Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/de12834a-9370-4c63-969f-bf8eef4cd73b.roa
File:                     de12834a-9370-4c63-969f-bf8eef4cd73b.roa (raw, json)
Hash identifier:          r9BZHPkwOWA2Ilf0+DAbUKlCZZ9pJUY07ceiTleI2KU=
Subject key identifier:   59:65:96:53:7E:DC:3B:46:FB:B6:CA:57:8A:7D:AE:25:62:A4:F8:E7
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       73BC2936EF0B0C639C0DC011F8167D268AB7BB54
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/de12834a-9370-4c63-969f-bf8eef4cd73b.roa
Signing time:             Fri 17 Oct 2025 21:40:20 +0000
ROA not before:           Fri 17 Oct 2025 21:40:20 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:4010::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:bc:29:36:ef:0b:0c:63:9c:0d:c0:11:f8:16:7d:26:8a:b7:bb:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 17 21:40:20 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=b6708141ba01487d66ed8462721f65c68faa47204cbcb2fc0eca9938cb455313, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:92:57:b3:a9:94:4f:94:c3:aa:08:5b:ca:3a:
                    c2:7f:1e:c9:1c:65:cb:e2:52:51:a8:dc:60:06:98:
                    c4:e3:4b:39:51:01:10:99:1f:70:0e:28:69:be:9f:
                    fb:5f:9a:cb:f4:62:a9:aa:89:e1:34:e3:9a:79:f5:
                    77:d2:bc:f8:00:28:5c:f4:2d:70:d2:77:77:71:5c:
                    2e:95:61:d9:6f:df:41:f3:42:17:34:d6:a0:29:62:
                    65:24:9e:1d:67:35:a7:d4:69:04:17:9e:89:0d:60:
                    f4:bb:df:2b:bc:c4:fe:66:6f:aa:88:0b:60:a9:3b:
                    50:a7:17:96:09:4e:6c:56:5d:c4:fb:ff:df:e5:21:
                    c6:d7:f8:a6:08:57:89:b9:4b:72:b0:e5:5a:00:72:
                    80:43:16:a6:b0:d6:72:40:ba:7a:3d:c3:40:5f:c9:
                    07:b0:ef:d4:a5:fa:19:2d:95:43:2c:80:d3:66:2c:
                    48:12:c7:6b:1d:26:0d:cd:b3:3a:df:0b:28:ee:f3:
                    39:86:45:6f:92:40:a7:74:df:4a:2c:f5:4d:df:d1:
                    39:2a:fd:8b:2c:1a:e2:b9:e3:2b:1f:fa:44:ea:b3:
                    47:c5:27:eb:d0:b6:c1:ec:4e:86:4e:80:f2:47:51:
                    f0:c1:73:69:df:2d:15:84:f9:bc:2f:4e:98:dc:3e:
                    88:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:65:96:53:7E:DC:3B:46:FB:B6:CA:57:8A:7D:AE:25:62:A4:F8:E7
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/de12834a-9370-4c63-969f-bf8eef4cd73b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:4010::/48

    Signature Algorithm: sha256WithRSAEncryption
         c6:b5:52:35:5c:16:47:f5:0c:17:32:3d:cd:a5:89:f1:0a:f2:
         bf:60:b6:96:bb:79:d2:36:4c:e8:53:9b:78:55:26:33:15:dd:
         e4:f6:a2:90:e7:c7:ee:2a:04:28:2c:52:98:ed:90:dc:f5:16:
         36:c6:9b:33:26:25:02:37:6d:44:48:c3:97:af:11:01:1e:3d:
         0d:ef:aa:ba:04:3f:eb:d3:59:f0:e4:98:c4:24:0e:6c:0f:01:
         5f:81:98:31:15:6a:07:84:27:63:b0:4a:bf:a5:34:99:33:30:
         51:88:6b:76:c2:25:05:9a:c2:4d:ed:df:9b:f8:68:e9:32:82:
         5a:e7:e0:2f:83:8a:46:c0:be:76:4f:47:eb:99:f0:2e:85:8f:
         df:c4:0b:36:2e:92:08:37:a1:ae:e9:1c:04:26:e3:3d:df:1a:
         9f:6a:a4:ff:56:ba:06:72:40:c0:76:71:7f:22:47:95:59:17:
         d5:6c:a1:69:48:5a:f1:15:67:d3:52:f5:fa:6f:1b:c3:b1:d7:
         02:87:cb:c5:73:27:5d:7f:44:3b:0a:d4:3d:33:7a:a9:53:31:
         f7:12:31:b8:24:ee:56:5d:cd:98:34:ca:16:ec:fd:89:ed:8f:
         d5:37:51:54:99:04:89:04:be:b2:33:f2:66:0d:22:e3:92:23:
         bf:0c:8f:f3
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUc7wpNu8LDGOcDcAR+BZ9Joq3u1QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTcyMTQwMjBaFw0yNTExMjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGI2NzA4MTQxYmEwMTQ4N2Q2NmVkODQ2MjcyMWY2NWM2OGZhYTQ3MjA0Y2Jj
YjJmYzBlY2E5OTM4Y2I0NTUzMTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALGSV7OplE+Uw6oIW8o6wn8eyRxly+JSUajcYAaYxONLOVEBEJkfcA4oab6f
+1+ay/RiqaqJ4TTjmnn1d9K8+AAoXPQtcNJ3d3FcLpVh2W/fQfNCFzTWoCliZSSe
HWc1p9RpBBeeiQ1g9LvfK7zE/mZvqogLYKk7UKcXlglObFZdxPv/3+Uhxtf4pghX
iblLcrDlWgBygEMWprDWckC6ej3DQF/JB7Dv1KX6GS2VQyyA02YsSBLHax0mDc2z
Ot8LKO7zOYZFb5JAp3TfSiz1Td/ROSr9iywa4rnjKx/6ROqzR8Un69C2wexOhk6A
8kdR8MFzad8tFYT5vC9OmNw+iKcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRZZZZT
ftw7Rvu2yleKfa4lYqT45zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGUxMjgzNGEtOTM3MC00YzYzLTk2OWYtYmY4ZWVmNGNkNzNiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H9A
EDANBgkqhkiG9w0BAQsFAAOCAQEAxrVSNVwWR/UMFzI9zaWJ8Qryv2C2lrt50jZM
6FObeFUmMxXd5PaikOfH7ioEKCxSmO2Q3PUWNsabMyYlAjdtREjDl68RAR49De+q
ugQ/69NZ8OSYxCQObA8BX4GYMRVqB4QnY7BKv6U0mTMwUYhrdsIlBZrCTe3fm/ho
6TKCWufgL4OKRsC+dk9H65nwLoWP38QLNi6SCDehrukcBCbjPd8an2qk/1a6BnJA
wHZxfyJHlVkX1WyhaUha8RVn01L1+m8bw7HXAofLxXMnXX9EOwrUPTN6qVMx9xIx
uCTuVl3NmDTKFuz9ie2P1TdRVJkEiQS+sjPyZg0i45IjvwyP8w==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:20 2025 by rpki-client