Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e3a0b200-3f16-4eb7-aa0a-fccc46a9092b.roa
File:                     e3a0b200-3f16-4eb7-aa0a-fccc46a9092b.roa (raw, json)
Hash identifier:          3syLPBs3ycRKJ3xNDEt1twQ1gjmVvAx4AB8z6Rch4cw=
Subject key identifier:   7A:85:C0:E2:6C:67:B1:E7:1E:EC:F3:4F:8F:27:1E:54:BC:E8:EE:B6
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       225AF4B756E530F4BF33F7FFC7B676660914370C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e3a0b200-3f16-4eb7-aa0a-fccc46a9092b.roa
Signing time:             Sat 27 Sep 2025 00:53:33 +0000
ROA not before:           Sat 27 Sep 2025 00:53:33 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        79.125.0.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:5a:f4:b7:56:e5:30:f4:bf:33:f7:ff:c7:b6:76:66:09:14:37:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 27 00:53:33 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=f7ecb4321069ce45dfc3810509b56c5c634c9563b075b3899c742b0c23c3714d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:38:d4:96:62:96:a7:35:cb:1d:d2:82:c1:29:
                    03:f6:06:9c:4b:25:e7:e9:8d:15:89:d9:45:3d:a9:
                    88:75:66:b9:c5:95:77:ab:f3:79:57:cb:b0:c9:84:
                    0c:59:37:38:63:84:cc:ac:f9:2a:a4:e4:9d:05:2c:
                    c0:77:ed:39:d4:f7:eb:33:da:7d:2f:df:0b:1a:04:
                    ac:5d:d9:37:91:28:ad:6b:d2:04:cf:41:ca:0a:c9:
                    07:e6:43:6b:52:d7:65:d2:4f:d4:74:49:fa:1d:f1:
                    c5:fd:35:4f:9c:7a:8b:e9:71:50:80:3a:6e:a8:af:
                    9b:94:e2:92:91:43:a7:67:32:d4:c5:34:e3:47:14:
                    10:56:3d:1c:4f:ba:46:d7:a8:48:a2:0b:01:b2:3e:
                    a5:b3:20:13:cb:7d:89:59:04:d6:db:78:f0:c0:a7:
                    66:50:e2:f2:3b:ae:58:01:54:90:4a:36:cc:ac:6f:
                    ea:29:07:29:70:58:41:cb:af:89:b4:e2:e8:89:7a:
                    c2:c6:0d:61:a8:22:c0:4f:89:99:f5:26:76:0e:29:
                    bd:63:5c:f8:9a:02:67:9c:3f:bb:76:f8:ab:db:c2:
                    f7:82:30:1f:c0:e2:33:7d:36:12:90:36:60:ca:9f:
                    0d:15:1b:a2:38:75:09:e0:a5:51:a5:3a:ab:c8:6d:
                    11:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:85:C0:E2:6C:67:B1:E7:1E:EC:F3:4F:8F:27:1E:54:BC:E8:EE:B6
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e3a0b200-3f16-4eb7-aa0a-fccc46a9092b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.125.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         7c:6c:3d:73:91:54:35:d3:96:5d:0c:2d:24:e9:47:8f:cb:fc:
         7c:cf:15:87:1f:2a:57:4f:03:19:81:be:fb:be:72:55:58:b1:
         cd:64:8c:fa:f3:23:eb:53:95:be:3a:12:68:32:24:bc:d8:75:
         fe:57:ef:5b:ab:df:42:4e:25:f8:ae:e0:8e:c4:28:85:a5:3c:
         ff:95:08:85:8a:26:94:6b:c4:26:fc:b4:55:86:39:04:a7:ad:
         62:c6:0a:54:03:d8:d7:a3:83:4f:37:d2:81:5f:bb:1a:4a:f2:
         9c:76:11:88:58:a4:77:95:b2:ca:07:54:0f:d0:48:14:66:34:
         be:93:38:3a:f7:c5:0e:f4:21:15:c8:13:05:0d:b3:10:25:31:
         37:1c:35:5c:98:d2:dc:07:6e:07:a5:35:34:53:ac:66:44:85:
         61:e3:a2:1f:29:62:31:84:56:bf:c4:3c:02:25:9b:7f:c5:a2:
         1e:81:34:d7:00:80:f5:95:9c:b0:81:46:d3:a7:da:6d:7b:cb:
         83:f0:0f:ad:51:25:85:82:f3:97:96:c0:e3:9f:96:39:45:5e:
         0c:ed:80:84:14:97:67:80:33:06:4e:e9:fa:ba:34:7f:93:33:
         77:c8:90:ca:d0:9d:6e:06:da:6c:eb:59:3a:41:16:9e:8d:1e:
         5b:fb:3c:87
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUIlr0t1blMPS/M/f/x7Z2ZgkUNwwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjcwMDUzMzNaFw0yNTExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQGY3ZWNiNDMyMTA2OWNlNDVkZmMzODEwNTA5YjU2YzVjNjM0Yzk1NjNiMDc1
YjM4OTljNzQyYjBjMjNjMzcxNGQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOE41JZilqc1yx3SgsEpA/YGnEsl5+mNFYnZRT2piHVmucWVd6vzeVfLsMmE
DFk3OGOEzKz5KqTknQUswHftOdT36zPafS/fCxoErF3ZN5EorWvSBM9BygrJB+ZD
a1LXZdJP1HRJ+h3xxf01T5x6i+lxUIA6bqivm5TikpFDp2cy1MU040cUEFY9HE+6
RteoSKILAbI+pbMgE8t9iVkE1tt48MCnZlDi8juuWAFUkEo2zKxv6ikHKXBYQcuv
ibTi6Il6wsYNYagiwE+JmfUmdg4pvWNc+JoCZ5w/u3b4q9vC94IwH8DiM302EpA2
YMqfDRUbojh1CeClUaU6q8htEXMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBR6hcDi
bGex5x7s80+PJx5UvOjutjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTNhMGIyMDAtM2YxNi00ZWI3LWFhMGEtZmNjYzQ2YTkwOTJiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB099ADAN
BgkqhkiG9w0BAQsFAAOCAQEAfGw9c5FUNdOWXQwtJOlHj8v8fM8Vhx8qV08DGYG+
+75yVVixzWSM+vMj61OVvjoSaDIkvNh1/lfvW6vfQk4l+K7gjsQohaU8/5UIhYom
lGvEJvy0VYY5BKetYsYKVAPY16ODTzfSgV+7GkrynHYRiFikd5WyygdUD9BIFGY0
vpM4OvfFDvQhFcgTBQ2zECUxNxw1XJjS3AduB6U1NFOsZkSFYeOiHyliMYRWv8Q8
AiWbf8WiHoE01wCA9ZWcsIFG06fabXvLg/APrVElhYLzl5bA45+WOUVeDO2AhBSX
Z4AzBk7p+ro0f5Mzd8iQytCdbgbabOtZOkEWno0eW/s8hw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:17 2025 by rpki-client