Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e6ac0def-833f-4e1b-a75d-2d1fb3b8c3d6.roa
File:                     e6ac0def-833f-4e1b-a75d-2d1fb3b8c3d6.roa (raw, json)
Hash identifier:          0ZrAnf3cPQxAVs9v6Tr0kiJpn/ZMCZ0r0DVIMRn7zdg=
Subject key identifier:   C5:45:5D:DB:96:4B:71:6A:DF:43:32:EE:B2:EA:34:54:AA:53:B2:CD
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2C90C2259CA7E2085A1976F6C3347A9B86C63FBF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e6ac0def-833f-4e1b-a75d-2d1fb3b8c3d6.roa
Signing time:             Fri 26 Sep 2025 19:21:16 +0000
ROA not before:           Fri 26 Sep 2025 19:21:16 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07e:c000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:90:c2:25:9c:a7:e2:08:5a:19:76:f6:c3:34:7a:9b:86:c6:3f:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:21:16 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=4758771a4d81db8500e989243dabf2bd52e361c522a0cdb3bf83ff77f86a2da3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f5:c8:8a:51:6d:bb:9f:d8:6e:97:ac:63:29:
                    66:f8:72:38:cf:93:e4:3f:4a:a8:d0:77:e5:f1:3c:
                    9f:8a:c4:2f:35:e1:4e:45:48:79:73:cd:a6:01:ec:
                    92:17:08:84:00:2b:92:2a:6f:af:65:43:99:06:4f:
                    11:7d:40:c6:8d:7d:8c:87:a2:ef:15:a7:60:84:95:
                    ac:6e:dd:d2:d9:91:fe:0f:91:36:a9:f4:b0:cf:86:
                    89:90:30:55:8a:9b:ed:62:85:0a:57:8c:16:ca:2a:
                    bb:a1:9c:a2:b9:55:08:46:a1:d6:69:56:64:62:ac:
                    a1:71:01:5e:73:64:c6:4f:93:cd:0f:f3:0c:41:36:
                    6f:3f:2d:ee:10:d0:07:17:b7:85:13:80:96:3e:3d:
                    e4:4f:36:37:5d:c4:a9:45:8b:b2:81:f2:2a:b0:a3:
                    e2:43:73:fb:90:6b:13:18:cc:b2:47:24:e6:09:e4:
                    58:39:80:b0:51:40:c7:94:ee:b5:3f:f8:87:04:63:
                    84:7a:62:ef:53:26:e2:7e:0a:b6:da:32:c5:0c:35:
                    9f:e3:f8:2f:e9:0a:a2:fd:37:38:6b:27:88:e4:a8:
                    c8:d1:f4:37:a4:ba:c7:66:0c:f3:da:1c:62:09:41:
                    06:2b:73:02:a6:00:e7:fb:72:df:0e:c3:51:f5:a9:
                    ec:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:45:5D:DB:96:4B:71:6A:DF:43:32:EE:B2:EA:34:54:AA:53:B2:CD
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e6ac0def-833f-4e1b-a75d-2d1fb3b8c3d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07e:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         96:3e:61:f3:8c:88:d3:09:09:5d:cb:c6:9a:75:a8:ac:5c:52:
         4f:2e:46:b6:34:37:cc:3e:4d:fd:3c:88:a3:8d:6e:76:7f:20:
         48:ec:d6:bc:56:ad:10:50:4f:8f:2b:08:e4:8e:a4:9d:f2:25:
         b7:7a:ad:74:96:26:a3:57:9c:a5:60:56:71:66:d3:be:4f:bb:
         10:e3:76:ee:5f:ef:06:6d:99:37:31:ba:fc:71:a9:02:35:2a:
         3d:5a:1b:43:8c:5e:2a:17:d6:18:ab:77:ec:b2:56:6a:ac:27:
         eb:ef:d9:44:a2:03:f1:0c:9d:af:94:e3:87:73:e4:99:6f:8f:
         6f:0b:9f:5a:83:91:49:c1:fa:16:d0:df:e0:74:fe:16:8b:27:
         b8:40:49:6b:83:97:8b:12:1c:cb:fe:6b:23:dc:48:30:36:43:
         66:9b:ad:9f:8f:cd:f8:ae:62:f9:02:e6:32:c6:c7:e9:8c:01:
         4a:57:7f:5b:b7:50:7a:00:02:1c:31:9c:df:fd:d4:43:77:a5:
         fd:ea:a7:06:8f:0f:9d:67:e5:05:27:a8:f8:79:22:17:ac:b5:
         8e:2e:3e:b1:35:8c:d7:ee:c8:88:c0:92:be:39:a5:c7:8d:f5:
         35:a0:51:62:94:c1:64:1b:64:03:8c:b4:39:30:83:ed:d5:d1:
         40:fb:b2:99
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULJDCJZyn4ghaGXb2wzR6m4bGP78wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTIxMTZaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ3NTg3NzFhNGQ4MWRiODUwMGU5ODkyNDNkYWJmMmJkNTJlMzYxYzUyMmEw
Y2RiM2JmODNmZjc3Zjg2YTJkYTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALf1yIpRbbuf2G6XrGMpZvhyOM+T5D9KqNB35fE8n4rELzXhTkVIeXPNpgHs
khcIhAArkipvr2VDmQZPEX1Axo19jIei7xWnYISVrG7d0tmR/g+RNqn0sM+GiZAw
VYqb7WKFCleMFsoqu6GcorlVCEah1mlWZGKsoXEBXnNkxk+TzQ/zDEE2bz8t7hDQ
Bxe3hROAlj495E82N13EqUWLsoHyKrCj4kNz+5BrExjMskck5gnkWDmAsFFAx5Tu
tT/4hwRjhHpi71Mm4n4KttoyxQw1n+P4L+kKov03OGsniOSoyNH0N6S6x2YM89oc
YglBBitzAqYA5/ty3w7DUfWp7GkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTFRV3b
lktxat9DMu6y6jRUqlOyzTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTZhYzBkZWYtODMzZi00ZTFiLWE3NWQtMmQxZmIzYjhjM2Q2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H7A
MA0GCSqGSIb3DQEBCwUAA4IBAQCWPmHzjIjTCQldy8aadaisXFJPLka2NDfMPk39
PIijjW52fyBI7Na8Vq0QUE+PKwjkjqSd8iW3eq10liajV5ylYFZxZtO+T7sQ43bu
X+8GbZk3Mbr8cakCNSo9WhtDjF4qF9YYq3fsslZqrCfr79lEogPxDJ2vlOOHc+SZ
b49vC59ag5FJwfoW0N/gdP4Wiye4QElrg5eLEhzL/msj3EgwNkNmm62fj834rmL5
AuYyxsfpjAFKV39bt1B6AAIcMZzf/dRDd6X96qcGjw+dZ+UFJ6j4eSIXrLWOLj6x
NYzX7siIwJK+OaXHjfU1oFFilMFkG2QDjLQ5MIPt1dFA+7KZ
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:21 2025 by rpki-client