Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f067aa52-ee52-4fb2-867c-8dc79786d43d.roa
File:                     f067aa52-ee52-4fb2-867c-8dc79786d43d.roa (raw, json)
Hash identifier:          Si9C53pVfKMsEnJkr1x62jBI74eBL1dYcHZJRuq2euo=
Subject key identifier:   7E:1A:62:A2:5F:8B:E4:ED:EA:36:5D:01:00:73:96:83:29:EF:31:CE
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       21F830C196BBEA7A8E9DB1238D9A923EF2F2356C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f067aa52-ee52-4fb2-867c-8dc79786d43d.roa
Signing time:             Fri 26 Sep 2025 18:38:55 +0000
ROA not before:           Fri 26 Sep 2025 18:38:55 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:2080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:f8:30:c1:96:bb:ea:7a:8e:9d:b1:23:8d:9a:92:3e:f2:f2:35:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:38:55 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=190c87d3f2766531a85d82683d163ccc5e0f30e74455766914fed58f0938d08e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c5:33:58:2f:da:7c:63:fa:98:c9:c8:9e:04:
                    50:ba:df:5a:1b:ea:5d:dc:0a:7b:5b:d7:89:0c:7d:
                    10:5b:5d:7a:56:d4:09:49:34:37:fd:3e:7a:67:91:
                    6e:29:5b:b2:01:30:a9:b5:db:de:a9:86:e5:33:22:
                    7b:44:0e:3f:df:7e:d0:e0:5c:3f:9b:23:90:7a:d5:
                    3c:4d:b3:8b:82:9f:e5:66:f7:c0:49:25:29:58:c3:
                    d6:a6:fb:bb:2e:03:13:af:50:9d:cf:62:ca:3a:11:
                    c3:f5:cf:de:19:90:0f:20:fb:55:f0:54:35:3c:43:
                    1b:89:64:1f:5f:62:70:be:d3:89:16:87:e5:e2:90:
                    42:22:e1:e4:c4:eb:da:44:ef:e8:4b:ce:d0:0c:07:
                    07:f1:78:f7:c4:4c:19:b4:e5:d1:e5:00:1a:a1:ed:
                    40:8d:c8:0d:58:09:8f:4d:67:5a:41:27:74:29:8a:
                    dc:bc:58:bf:7c:96:dd:b2:4d:3a:87:e9:30:df:49:
                    09:75:cb:6a:e2:b2:e2:3f:3a:76:4f:45:67:ae:a6:
                    57:8f:ef:b0:90:97:6a:92:32:d5:72:a4:61:36:c0:
                    6d:8b:8c:b8:e0:d5:19:9c:2a:28:a2:f0:21:b8:1b:
                    66:eb:1d:a2:e6:e7:c0:00:7f:19:d4:28:38:33:b7:
                    e4:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:1A:62:A2:5F:8B:E4:ED:EA:36:5D:01:00:73:96:83:29:EF:31:CE
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f067aa52-ee52-4fb2-867c-8dc79786d43d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:2080::/48

    Signature Algorithm: sha256WithRSAEncryption
         b6:0e:a9:21:26:c6:1a:cc:ef:b9:32:96:bc:94:7a:2e:e2:1d:
         ab:39:94:2d:77:01:85:47:02:78:7d:c6:10:08:50:2f:3e:f5:
         0d:a4:d6:be:dd:2e:d7:d3:8c:80:32:a0:5b:cb:d3:9d:f6:5a:
         a5:13:e3:c0:78:ca:1f:f7:1c:84:42:11:0f:68:56:81:77:35:
         37:78:c1:90:57:19:14:e7:e8:ec:af:df:23:c7:bc:1d:4c:63:
         3f:ff:63:36:ee:1c:bc:14:ef:37:ae:04:a3:e4:31:d6:07:1e:
         8f:96:8d:85:53:56:53:25:fb:7b:45:bc:52:81:f8:2e:4a:3b:
         43:d0:91:dd:b6:88:74:db:56:84:92:84:94:fe:ec:96:f8:37:
         ff:10:ec:07:d1:24:cb:47:42:a5:43:8a:ab:ff:c3:ea:f6:ce:
         94:83:eb:6a:fd:7e:a3:86:84:de:03:44:93:48:e5:f8:69:01:
         7e:33:64:9f:d4:f6:48:74:12:ec:df:dc:c8:a3:68:2a:d1:45:
         ea:7d:23:9d:30:96:6a:ca:16:9c:04:ab:d6:2b:88:6b:bd:8b:
         56:99:60:2c:f7:41:6c:b7:51:e4:be:85:f0:31:2e:19:4c:f6:
         5f:77:64:61:0f:da:ad:f2:30:d4:ec:37:c0:0b:59:f2:cb:4e:
         a6:e6:d0:93
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUIfgwwZa76nqOnbEjjZqSPvLyNWwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODM4NTVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDE5MGM4N2QzZjI3NjY1MzFhODVkODI2ODNkMTYzY2NjNWUwZjMwZTc0NDU1
NzY2OTE0ZmVkNThmMDkzOGQwOGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMnFM1gv2nxj+pjJyJ4EULrfWhvqXdwKe1vXiQx9EFtdelbUCUk0N/0+emeR
bilbsgEwqbXb3qmG5TMie0QOP99+0OBcP5sjkHrVPE2zi4Kf5Wb3wEklKVjD1qb7
uy4DE69Qnc9iyjoRw/XP3hmQDyD7VfBUNTxDG4lkH19icL7TiRaH5eKQQiLh5MTr
2kTv6EvO0AwHB/F498RMGbTl0eUAGqHtQI3IDVgJj01nWkEndCmK3LxYv3yW3bJN
OofpMN9JCXXLauKy4j86dk9FZ66mV4/vsJCXapIy1XKkYTbAbYuMuODVGZwqKKLw
IbgbZusdoubnwAB/GdQoODO35DMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBR+GmKi
X4vk7eo2XQEAc5aDKe8xzjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjA2N2FhNTItZWU1Mi00ZmIyLTg2N2MtOGRjNzk3ODZkNDNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HIg
gDANBgkqhkiG9w0BAQsFAAOCAQEAtg6pISbGGszvuTKWvJR6LuIdqzmULXcBhUcC
eH3GEAhQLz71DaTWvt0u19OMgDKgW8vTnfZapRPjwHjKH/cchEIRD2hWgXc1N3jB
kFcZFOfo7K/fI8e8HUxjP/9jNu4cvBTvN64Eo+Qx1gcej5aNhVNWUyX7e0W8UoH4
Lko7Q9CR3baIdNtWhJKElP7slvg3/xDsB9Eky0dCpUOKq//D6vbOlIPrav1+o4aE
3gNEk0jl+GkBfjNkn9T2SHQS7N/cyKNoKtFF6n0jnTCWasoWnASr1iuIa72LVplg
LPdBbLdR5L6F8DEuGUz2X3dkYQ/arfIw1Ow3wAtZ8stOpubQkw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:04 2025 by rpki-client