Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f9753974-947c-42c4-885b-aa94c43c56a0.roa
File:                     f9753974-947c-42c4-885b-aa94c43c56a0.roa (raw, json)
Hash identifier:          kJpda6R/IOfqtazu00MyZKpH5mWMT6h/9YpidZucHpE=
Subject key identifier:   4A:F4:A0:F3:CD:25:1E:79:01:A1:B0:82:CC:E1:72:23:07:44:9D:D5
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5B5EE57D4159C89301EDB1957C7B8E2447CC8026
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f9753974-947c-42c4-885b-aa94c43c56a0.roa
Signing time:             Fri 26 Sep 2025 18:20:07 +0000
ROA not before:           Fri 26 Sep 2025 18:20:07 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:a0c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:5e:e5:7d:41:59:c8:93:01:ed:b1:95:7c:7b:8e:24:47:cc:80:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:20:07 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=20f5f08aec61d04dd980a4ac23cbc99c48eb5252223521bcb8c110795fac49a8, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ef:ee:4f:d4:2b:f1:d2:a5:09:94:62:66:38:
                    fd:6b:93:50:bf:6a:64:16:57:58:57:15:59:95:3e:
                    d3:2d:14:e2:2b:2f:d1:e9:99:00:a0:ae:9b:e9:c0:
                    09:2b:17:e8:d4:9c:76:16:e1:9c:c7:5f:8d:87:ed:
                    e4:16:b2:6e:b1:25:3a:98:19:6b:92:0a:fa:03:ef:
                    63:c1:62:48:23:75:f2:c0:80:e3:a7:77:34:91:37:
                    41:5a:92:69:32:ea:7f:c5:7f:2b:ce:72:25:b5:44:
                    6a:7f:dd:16:ff:ca:1a:80:fd:ac:ec:c1:92:62:4c:
                    58:c4:a5:fc:c9:8a:5c:11:50:9f:48:1e:df:6d:a6:
                    4e:d1:4a:6c:a4:52:14:ce:85:eb:2b:73:07:ab:2e:
                    4b:ff:15:0b:9c:f0:26:73:40:88:7a:12:d8:73:d2:
                    49:42:71:04:c9:49:1f:46:f4:bd:3e:20:bc:1a:0f:
                    1e:26:45:6d:a1:02:54:17:e2:3a:8d:e2:99:e1:21:
                    1e:11:a3:d7:21:8a:d4:97:0f:ac:53:2b:49:7f:4c:
                    5f:a7:26:fc:1d:2c:94:28:61:76:b0:3e:31:27:22:
                    8b:eb:38:45:cc:ea:08:53:88:39:a9:a6:1b:66:91:
                    47:b5:77:c9:35:e4:3d:9f:c8:21:cc:90:3d:1b:21:
                    45:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:F4:A0:F3:CD:25:1E:79:01:A1:B0:82:CC:E1:72:23:07:44:9D:D5
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f9753974-947c-42c4-885b-aa94c43c56a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:a0c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:bb:07:24:76:50:22:7e:15:05:22:21:35:05:e1:38:b6:4f:
         dc:1a:04:42:78:06:60:ff:90:54:89:a2:a6:4d:f1:9e:6a:77:
         bb:88:4b:85:31:3e:cc:f9:07:2a:b0:ec:4b:cc:82:0c:4a:c1:
         f0:d3:2d:a1:75:20:19:1b:52:a9:32:59:9d:36:a2:be:6c:db:
         de:02:b7:cc:40:20:be:4d:21:9e:69:8c:2c:69:8d:ad:89:13:
         cb:37:60:ac:74:a1:57:7b:2b:ce:3c:10:82:90:ac:0d:e9:d6:
         26:17:9a:9a:c5:87:7a:e3:8a:11:a6:a7:46:4e:11:ed:7f:73:
         fe:c8:62:c6:5d:af:78:bb:81:8f:41:45:01:0e:56:79:80:f2:
         11:ed:70:12:e0:e4:13:a7:a3:17:59:3c:21:d2:4c:37:9a:9f:
         ed:e4:57:c1:14:4f:60:08:15:eb:a9:05:4a:35:c1:3c:87:00:
         83:d9:48:cf:a6:3f:4c:f3:d7:ad:20:cb:53:5b:86:8b:8d:43:
         14:bf:81:f0:15:fa:04:2e:5f:4c:66:92:f8:2d:9a:ec:36:bc:
         3f:7e:7b:4c:6e:40:e3:9f:ac:ec:af:65:a5:a3:2c:13:15:91:
         94:51:9c:ae:76:e5:8a:6a:52:cd:e4:c4:69:14:43:89:b1:a9:
         ed:ae:a9:d5
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUW17lfUFZyJMB7bGVfHuOJEfMgCYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODIwMDdaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDIwZjVmMDhhZWM2MWQwNGRkOTgwYTRhYzIzY2JjOTljNDhlYjUyNTIyMjM1
MjFiY2I4YzExMDc5NWZhYzQ5YTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIrv7k/UK/HSpQmUYmY4/WuTUL9qZBZXWFcVWZU+0y0U4isv0emZAKCum+nA
CSsX6NScdhbhnMdfjYft5BaybrElOpgZa5IK+gPvY8FiSCN18sCA46d3NJE3QVqS
aTLqf8V/K85yJbVEan/dFv/KGoD9rOzBkmJMWMSl/MmKXBFQn0ge322mTtFKbKRS
FM6F6ytzB6suS/8VC5zwJnNAiHoS2HPSSUJxBMlJH0b0vT4gvBoPHiZFbaECVBfi
Oo3imeEhHhGj1yGK1JcPrFMrSX9MX6cm/B0slChhdrA+MScii+s4RczqCFOIOamm
G2aRR7V3yTXkPZ/IIcyQPRshRW8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRK9KDz
zSUeeQGhsILM4XIjB0Sd1TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Zjk3NTM5NzQtOTQ3Yy00MmM0LTg4NWItYWE5NGM0M2M1NmEwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+g
wDANBgkqhkiG9w0BAQsFAAOCAQEADrsHJHZQIn4VBSIhNQXhOLZP3BoEQngGYP+Q
VImipk3xnmp3u4hLhTE+zPkHKrDsS8yCDErB8NMtoXUgGRtSqTJZnTaivmzb3gK3
zEAgvk0hnmmMLGmNrYkTyzdgrHShV3srzjwQgpCsDenWJheamsWHeuOKEaanRk4R
7X9z/shixl2veLuBj0FFAQ5WeYDyEe1wEuDkE6ejF1k8IdJMN5qf7eRXwRRPYAgV
66kFSjXBPIcAg9lIz6Y/TPPXrSDLU1uGi41DFL+B8BX6BC5fTGaS+C2a7Da8P357
TG5A45+s7K9lpaMsExWRlFGcrnblimpSzeTEaRRDibGp7a6p1Q==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:13 2025 by rpki-client