Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ea271f77-763d-42f8-a315-60081847d059.roa
File:                     ea271f77-763d-42f8-a315-60081847d059.roa (raw, json)
Hash identifier:          tOVQqk8y2nJM4Wotdnqi3X1m+hEDrR8JIa+0gzggVmI=
Subject key identifier:   BB:17:E2:73:1F:2F:8E:B1:9A:CA:F4:5B:E4:51:FD:AC:F0:75:72:72
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       68F0D1C419F424B8D9C996D97AC5B72470D8FE6F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ea271f77-763d-42f8-a315-60081847d059.roa
Signing time:             Fri 26 Sep 2025 18:20:19 +0000
ROA not before:           Fri 26 Sep 2025 18:20:19 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:e040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:f0:d1:c4:19:f4:24:b8:d9:c9:96:d9:7a:c5:b7:24:70:d8:fe:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:20:19 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=b4be1731ebc7259c6ed5b905b32544ce1eff3f53af2e5a7fe64da4db3bb677cf, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:15:db:72:cf:f2:52:02:3c:ea:7d:50:1f:f0:
                    46:23:42:d1:fb:d6:21:c4:74:b4:90:71:0e:5b:a2:
                    cb:b7:a7:d9:1a:9f:25:b9:1b:ac:73:7e:9a:e6:af:
                    36:f9:06:2a:fa:26:1f:ac:0d:f4:48:dc:36:2e:3d:
                    3f:1d:ec:31:a2:16:2b:14:1c:eb:75:a1:e6:91:61:
                    6b:44:c3:d3:a5:c8:09:94:bb:6a:33:19:d0:01:66:
                    b9:3d:85:58:27:a5:0e:fa:1e:35:71:f6:36:a4:0d:
                    ef:eb:cd:c2:84:26:bb:9c:c0:8b:5b:53:30:4d:c5:
                    89:f3:ee:5e:87:81:97:ab:97:43:06:27:c1:dd:e7:
                    a4:d0:45:0d:2f:6e:34:18:23:c5:a8:c6:b0:3c:3c:
                    56:27:1a:f9:d1:7c:45:48:3c:9f:de:87:31:43:5e:
                    0e:c6:f9:28:55:08:2f:62:91:97:5e:d1:82:da:1b:
                    74:ec:16:59:f3:ed:91:7e:7d:02:d0:06:33:25:91:
                    76:cd:17:10:51:6e:b9:0c:6a:73:a0:cf:e7:80:12:
                    d2:5a:c9:fe:d2:21:eb:32:a7:63:af:89:eb:9d:1f:
                    f5:20:d2:35:fd:1d:eb:08:48:64:7d:cf:e4:33:e1:
                    72:c7:c0:63:cc:c3:4b:fb:3f:7f:8b:28:29:da:75:
                    f9:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:17:E2:73:1F:2F:8E:B1:9A:CA:F4:5B:E4:51:FD:AC:F0:75:72:72
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ea271f77-763d-42f8-a315-60081847d059.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:e040::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:15:7e:90:a8:52:ed:96:38:60:de:44:ab:f5:b0:b2:65:72:
         67:3a:02:f9:20:5f:7d:b0:15:1e:20:61:73:c5:d4:9d:a6:ee:
         65:cb:09:a9:76:fc:5e:68:6e:6c:d0:ed:df:5a:78:48:89:0e:
         cb:31:f2:f5:8f:63:3a:77:02:5b:ac:06:ea:e3:20:8c:4d:8c:
         cf:36:63:1b:d3:bb:a0:e4:b7:01:c3:7a:4d:4a:87:96:37:6a:
         92:61:54:bb:1c:69:a0:c6:3a:c9:e2:4b:8b:96:a5:ce:d4:99:
         e9:85:17:1d:aa:c3:06:b1:71:c6:59:4c:06:85:11:59:9c:90:
         1f:56:e4:81:22:fa:8f:c5:2e:c7:69:f5:87:b1:5f:de:67:b8:
         d2:61:c3:40:e6:61:03:2e:bd:a0:a4:aa:a3:4a:ec:9c:65:d4:
         c1:b6:fd:76:da:c8:8c:c6:67:84:5c:d7:3e:c9:b2:e5:f5:df:
         29:40:a4:8a:bd:85:a3:ae:90:1d:03:99:ee:27:86:a8:e8:e5:
         79:0e:88:03:21:24:aa:bf:e4:27:a0:03:5e:9c:06:81:d0:44:
         34:2f:4e:07:bc:8b:93:3b:16:5d:aa:89:01:b0:d1:64:14:e0:
         06:5f:90:1a:e4:c4:59:6f:8a:1c:c8:96:52:fa:94:28:ca:ca:
         f8:55:19:ca
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUaPDRxBn0JLjZyZbZesW3JHDY/m8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODIwMTlaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGI0YmUxNzMxZWJjNzI1OWM2ZWQ1YjkwNWIzMjU0NGNlMWVmZjNmNTNhZjJl
NWE3ZmU2NGRhNGRiM2JiNjc3Y2YxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJcV23LP8lICPOp9UB/wRiNC0fvWIcR0tJBxDluiy7en2RqfJbkbrHN+muav
NvkGKvomH6wN9EjcNi49Px3sMaIWKxQc63Wh5pFha0TD06XICZS7ajMZ0AFmuT2F
WCelDvoeNXH2NqQN7+vNwoQmu5zAi1tTME3FifPuXoeBl6uXQwYnwd3npNBFDS9u
NBgjxajGsDw8Vica+dF8RUg8n96HMUNeDsb5KFUIL2KRl17RgtobdOwWWfPtkX59
AtAGMyWRds0XEFFuuQxqc6DP54AS0lrJ/tIh6zKnY6+J650f9SDSNf0d6whIZH3P
5DPhcsfAY8zDS/s/f4soKdp1+X8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS7F+Jz
Hy+OsZrK9FvkUf2s8HVycjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZWEyNzFmNzctNzYzZC00MmY4LWEzMTUtNjAwODE4NDdkMDU5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DHg
QDANBgkqhkiG9w0BAQsFAAOCAQEAKxV+kKhS7ZY4YN5Eq/WwsmVyZzoC+SBffbAV
HiBhc8XUnabuZcsJqXb8XmhubNDt31p4SIkOyzHy9Y9jOncCW6wG6uMgjE2MzzZj
G9O7oOS3AcN6TUqHljdqkmFUuxxpoMY6yeJLi5alztSZ6YUXHarDBrFxxllMBoUR
WZyQH1bkgSL6j8Uux2n1h7Ff3me40mHDQOZhAy69oKSqo0rsnGXUwbb9dtrIjMZn
hFzXPsmy5fXfKUCkir2Fo66QHQOZ7ieGqOjleQ6IAyEkqr/kJ6ADXpwGgdBENC9O
B7yLkzsWXaqJAbDRZBTgBl+QGuTEWW+KHMiWUvqUKMrK+FUZyg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:09 2025 by rpki-client