Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ede5200e-55c8-4a89-9ccf-cf465c6ddb50.roa
File:                     ede5200e-55c8-4a89-9ccf-cf465c6ddb50.roa (raw, json)
Hash identifier:          6TAmHZdLu2GtRaY/j9/eaVVHogInADNHvbrTLcy2H6c=
Subject key identifier:   C3:D5:49:70:54:27:46:BC:8E:71:EC:FC:15:F8:F6:57:5E:E6:64:F1
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       793902BCA2A91F029E0FFA7337A13A8C64F931A4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ede5200e-55c8-4a89-9ccf-cf465c6ddb50.roa
Signing time:             Mon 06 Oct 2025 18:10:04 +0000
ROA not before:           Mon 06 Oct 2025 18:10:04 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d032:4000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:39:02:bc:a2:a9:1f:02:9e:0f:fa:73:37:a1:3a:8c:64:f9:31:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct  6 18:10:04 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=1c26da61aeb8911f557eed9e777fc3444f11378a6338010b0d223d1b4b9cfc4b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6b:3b:a8:30:75:00:69:27:5a:e1:61:5d:43:
                    66:6b:83:7c:e7:2f:12:80:40:88:19:40:47:18:c2:
                    ac:a6:c2:7f:ec:8d:2b:9f:2d:6a:a7:27:43:8f:54:
                    cd:65:1f:e7:31:63:8f:d5:e6:75:17:f2:dd:de:ea:
                    41:77:60:75:9a:e3:01:5d:d5:db:99:84:11:44:02:
                    55:e9:d6:e8:cd:fe:22:f5:d6:3c:bf:2d:6a:cd:bf:
                    2d:57:92:a5:9f:d7:15:d1:70:0c:67:ed:f6:83:d6:
                    39:76:2c:fe:13:a9:47:56:b9:d3:8c:ad:b1:e8:db:
                    80:be:cf:d8:38:e7:70:56:3b:78:f1:3a:0f:d3:9a:
                    83:1e:f7:e3:85:22:ab:87:db:10:5e:0f:ac:f3:69:
                    98:af:88:dc:9e:c2:43:14:28:68:d8:aa:97:91:4c:
                    89:f0:42:3f:79:76:6b:4a:81:c1:45:57:1c:c6:69:
                    f4:9e:25:1a:76:74:81:93:4a:b7:a5:f2:c0:de:be:
                    48:bb:f1:2a:69:ed:3d:77:d2:62:e6:b4:3a:33:0c:
                    50:5f:72:36:89:a6:59:61:8f:3f:e6:ba:84:a7:2e:
                    1a:87:97:7d:cb:f0:bf:66:fe:ae:c9:77:36:af:99:
                    b2:30:bf:e7:01:c4:13:8a:19:15:a3:57:9c:65:ae:
                    92:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:D5:49:70:54:27:46:BC:8E:71:EC:FC:15:F8:F6:57:5E:E6:64:F1
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ede5200e-55c8-4a89-9ccf-cf465c6ddb50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d032:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         68:a7:14:70:53:16:32:33:6e:85:fe:a2:31:d7:b9:7a:98:a3:
         d5:b6:84:76:c5:7f:a8:4a:c5:21:5b:1a:41:20:62:af:1f:2b:
         99:1b:b5:9e:fe:76:a2:a0:50:ca:50:1b:f3:33:5f:4f:24:01:
         cf:86:15:bf:72:b7:9b:8b:0f:58:c2:3c:62:8a:2e:25:82:5f:
         6a:51:ff:e7:4d:3e:d7:54:81:e9:4c:b9:41:2e:a3:8c:42:e8:
         c1:cc:aa:02:4e:ff:d7:38:3b:cc:94:25:95:70:10:0c:14:f7:
         b5:d3:a2:1a:d8:3b:09:66:16:07:03:48:53:bc:22:66:1b:30:
         70:d8:5c:de:24:75:cb:e7:8b:e6:1c:98:3c:51:cd:10:c3:6b:
         5d:12:34:5e:36:a2:d8:c9:12:d6:e6:6b:e5:11:d5:d3:91:d6:
         55:18:1a:af:41:a3:e4:c8:68:c6:98:36:1c:b6:26:eb:79:13:
         2e:76:ec:e7:68:9e:00:4b:50:78:86:b0:4c:4b:bc:13:4a:0c:
         7a:82:ad:ef:9a:2f:66:26:fb:ff:6e:5b:0a:70:20:e3:15:74:
         fe:57:df:d9:04:71:25:29:f9:01:62:57:ae:cb:1b:4d:3a:c3:
         3d:48:b9:49:b4:c9:e0:ef:a0:ec:78:ca:44:86:4a:cf:20:e6:
         0b:2f:d1:f3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUeTkCvKKpHwKeD/pzN6E6jGT5MaQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODEwMDRaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDFjMjZkYTYxYWViODkxMWY1NTdlZWQ5ZTc3N2ZjMzQ0NGYxMTM3OGE2MzM4
MDEwYjBkMjIzZDFiNGI5Y2ZjNGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKFrO6gwdQBpJ1rhYV1DZmuDfOcvEoBAiBlARxjCrKbCf+yNK58taqcnQ49U
zWUf5zFjj9XmdRfy3d7qQXdgdZrjAV3V25mEEUQCVenW6M3+IvXWPL8tas2/LVeS
pZ/XFdFwDGft9oPWOXYs/hOpR1a504ytsejbgL7P2DjncFY7ePE6D9Oagx7344Ui
q4fbEF4PrPNpmK+I3J7CQxQoaNiql5FMifBCP3l2a0qBwUVXHMZp9J4lGnZ0gZNK
t6XywN6+SLvxKmntPXfSYua0OjMMUF9yNommWWGPP+a6hKcuGoeXfcvwv2b+rsl3
Nq+ZsjC/5wHEE4oZFaNXnGWukvcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTD1Ulw
VCdGvI5x7PwV+PZXXuZk8TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZWRlNTIwMGUtNTVjOC00YTg5LTljY2YtY2Y0NjVjNmRkYjUwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DJA
MA0GCSqGSIb3DQEBCwUAA4IBAQBopxRwUxYyM26F/qIx17l6mKPVtoR2xX+oSsUh
WxpBIGKvHyuZG7We/naioFDKUBvzM19PJAHPhhW/crebiw9Ywjxiii4lgl9qUf/n
TT7XVIHpTLlBLqOMQujBzKoCTv/XODvMlCWVcBAMFPe106Ia2DsJZhYHA0hTvCJm
GzBw2FzeJHXL54vmHJg8Uc0Qw2tdEjReNqLYyRLW5mvlEdXTkdZVGBqvQaPkyGjG
mDYctibreRMuduznaJ4AS1B4hrBMS7wTSgx6gq3vmi9mJvv/blsKcCDjFXT+V9/Z
BHElKfkBYleuyxtNOsM9SLlJtMng76DseMpEhkrPIOYLL9Hz
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:09 2025 by rpki-client