Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc40321f-72c2-43a4-8c42-0e935f8f1943.roa
File:                     fc40321f-72c2-43a4-8c42-0e935f8f1943.roa (raw, json)
Hash identifier:          JSJzU0T1N+AYy+Z9T2+UQaa5UNwrbsbeT+HVMliGChQ=
Subject key identifier:   04:FB:18:2C:16:AA:EF:E9:CB:95:CD:BB:65:BC:58:86:2D:AD:45:1D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       15FF0A29AC3904C82CD4B81DB2D0DC816B898903
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc40321f-72c2-43a4-8c42-0e935f8f1943.roa
Signing time:             Fri 26 Sep 2025 18:50:07 +0000
ROA not before:           Fri 26 Sep 2025 18:50:07 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:20c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:ff:0a:29:ac:39:04:c8:2c:d4:b8:1d:b2:d0:dc:81:6b:89:89:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 18:50:07 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=da14ccce9528cecdfda7f52e4ee1fc23da0b7dca5afe5becac02ecc635f70e87, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:dd:ce:9a:f2:96:37:87:bb:0d:7d:f7:32:8c:
                    3a:17:b9:5e:12:bb:89:40:c4:94:03:b2:9e:e0:4d:
                    15:91:52:86:48:86:39:f7:43:68:b3:ae:f1:96:e2:
                    82:e9:e1:91:e0:ed:6e:d2:49:57:08:73:04:77:b8:
                    53:2a:43:af:47:75:b6:7b:7a:d7:4d:f6:d5:a7:b0:
                    91:32:87:69:28:80:6c:06:dc:f9:64:3a:5f:42:2f:
                    4c:f6:0d:2d:dc:5f:47:b4:79:68:bf:96:0a:0d:99:
                    fe:3b:8b:fd:a5:cc:94:5c:f6:0f:d8:86:17:59:df:
                    92:a4:c2:28:07:e4:04:3e:a4:9c:59:9b:04:9f:ba:
                    48:57:b9:d8:31:3c:b1:4d:fd:c9:4d:d2:7c:96:e6:
                    de:a3:00:f4:59:63:b9:85:33:c4:26:b5:68:ec:49:
                    56:6b:55:bb:47:94:9c:33:7e:87:c6:51:9c:bc:eb:
                    15:1d:e3:85:85:f5:e2:1a:11:34:2a:3e:93:78:bb:
                    30:1b:3e:15:6e:08:97:69:eb:6e:26:26:a0:4a:c3:
                    12:e7:53:15:f3:d2:56:ba:da:8f:ca:e5:9e:ba:4c:
                    2f:38:7f:8b:d4:b8:51:39:99:d2:12:b4:85:10:e7:
                    bd:5a:3b:5d:be:3f:bf:5f:db:62:d6:1e:d4:9d:bd:
                    c9:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:FB:18:2C:16:AA:EF:E9:CB:95:CD:BB:65:BC:58:86:2D:AD:45:1D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc40321f-72c2-43a4-8c42-0e935f8f1943.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:20c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:34:89:87:c4:8e:c8:32:db:68:81:60:15:f5:d1:2d:80:cd:
         87:a7:f8:8e:c6:67:8b:7c:67:7a:79:0d:44:90:80:0d:3b:1b:
         2c:29:d8:52:04:45:47:4f:bb:2d:67:1d:6a:d8:08:d9:55:55:
         49:e6:97:35:e2:71:f3:84:56:f9:bb:0c:d9:86:df:4c:91:31:
         6e:7b:c8:18:b8:6c:f9:51:11:99:66:dd:7d:2b:2a:d9:c1:de:
         25:4f:33:5c:e8:ce:fb:05:b0:cc:cc:54:ab:a9:c3:b7:91:cf:
         86:1e:8a:1c:ae:47:61:1d:bc:b1:5b:69:5c:9c:17:92:c6:61:
         d3:ca:ad:d5:c3:40:85:d6:b1:e3:d4:d8:7b:8a:4a:20:5a:27:
         55:0b:96:88:f4:8f:8e:a1:74:e1:9d:8e:04:a1:ee:24:1e:b6:
         8a:dc:cd:93:27:e5:5d:f0:42:f9:a3:4f:56:5b:c6:28:80:a2:
         57:a8:ff:e6:14:26:75:26:56:9c:06:53:8c:96:00:f6:12:a5:
         57:ec:db:7b:b6:1a:5d:11:04:63:15:6c:7c:73:ca:cd:af:eb:
         a2:70:90:07:22:89:11:9c:da:92:5e:40:a6:df:f2:d3:96:c7:
         fb:e1:3f:6f:13:19:d4:16:38:22:db:15:4e:c7:ff:f3:e4:0c:
         35:6b:1e:52
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUFf8KKaw5BMgs1LgdstDcgWuJiQMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODUwMDdaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGRhMTRjY2NlOTUyOGNlY2RmZGE3ZjUyZTRlZTFmYzIzZGEwYjdkY2E1YWZl
NWJlY2FjMDJlY2M2MzVmNzBlODcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK/dzpryljeHuw199zKMOhe5XhK7iUDElAOynuBNFZFShkiGOfdDaLOu8Zbi
gunhkeDtbtJJVwhzBHe4UypDr0d1tnt610321aewkTKHaSiAbAbc+WQ6X0IvTPYN
LdxfR7R5aL+WCg2Z/juL/aXMlFz2D9iGF1nfkqTCKAfkBD6knFmbBJ+6SFe52DE8
sU39yU3SfJbm3qMA9FljuYUzxCa1aOxJVmtVu0eUnDN+h8ZRnLzrFR3jhYX14hoR
NCo+k3i7MBs+FW4Il2nrbiYmoErDEudTFfPSVrraj8rlnrpMLzh/i9S4UTmZ0hK0
hRDnvVo7Xb4/v1/bYtYe1J29yaUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQE+xgs
Fqrv6cuVzbtlvFiGLa1FHTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmM0MDMyMWYtNzJjMi00M2E0LThjNDItMGU5MzVmOGYxOTQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0AAg
wDANBgkqhkiG9w0BAQsFAAOCAQEAjDSJh8SOyDLbaIFgFfXRLYDNh6f4jsZni3xn
enkNRJCADTsbLCnYUgRFR0+7LWcdatgI2VVVSeaXNeJx84RW+bsM2YbfTJExbnvI
GLhs+VERmWbdfSsq2cHeJU8zXOjO+wWwzMxUq6nDt5HPhh6KHK5HYR28sVtpXJwX
ksZh08qt1cNAhdax49TYe4pKIFonVQuWiPSPjqF04Z2OBKHuJB62itzNkyflXfBC
+aNPVlvGKICiV6j/5hQmdSZWnAZTjJYA9hKlV+zbe7YaXREEYxVsfHPKza/ronCQ
ByKJEZzakl5Apt/y05bH++E/bxMZ1BY4ItsVTsf/8+QMNWseUg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:43 2025 by rpki-client