
cdeXh/d9qUiPtXmz07qdslqrI28CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTCTLYB
uSNb1TaIzeiEE8003xA5zTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDhmZjcwMTMtMDhiNi00ZTM2LWFiODgtYzRmOGJkM2U3YTA0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CQA
MA0GCSqGSIb3DQEBCwUAA4IBAQCiDpTDn69lAMLV3/ZJTt9ZLbHNXst0PSh2/TjV
Qbez9Jg8avXVCLGPP8SlM0Be54lNB27O5eKyWyDKurkfCmbjtvqF0fqDw2DqBTQy
tq9BRETfHfEL+wVWGurpe0kGIY0VFdDSXexj+dZUKUuFBSLnj/XzTnywWrlLYl62
D7OOBnLyknRyu+Ur9IfrQtIzFOadjoOOOnWFbUMls40sQv+OitO97t0KBO1h4nls
2D2fLYoyJOMX4TqHQb1/4AQYdVWUDD0+Tph+sMXoTV6ksQaTlONwRaYAY31UiaI7
IkfFjA9+JSDgJZBHc50vgyKJeMIsV1d4e/Dz/ePmpsGQIHpq
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:43 2025 by rpki-client