Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e20afb98-f3fb-45c2-9398-65129b8874f0.roa
File:                     e20afb98-f3fb-45c2-9398-65129b8874f0.roa (raw, json)
Hash identifier:          yCMk7BuoIaR7f1E3yRnP6G0j8CvJ1a4Hs+yKhcU4ke0=
Subject key identifier:   92:5D:49:90:BC:9F:BA:83:FA:6A:31:C4:98:E9:EF:5E:2F:47:12:A4
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2A57C2A9CC2454BB6802F2E8F39993748D60095F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e20afb98-f3fb-45c2-9398-65129b8874f0.roa
Signing time:             Fri 26 Sep 2025 18:39:13 +0000
ROA not before:           Fri 26 Sep 2025 18:39:13 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:e0c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:57:c2:a9:cc:24:54:bb:68:02:f2:e8:f3:99:93:74:8d:60:09:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:39:13 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=f6c8cbb6a22dcfeb876f738c7423c5a4d78df43260d47ba998cb32a07551c1d8, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b9:d4:14:25:ee:4d:8a:66:98:5f:c8:8e:81:
                    97:0e:7b:21:53:f0:a8:58:b2:e8:03:10:98:24:54:
                    1c:9e:6f:ee:01:8b:47:17:6b:b7:84:57:6a:27:a3:
                    77:17:f9:0c:c3:7a:a7:dd:37:b6:72:f1:52:d8:14:
                    75:90:dd:8d:d9:8f:63:0a:0d:d4:53:fd:79:b1:01:
                    61:fd:65:50:aa:c9:68:dd:e6:d0:cb:25:2e:03:cf:
                    fa:7f:52:1c:5e:49:85:09:f0:cf:8c:f0:90:07:e9:
                    78:d2:a5:a2:45:48:1d:bb:78:93:ec:0a:ba:59:e8:
                    93:58:90:a1:41:db:0b:61:26:7d:16:6d:41:37:51:
                    c0:36:2d:44:80:5d:11:5c:c7:92:ca:c2:82:74:2a:
                    30:bc:55:f8:b5:b4:36:a4:63:9f:3a:3b:4c:c5:75:
                    0c:09:de:d5:46:2b:f8:7b:c4:a8:32:c5:a0:03:cc:
                    a2:a2:c1:7d:46:8b:84:8b:00:72:cb:62:80:1b:9c:
                    a1:7a:3f:b0:fe:66:9c:03:ba:5b:cb:3c:f2:f8:0c:
                    99:b1:da:1e:b2:13:df:cb:e2:97:65:16:ab:4a:cb:
                    1a:c7:1f:78:7f:42:4a:8c:3b:3c:d8:56:43:27:bb:
                    e3:de:69:2e:08:09:60:0e:6f:ff:e8:ef:75:df:19:
                    ae:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:5D:49:90:BC:9F:BA:83:FA:6A:31:C4:98:E9:EF:5E:2F:47:12:A4
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e20afb98-f3fb-45c2-9398-65129b8874f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:e0c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:6c:b0:80:79:ad:d4:d7:1d:bc:fa:6e:fd:7c:bb:9e:83:41:
         bc:4d:21:dd:20:ea:0e:fb:22:75:3c:0f:f8:d9:a2:99:5e:a4:
         2e:db:c8:3f:d4:62:bb:0d:8e:91:df:34:cf:0f:1e:33:98:a2:
         ab:d3:46:ec:db:ec:39:63:43:6c:fb:3e:5c:83:83:bd:34:72:
         46:b6:69:fc:a4:22:0d:d1:75:a5:cb:1c:00:ea:f3:f4:91:3f:
         dd:2b:9c:81:70:97:b0:54:cc:43:4d:5c:89:bb:91:c1:4b:be:
         73:ca:2b:48:46:4a:6e:d0:9b:5b:aa:9f:4b:54:53:a8:f5:e9:
         d6:d9:e5:c6:64:92:0d:e2:2e:12:1d:cb:b5:08:c1:77:06:19:
         0f:2f:eb:28:e9:5a:bf:57:81:17:c0:23:fc:92:3d:b9:01:3a:
         21:53:b3:5d:3e:fe:1a:0b:0a:b0:ec:83:62:07:58:7c:8c:5d:
         8b:dd:79:90:83:81:ae:57:8c:22:66:74:4d:7f:40:2e:ef:d8:
         fc:73:3c:eb:cf:06:8d:64:95:fc:24:82:43:7c:5b:74:17:f2:
         ce:14:59:ce:b8:a1:2f:f1:a8:a4:52:1e:4b:49:10:35:c5:02:
         03:72:01:7a:cc:d8:d0:23:22:b2:11:f1:32:e7:1f:c4:90:c7:
         68:54:47:9b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUKlfCqcwkVLtoAvLo85mTdI1gCV8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODM5MTNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGY2YzhjYmI2YTIyZGNmZWI4NzZmNzM4Yzc0MjNjNWE0ZDc4ZGY0MzI2MGQ0
N2JhOTk4Y2IzMmEwNzU1MWMxZDgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL+51BQl7k2KZphfyI6Blw57IVPwqFiy6AMQmCRUHJ5v7gGLRxdrt4RXaiej
dxf5DMN6p903tnLxUtgUdZDdjdmPYwoN1FP9ebEBYf1lUKrJaN3m0MslLgPP+n9S
HF5JhQnwz4zwkAfpeNKlokVIHbt4k+wKulnok1iQoUHbC2EmfRZtQTdRwDYtRIBd
EVzHksrCgnQqMLxV+LW0NqRjnzo7TMV1DAne1UYr+HvEqDLFoAPMoqLBfUaLhIsA
cstigBucoXo/sP5mnAO6W8s88vgMmbHaHrIT38vil2UWq0rLGscfeH9CSow7PNhW
Qye7495pLggJYA5v/+jvdd8Zrn8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSSXUmQ
vJ+6g/pqMcSY6e9eL0cSpDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTIwYWZiOTgtZjNmYi00NWMyLTkzOTgtNjUxMjliODg3NGYwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DHg
wDANBgkqhkiG9w0BAQsFAAOCAQEAiGywgHmt1NcdvPpu/Xy7noNBvE0h3SDqDvsi
dTwP+NmimV6kLtvIP9Riuw2Okd80zw8eM5iiq9NG7NvsOWNDbPs+XIODvTRyRrZp
/KQiDdF1pcscAOrz9JE/3SucgXCXsFTMQ01cibuRwUu+c8orSEZKbtCbW6qfS1RT
qPXp1tnlxmSSDeIuEh3LtQjBdwYZDy/rKOlav1eBF8Aj/JI9uQE6IVOzXT7+GgsK
sOyDYgdYfIxdi915kIOBrleMImZ0TX9ALu/Y/HM8688GjWSV/CSCQ3xbdBfyzhRZ
zrihL/GopFIeS0kQNcUCA3IBeszY0CMishHxMucfxJDHaFRHmw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:19 2025 by rpki-client