Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/de8b1a9f-0a06-4e9e-a49e-a5abeb7a4707.roa
File:                     de8b1a9f-0a06-4e9e-a49e-a5abeb7a4707.roa (raw, json)
Hash identifier:          TXncQivqp301/MjbKjoN07nZIrTO57y1OuUwc4ruPac=
Subject key identifier:   F6:92:E9:84:2D:C2:94:17:38:97:33:72:C4:D1:B5:97:95:7B:66:16
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5D8F9FC4C84B03E203FA63E9D2031759C0F198DD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/de8b1a9f-0a06-4e9e-a49e-a5abeb7a4707.roa
Signing time:             Mon 06 Oct 2025 18:00:33 +0000
ROA not before:           Mon 06 Oct 2025 18:00:33 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d073:e080::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:8f:9f:c4:c8:4b:03:e2:03:fa:63:e9:d2:03:17:59:c0:f1:98:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct  6 18:00:33 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=bd623183c205a0f4ae9e8c36623e3de9336fa0fa42f36a829ea4aae35b90d643, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2a:1d:05:75:7d:7f:d2:86:e5:52:7e:1f:7e:
                    1b:af:be:8a:cb:79:e1:ae:3e:5c:fb:ce:4e:c3:d2:
                    c7:f1:a2:3a:ff:ce:31:ae:f6:59:98:f9:36:e2:c2:
                    dc:1d:5c:fe:e5:c1:37:57:2a:22:00:81:c3:e8:22:
                    aa:3c:4d:79:c5:50:e1:23:41:6e:74:4d:f7:be:65:
                    8b:05:42:4c:dd:93:6a:d4:dc:fb:22:4b:d5:d6:6e:
                    0c:15:3a:d6:31:0c:97:07:c7:04:64:ed:df:a1:39:
                    ae:ad:7a:cf:1f:03:5b:73:79:9f:4f:a1:bd:ee:73:
                    fd:b7:80:10:11:f6:dc:ce:07:f4:8f:52:b2:62:a2:
                    6c:9b:6d:2e:df:09:45:65:7a:81:fb:53:4a:65:30:
                    1a:63:72:88:0a:3d:e7:dc:32:5a:6a:66:33:fe:38:
                    48:9b:6c:4b:f9:cd:fe:55:a6:26:57:3e:4c:c7:9a:
                    88:f2:14:09:d7:54:f4:f2:1d:ee:9d:b4:55:0d:e4:
                    21:71:f7:1a:72:b1:7b:e5:c0:5e:a8:95:78:4d:ae:
                    df:d7:98:aa:e7:19:67:3c:f0:03:d4:96:12:1d:d9:
                    22:94:d7:9b:d7:76:4b:a8:e4:f0:6a:fe:79:af:8a:
                    dd:49:55:a7:45:63:10:ad:9f:73:34:eb:c4:5f:99:
                    b1:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:92:E9:84:2D:C2:94:17:38:97:33:72:C4:D1:B5:97:95:7B:66:16
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/de8b1a9f-0a06-4e9e-a49e-a5abeb7a4707.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d073:e080::/46

    Signature Algorithm: sha256WithRSAEncryption
         10:0a:e7:25:40:b5:33:96:b0:d8:4f:08:24:38:b9:d4:4c:08:
         66:f5:77:dd:6d:6d:4b:ad:7f:f3:9b:e8:ae:9e:94:f4:8c:ba:
         84:f8:2f:0c:ea:ed:2c:1e:47:78:96:0a:50:73:a0:d0:b4:74:
         e1:9a:db:b5:d3:8b:ac:90:12:7f:ec:5c:90:12:bb:07:54:29:
         1b:91:58:f5:10:48:be:8e:e2:29:94:30:77:4f:47:4d:38:b7:
         ed:56:0a:fc:81:18:0b:76:24:df:3c:9e:dd:fa:28:5e:86:9d:
         5d:e1:02:cd:24:e6:ae:f3:a9:3a:da:f4:9d:0e:3e:02:83:3e:
         d7:2f:c6:49:cd:60:d5:a9:db:6b:d9:0f:97:fa:93:1f:7f:68:
         b1:22:0a:9d:43:66:67:95:63:da:fd:f9:44:be:b4:80:3b:68:
         83:d5:40:5c:4e:ff:68:99:10:d6:9c:62:c4:30:dc:c9:ee:4b:
         6b:92:db:21:41:b7:49:8e:ef:14:d1:04:79:16:09:8a:42:6d:
         1c:29:38:dd:f5:cd:e4:06:97:be:1a:95:13:b8:cd:67:83:64:
         d9:c7:9b:e2:a3:bc:be:bb:a2:2b:e7:ea:4d:69:b0:6c:a1:81:
         37:1c:2f:9d:b1:3a:85:cd:d3:5e:e1:6d:3f:40:d2:7b:8a:b9:
         5e:31:6f:cb
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUXY+fxMhLA+ID+mPp0gMXWcDxmN0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODAwMzNaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGJkNjIzMTgzYzIwNWEwZjRhZTllOGMzNjYyM2UzZGU5MzM2ZmEwZmE0MmYz
NmE4MjllYTRhYWUzNWI5MGQ2NDMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKwqHQV1fX/ShuVSfh9+G6++ist54a4+XPvOTsPSx/GiOv/OMa72WZj5NuLC
3B1c/uXBN1cqIgCBw+giqjxNecVQ4SNBbnRN975liwVCTN2TatTc+yJL1dZuDBU6
1jEMlwfHBGTt36E5rq16zx8DW3N5n0+hve5z/beAEBH23M4H9I9SsmKibJttLt8J
RWV6gftTSmUwGmNyiAo959wyWmpmM/44SJtsS/nN/lWmJlc+TMeaiPIUCddU9PId
7p20VQ3kIXH3GnKxe+XAXqiVeE2u39eYqucZZzzwA9SWEh3ZIpTXm9d2S6jk8Gr+
ea+K3UlVp0VjEK2fczTrxF+ZsXkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT2kumE
LcKUFziXM3LE0bWXlXtmFjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGU4YjFhOWYtMGEwNi00ZTllLWE0OWUtYTVhYmViN2E0NzA3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HPg
gDANBgkqhkiG9w0BAQsFAAOCAQEAEArnJUC1M5aw2E8IJDi51EwIZvV33W1tS61/
85vorp6U9Iy6hPgvDOrtLB5HeJYKUHOg0LR04ZrbtdOLrJASf+xckBK7B1QpG5FY
9RBIvo7iKZQwd09HTTi37VYK/IEYC3Yk3zye3fooXoadXeECzSTmrvOpOtr0nQ4+
AoM+1y/GSc1g1anba9kPl/qTH39osSIKnUNmZ5Vj2v35RL60gDtog9VAXE7/aJkQ
1pxixDDcye5La5LbIUG3SY7vFNEEeRYJikJtHCk43fXN5AaXvhqVE7jNZ4Nk2ceb
4qO8vruiK+fqTWmwbKGBNxwvnbE6hc3TXuFtP0DSe4q5XjFvyw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:10 2025 by rpki-client