Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e0f2e0c7-6d9c-428b-85e5-6a924e7414db.roa
File:                     e0f2e0c7-6d9c-428b-85e5-6a924e7414db.roa (raw, json)
Hash identifier:          pc/4bX7BRcbAH89GUxv0deMmc0Zy3tWu5cVx0iwQvOw=
Subject key identifier:   90:AA:73:98:5D:B5:B9:7E:87:A1:60:98:7C:31:86:ED:25:21:4A:00
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6C4CE62C7700837EF56069221626CE6C645D287B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e0f2e0c7-6d9c-428b-85e5-6a924e7414db.roa
Signing time:             Mon 06 Oct 2025 18:00:07 +0000
ROA not before:           Mon 06 Oct 2025 18:00:07 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d073:50c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:4c:e6:2c:77:00:83:7e:f5:60:69:22:16:26:ce:6c:64:5d:28:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct  6 18:00:07 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=8579098991b0d4a1443fdcf24173371928b64bd57afa868e3c025969b7a2b8d9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e0:f5:90:ef:89:ef:2f:c3:1f:b6:f9:bf:b8:
                    6b:8e:eb:e4:cf:e5:d6:c7:ef:f0:f7:6d:af:98:69:
                    71:24:b0:de:72:cd:fb:6e:60:e4:b1:02:a8:ea:eb:
                    ad:ec:50:41:a6:d8:96:f9:ba:2c:d9:f6:7d:5f:46:
                    72:cc:9c:1e:42:4b:81:29:c5:c3:7b:98:6e:84:a1:
                    95:3b:2a:b1:ab:e1:91:f4:d9:d2:8d:99:ad:a9:6f:
                    84:f8:7e:c7:1e:72:c2:90:87:ea:ff:7b:aa:ed:bc:
                    f2:3e:60:5b:93:9c:c8:52:32:f6:4e:a8:36:38:db:
                    4e:8b:22:83:80:6c:d1:cf:60:bb:70:5a:be:d0:e2:
                    19:3d:33:51:4c:63:98:80:d1:88:c8:a9:11:20:d3:
                    ac:52:5e:bb:6e:3b:d7:ec:76:4e:b8:e4:dc:80:91:
                    4e:e4:b3:0c:fe:ae:34:c4:2b:1d:bb:94:ec:cc:96:
                    6d:d3:1b:ab:d8:d1:18:20:81:bc:ef:d3:59:f6:95:
                    6e:1a:7d:fb:5b:6b:7e:0a:36:23:7c:85:f8:68:ad:
                    1d:5d:8e:0a:bb:75:5f:62:ce:15:27:7a:e7:ae:28:
                    3a:78:79:bf:ba:f9:ab:e9:d7:0d:e3:05:a8:d9:b9:
                    52:06:b9:16:f6:c7:38:98:7e:d8:18:15:ea:90:77:
                    80:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:AA:73:98:5D:B5:B9:7E:87:A1:60:98:7C:31:86:ED:25:21:4A:00
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e0f2e0c7-6d9c-428b-85e5-6a924e7414db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d073:50c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         03:cd:a6:31:df:86:59:57:a1:04:3d:0b:71:ad:85:91:09:4d:
         17:87:32:07:c5:17:7f:f1:ea:17:e3:82:ea:1d:74:ce:a2:c8:
         72:20:af:15:86:e4:89:1c:16:1b:b7:54:16:59:a8:e9:ea:79:
         e3:2a:b8:33:46:7b:5f:f9:99:37:93:20:f7:4f:b2:50:ee:17:
         44:4d:9a:5a:e1:f9:6b:6b:a3:2f:50:1a:04:f6:26:06:6e:ba:
         7a:72:2e:23:1e:2a:c5:be:b2:da:ab:4e:17:00:69:9a:36:d0:
         b3:4f:94:28:45:74:5a:1d:d4:a0:70:75:a5:6a:b7:bd:54:ac:
         2c:64:4a:8d:a2:19:35:9c:b0:37:9f:61:84:21:b2:65:27:66:
         fd:f0:6c:fc:37:a1:28:eb:16:07:3b:74:88:9b:f2:21:7f:c6:
         1c:a3:e9:a5:61:33:53:a1:58:22:27:8d:ec:88:d4:d1:f4:f0:
         4e:be:a3:7e:15:7a:e9:e2:10:23:3d:b7:dd:8d:ab:e7:e2:f8:
         a8:bd:ad:fb:ee:7a:72:f4:a3:70:54:ed:27:7c:6d:74:f5:bb:
         26:0d:bb:80:bb:93:5b:af:f8:f6:29:c9:d9:ca:eb:65:7e:aa:
         3c:90:6a:06:11:69:1b:36:3f:58:68:74:a3:ef:c0:40:71:f8:
         ad:f2:c4:b2
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUbEzmLHcAg371YGkiFibObGRdKHswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODAwMDdaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDg1NzkwOTg5OTFiMGQ0YTE0NDNmZGNmMjQxNzMzNzE5MjhiNjRiZDU3YWZh
ODY4ZTNjMDI1OTY5YjdhMmI4ZDkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI3g9ZDvie8vwx+2+b+4a47r5M/l1sfv8Pdtr5hpcSSw3nLN+25g5LECqOrr
rexQQabYlvm6LNn2fV9GcsycHkJLgSnFw3uYboShlTsqsavhkfTZ0o2ZralvhPh+
xx5ywpCH6v97qu288j5gW5OcyFIy9k6oNjjbTosig4Bs0c9gu3BavtDiGT0zUUxj
mIDRiMipESDTrFJeu2471+x2Trjk3ICRTuSzDP6uNMQrHbuU7MyWbdMbq9jRGCCB
vO/TWfaVbhp9+1trfgo2I3yF+GitHV2OCrt1X2LOFSd6564oOnh5v7r5q+nXDeMF
qNm5Uga5FvbHOJh+2BgV6pB3gKMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSQqnOY
XbW5foehYJh8MYbtJSFKADAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTBmMmUwYzctNmQ5Yy00MjhiLTg1ZTUtNmE5MjRlNzQxNGRiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HNQ
wDANBgkqhkiG9w0BAQsFAAOCAQEAA82mMd+GWVehBD0Lca2FkQlNF4cyB8UXf/Hq
F+OC6h10zqLIciCvFYbkiRwWG7dUFlmo6ep54yq4M0Z7X/mZN5Mg90+yUO4XRE2a
WuH5a2ujL1AaBPYmBm66enIuIx4qxb6y2qtOFwBpmjbQs0+UKEV0Wh3UoHB1pWq3
vVSsLGRKjaIZNZywN59hhCGyZSdm/fBs/DehKOsWBzt0iJvyIX/GHKPppWEzU6FY
IieN7IjU0fTwTr6jfhV66eIQIz233Y2r5+L4qL2t++56cvSjcFTtJ3xtdPW7Jg27
gLuTW6/49inJ2crrZX6qPJBqBhFpGzY/WGh0o+/AQHH4rfLEsg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:02 2025 by rpki-client