Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f7fccc2a-aa8a-4cbc-89d7-d6a8ca121ba0.roa
File:                     f7fccc2a-aa8a-4cbc-89d7-d6a8ca121ba0.roa (raw, json)
Hash identifier:          eAfFLgzyerMcPA6Z6r9IGB5HgF3kw6Cf5BNVGn2ItOU=
Subject key identifier:   93:44:A6:EA:C3:18:10:9A:74:24:E0:59:7B:D7:81:8F:D8:3C:2A:A9
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5DDDB24261C339060376B321B63F25B73D903E6F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f7fccc2a-aa8a-4cbc-89d7-d6a8ca121ba0.roa
Signing time:             Fri 26 Sep 2025 20:00:11 +0000
ROA not before:           Fri 26 Sep 2025 20:00:11 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d019::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:dd:b2:42:61:c3:39:06:03:76:b3:21:b6:3f:25:b7:3d:90:3e:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 20:00:11 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=0d952d23b57d8386507858e0b804bfd34c2d8435ed99e2013d527d1416ce8d89, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a9:cc:ce:1c:37:35:db:64:da:98:d8:d9:ad:
                    b6:0b:11:6a:b5:74:f5:dc:73:8a:f2:a3:d7:29:c0:
                    d2:05:3b:5d:a3:05:e3:55:8a:44:36:e9:e3:bb:28:
                    f8:2a:1b:6b:73:e4:4f:5a:b1:a6:21:ce:92:b4:81:
                    a9:81:be:c7:db:fb:98:30:6f:ee:8a:8c:b3:67:55:
                    bb:d5:6f:92:66:04:f4:bf:97:65:43:f7:06:11:3d:
                    96:d9:f8:60:a4:f2:72:ff:5a:ae:39:4a:9e:93:e8:
                    6b:38:45:92:25:b0:c6:5d:02:19:92:ce:16:1e:d3:
                    05:8a:9c:2b:3c:d3:79:11:93:40:b2:d5:09:00:00:
                    33:f1:b0:c0:b1:6b:4c:4b:c0:be:ef:70:ae:01:73:
                    cf:83:70:46:9f:a8:71:8d:3d:1b:fe:6b:03:db:0f:
                    4c:cb:99:f4:4c:21:2a:f4:29:0c:c7:4e:a7:66:ec:
                    72:29:fc:ba:5d:70:72:42:6f:cc:47:cc:38:8c:ae:
                    03:43:e5:e8:4a:65:ab:11:ca:37:0d:a6:99:2e:9a:
                    de:e7:7b:3c:08:4f:2e:41:30:65:08:ee:0b:a9:ac:
                    68:57:94:2f:ca:c8:2d:e4:8e:cd:9d:8c:16:af:12:
                    c4:8e:96:a5:42:21:2c:d3:d3:1f:95:1b:f1:bb:2f:
                    6e:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:44:A6:EA:C3:18:10:9A:74:24:E0:59:7B:D7:81:8F:D8:3C:2A:A9
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f7fccc2a-aa8a-4cbc-89d7-d6a8ca121ba0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d019::/36

    Signature Algorithm: sha256WithRSAEncryption
         89:c3:c1:ff:c2:c3:86:39:6d:8c:d3:1b:6d:47:1e:10:ae:2e:
         25:0f:f6:af:36:38:75:2b:0c:6d:81:c0:cd:2e:fd:46:4e:33:
         95:29:5e:e2:5e:f9:54:be:2b:8c:2f:65:c1:1d:0e:7b:65:05:
         5c:d6:5a:e1:72:7b:18:6f:a8:5e:1f:46:f8:85:e6:b9:4b:34:
         c1:1a:00:78:1e:90:ae:ce:7e:9e:bc:af:01:2a:ed:a2:d8:37:
         87:18:73:e7:29:34:1b:e2:34:15:45:c3:c0:32:71:a4:27:9d:
         cf:39:c7:25:5f:0a:f0:30:c6:45:02:75:fe:3b:5a:63:e4:18:
         3f:a9:6e:46:a0:18:83:09:82:3d:01:08:48:ca:3e:5f:b0:17:
         c3:05:05:fb:ed:70:5f:71:58:0b:5c:af:4b:58:e0:25:6f:4f:
         25:71:c5:99:79:9d:c7:c3:96:60:df:0b:25:f8:d1:c0:1d:5d:
         0c:27:c7:f6:53:e6:18:8f:4f:80:66:d9:c9:59:d1:74:75:91:
         e4:e5:51:c3:68:14:3f:93:4f:67:2b:d8:03:85:ed:6c:86:4e:
         cf:15:c7:00:7a:47:91:0a:97:67:9c:60:2c:b9:2e:b1:5c:f9:
         42:ca:d3:22:9e:29:37:98:0f:f3:a7:02:0c:82:1a:6d:cd:34:
         8c:71:0d:bb
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXd2yQmHDOQYDdrMhtj8ltz2QPm8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDAwMTFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDBkOTUyZDIzYjU3ZDgzODY1MDc4NThlMGI4MDRiZmQzNGMyZDg0MzVlZDk5
ZTIwMTNkNTI3ZDE0MTZjZThkODkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKupzM4cNzXbZNqY2NmttgsRarV09dxzivKj1ynA0gU7XaMF41WKRDbp47so
+Coba3PkT1qxpiHOkrSBqYG+x9v7mDBv7oqMs2dVu9VvkmYE9L+XZUP3BhE9ltn4
YKTycv9arjlKnpPoazhFkiWwxl0CGZLOFh7TBYqcKzzTeRGTQLLVCQAAM/GwwLFr
TEvAvu9wrgFzz4NwRp+ocY09G/5rA9sPTMuZ9EwhKvQpDMdOp2bscin8ul1wckJv
zEfMOIyuA0Pl6EplqxHKNw2mmS6a3ud7PAhPLkEwZQjuC6msaFeUL8rILeSOzZ2M
Fq8SxI6WpUIhLNPTH5Ub8bsvbh8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSTRKbq
wxgQmnQk4Fl714GP2DwqqTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjdmY2NjMmEtYWE4YS00Y2JjLTg5ZDctZDZhOGNhMTIxYmEwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0BkA
MA0GCSqGSIb3DQEBCwUAA4IBAQCJw8H/wsOGOW2M0xttRx4Qri4lD/avNjh1Kwxt
gcDNLv1GTjOVKV7iXvlUviuML2XBHQ57ZQVc1lrhcnsYb6heH0b4hea5SzTBGgB4
HpCuzn6evK8BKu2i2DeHGHPnKTQb4jQVRcPAMnGkJ53POcclXwrwMMZFAnX+O1pj
5Bg/qW5GoBiDCYI9AQhIyj5fsBfDBQX77XBfcVgLXK9LWOAlb08lccWZeZ3Hw5Zg
3wsl+NHAHV0MJ8f2U+YYj0+AZtnJWdF0dZHk5VHDaBQ/k09nK9gDhe1shk7PFccA
ekeRCpdnnGAsuS6xXPlCytMinik3mA/zpwIMghptzTSMcQ27
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:17 2025 by rpki-client