Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f7a46ea9-b416-4218-a790-28cf84d702ce.roa
File:                     f7a46ea9-b416-4218-a790-28cf84d702ce.roa (raw, json)
Hash identifier:          Wl2N+osz/f0PqTzF7naxkz6xFqIQlumI9vsfJhwDJok=
Subject key identifier:   85:B5:17:99:DF:D9:B1:4F:43:3C:EA:4F:4D:82:B4:2B:FF:A1:28:60
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7C59B0768F66EB89388E6842B00275D2E293FB87
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f7a46ea9-b416-4218-a790-28cf84d702ce.roa
Signing time:             Fri 26 Sep 2025 20:11:29 +0000
ROA not before:           Fri 26 Sep 2025 20:11:29 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d026::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:59:b0:76:8f:66:eb:89:38:8e:68:42:b0:02:75:d2:e2:93:fb:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 20:11:29 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=879444e78084d87ae00e8e398219be23b0bf9fb64510ce66d4a07799991d75db, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:dd:50:2e:57:e9:b5:5a:8d:22:bf:37:ec:59:
                    b5:a0:56:1c:b1:7d:c5:6b:0f:e3:b1:28:22:42:db:
                    b0:99:0a:3f:0c:39:7d:7c:d9:96:13:2a:5c:21:51:
                    d5:11:76:a3:cf:23:d4:83:f7:b4:6f:ff:71:90:a7:
                    c5:78:d3:1a:f2:7a:02:23:dc:85:50:f7:91:5f:59:
                    7e:e4:f1:0f:62:04:b6:19:71:5f:ca:0f:1f:76:33:
                    0c:e4:48:5d:66:97:c3:92:5f:5b:da:ba:49:58:b3:
                    81:05:0b:4c:27:0c:f1:16:8d:c8:f4:75:02:49:81:
                    6b:1a:cc:5f:d3:1b:1b:b3:8d:df:22:f0:c1:44:47:
                    42:eb:d8:c2:42:c8:be:bb:5c:10:1b:5e:75:15:c6:
                    1c:c3:d8:fe:a8:9a:c0:54:59:10:1a:b1:f2:94:9b:
                    ae:98:aa:e5:df:4c:93:00:ac:e6:e4:32:cc:8d:4e:
                    54:16:69:4c:15:a0:b9:ed:b4:4c:df:12:76:9b:bf:
                    81:f6:84:22:ab:a1:88:17:e8:b8:56:42:ea:8d:7c:
                    00:dc:b4:49:4e:39:ca:11:77:c7:df:d1:16:16:76:
                    6f:c4:fc:5d:a2:32:ad:4c:d9:b7:0d:8b:14:1e:3d:
                    90:da:93:d8:cb:6f:19:fb:ee:bf:90:2a:e6:72:34:
                    04:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:B5:17:99:DF:D9:B1:4F:43:3C:EA:4F:4D:82:B4:2B:FF:A1:28:60
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f7a46ea9-b416-4218-a790-28cf84d702ce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d026::/36

    Signature Algorithm: sha256WithRSAEncryption
         9b:a7:12:0c:c2:c3:61:c1:d6:c3:8f:a6:8e:38:b9:2d:03:f6:
         c9:8e:29:96:e2:4b:9f:c9:25:1e:be:47:36:2f:ac:a6:85:78:
         59:69:50:9c:ee:6a:87:7c:f1:9d:a3:23:d4:0d:69:5e:bb:e7:
         b3:bb:17:ef:b8:64:18:47:22:19:79:15:b2:00:f6:59:74:f0:
         17:38:42:0a:3f:09:a9:ac:84:3a:f2:f6:59:b8:e5:06:dd:8f:
         01:90:d2:0f:07:dc:eb:b6:81:e2:02:62:63:0c:b2:e7:c5:54:
         3b:e7:30:4d:2b:7b:9d:3a:5d:c9:7e:19:b4:d1:45:86:81:4a:
         28:17:d6:e7:37:cf:57:e7:74:92:88:53:e0:9e:68:19:5e:f3:
         88:f1:ca:ea:36:76:04:61:cb:79:98:d4:92:78:66:55:f8:7e:
         8c:ac:86:c9:69:6a:b5:80:07:27:34:aa:14:ba:d5:52:9c:31:
         c2:06:b3:a2:14:a6:9f:0a:85:e4:ad:fc:ce:8b:78:75:08:e3:
         29:a7:0b:c9:9f:a4:a8:1a:a6:c8:31:08:90:69:36:0a:6b:d6:
         2a:6b:f0:9b:72:dd:1f:1f:32:f0:1b:2e:f7:c8:3c:d7:34:bd:
         c5:ed:e9:2a:72:90:df:6e:77:43:95:66:d2:85:5d:ca:a2:b5:
         4e:9c:fd:3c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUfFmwdo9m64k4jmhCsAJ10uKT+4cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDExMjlaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDg3OTQ0NGU3ODA4NGQ4N2FlMDBlOGUzOTgyMTliZTIzYjBiZjlmYjY0NTEw
Y2U2NmQ0YTA3Nzk5OTkxZDc1ZGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJndUC5X6bVajSK/N+xZtaBWHLF9xWsP47EoIkLbsJkKPww5fXzZlhMqXCFR
1RF2o88j1IP3tG//cZCnxXjTGvJ6AiPchVD3kV9ZfuTxD2IEthlxX8oPH3YzDORI
XWaXw5JfW9q6SVizgQULTCcM8RaNyPR1AkmBaxrMX9MbG7ON3yLwwURHQuvYwkLI
vrtcEBtedRXGHMPY/qiawFRZEBqx8pSbrpiq5d9MkwCs5uQyzI1OVBZpTBWgue20
TN8Sdpu/gfaEIquhiBfouFZC6o18ANy0SU45yhF3x9/RFhZ2b8T8XaIyrUzZtw2L
FB49kNqT2MtvGfvuv5Aq5nI0BH0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSFtReZ
39mxT0M86k9NgrQr/6EoYDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjdhNDZlYTktYjQxNi00MjE4LWE3OTAtMjhjZjg0ZDcwMmNlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CYA
MA0GCSqGSIb3DQEBCwUAA4IBAQCbpxIMwsNhwdbDj6aOOLktA/bJjimW4kufySUe
vkc2L6ymhXhZaVCc7mqHfPGdoyPUDWleu+ezuxfvuGQYRyIZeRWyAPZZdPAXOEIK
PwmprIQ68vZZuOUG3Y8BkNIPB9zrtoHiAmJjDLLnxVQ75zBNK3udOl3Jfhm00UWG
gUooF9bnN89X53SSiFPgnmgZXvOI8crqNnYEYct5mNSSeGZV+H6MrIbJaWq1gAcn
NKoUutVSnDHCBrOiFKafCoXkrfzOi3h1COMppwvJn6SoGqbIMQiQaTYKa9Yqa/Cb
ct0fHzLwGy73yDzXNL3F7ekqcpDfbndDlWbShV3KorVOnP08
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:42 2025 by rpki-client