Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ebe232e9-8f0a-4125-b83c-7989e39fdd99.roa
File:                     ebe232e9-8f0a-4125-b83c-7989e39fdd99.roa (raw, json)
Hash identifier:          ab3Ce3mMKjjs4AW1/i2JgUR+An0rNzuHPC/1sS52JT4=
Subject key identifier:   46:CA:AD:47:67:EF:D7:BB:08:90:91:67:03:83:35:E7:B4:57:77:4F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3257C88DE4FB92B733FC74A992C52AB2BC9C62B8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ebe232e9-8f0a-4125-b83c-7989e39fdd99.roa
Signing time:             Fri 26 Sep 2025 19:40:48 +0000
ROA not before:           Fri 26 Sep 2025 19:40:48 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d06d:b000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:57:c8:8d:e4:fb:92:b7:33:fc:74:a9:92:c5:2a:b2:bc:9c:62:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:40:48 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=457e08348ca994c56b7ac29b04953029d0817294834f299fda8896447814711b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:cf:a2:38:6e:c3:ab:27:90:a6:84:ad:35:e1:
                    dc:cf:b4:94:c3:21:92:8a:d8:ba:41:fc:e4:4e:32:
                    ab:c8:33:00:84:a1:7e:c0:3c:64:ef:27:9f:1b:0e:
                    f5:24:f1:f8:51:07:95:7b:4f:54:cc:51:45:ca:1a:
                    17:81:88:25:ee:6e:17:af:c2:6d:19:d1:74:c2:71:
                    66:8c:92:d8:4c:26:65:db:8b:33:0a:88:ee:47:a6:
                    9f:b2:22:a9:ec:2f:cd:70:39:63:0d:2b:fb:df:88:
                    6b:b1:f5:62:dd:18:c6:3a:e1:70:8d:47:30:b7:9c:
                    6c:f8:80:a8:70:eb:f5:f0:43:2d:44:e7:5e:a9:47:
                    9d:bf:39:78:0e:a4:90:1a:89:16:db:53:56:e0:00:
                    c0:0c:d9:fc:a9:d3:b1:ad:b0:6d:3a:1b:04:ea:64:
                    2b:b0:26:73:59:db:95:57:63:4c:70:24:74:d1:7d:
                    2e:ff:b1:81:cf:dd:b8:fb:be:45:ed:91:e9:cc:94:
                    58:33:28:83:a6:08:8c:d0:42:8e:02:52:5d:6e:bf:
                    78:d8:3f:88:05:9b:0e:86:0a:ed:e0:10:20:ff:d9:
                    9f:54:be:95:dc:0f:df:98:b6:ee:14:fb:e9:60:7c:
                    0b:ad:44:cf:5b:28:33:9c:17:24:6f:dd:c2:3a:bf:
                    9b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:CA:AD:47:67:EF:D7:BB:08:90:91:67:03:83:35:E7:B4:57:77:4F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ebe232e9-8f0a-4125-b83c-7989e39fdd99.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d06d:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         2b:f6:d1:4c:1b:20:5a:99:18:1d:ab:16:99:b0:88:a7:25:5c:
         07:88:8f:31:d1:3f:3f:96:3e:80:47:3e:d5:bf:cd:4f:81:1e:
         9f:e5:cd:72:c8:80:be:7b:2e:b5:f7:42:0a:d3:0c:b6:0b:83:
         17:bf:84:9a:ff:62:d7:10:eb:13:66:f5:bf:1d:a9:48:ae:41:
         63:b1:9c:aa:7e:fe:5e:44:c4:69:eb:4d:92:3b:47:ff:00:2f:
         8b:de:5c:98:4a:2f:bb:00:f5:05:18:8a:86:42:eb:a3:5a:7a:
         78:d9:1c:44:8c:6a:98:31:4b:28:b2:2e:f0:b2:bd:69:99:b0:
         06:72:6f:74:3f:fd:ff:03:6d:6c:c4:18:cf:5d:52:93:05:64:
         08:e9:71:83:08:ab:15:7f:70:12:29:d8:a4:35:aa:10:46:07:
         de:97:56:a8:47:bc:0c:af:5a:c3:9e:4f:4f:74:8b:57:4e:a0:
         56:f8:65:d1:d8:6c:0c:72:cc:d8:55:9b:7e:f2:61:35:66:e0:
         df:06:2b:78:51:0d:b9:5b:26:20:05:21:57:75:72:e8:7c:ed:
         76:4f:56:b1:ae:ec:f3:48:de:f7:c8:03:49:a3:b0:d2:0c:05:
         92:92:99:21:a2:a9:38:40:55:40:e6:1d:b0:ea:b3:a9:26:46:
         43:be:9e:0d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMlfIjeT7krcz/HSpksUqsrycYrgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQwNDhaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ1N2UwODM0OGNhOTk0YzU2YjdhYzI5YjA0OTUzMDI5ZDA4MTcyOTQ4MzRm
Mjk5ZmRhODg5NjQ0NzgxNDcxMWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALvPojhuw6snkKaErTXh3M+0lMMhkorYukH85E4yq8gzAIShfsA8ZO8nnxsO
9STx+FEHlXtPVMxRRcoaF4GIJe5uF6/CbRnRdMJxZoyS2EwmZduLMwqI7kemn7Ii
qewvzXA5Yw0r+9+Ia7H1Yt0YxjrhcI1HMLecbPiAqHDr9fBDLUTnXqlHnb85eA6k
kBqJFttTVuAAwAzZ/KnTsa2wbTobBOpkK7Amc1nblVdjTHAkdNF9Lv+xgc/duPu+
Re2R6cyUWDMog6YIjNBCjgJSXW6/eNg/iAWbDoYK7eAQIP/Zn1S+ldwP35i27hT7
6WB8C61Ez1soM5wXJG/dwjq/m70CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRGyq1H
Z+/XuwiQkWcDgzXntFd3TzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZWJlMjMyZTktOGYwYS00MTI1LWI4M2MtNzk4OWUzOWZkZDk5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G2w
MA0GCSqGSIb3DQEBCwUAA4IBAQAr9tFMGyBamRgdqxaZsIinJVwHiI8x0T8/lj6A
Rz7Vv81PgR6f5c1yyIC+ey6190IK0wy2C4MXv4Sa/2LXEOsTZvW/HalIrkFjsZyq
fv5eRMRp602SO0f/AC+L3lyYSi+7APUFGIqGQuujWnp42RxEjGqYMUsosi7wsr1p
mbAGcm90P/3/A21sxBjPXVKTBWQI6XGDCKsVf3ASKdikNaoQRgfel1aoR7wMr1rD
nk9PdItXTqBW+GXR2GwMcszYVZt+8mE1ZuDfBit4UQ25WyYgBSFXdXLofO12T1ax
ruzzSN73yANJo7DSDAWSkpkhoqk4QFVA5h2w6rOpJkZDvp4N
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:12 2025 by rpki-client