Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fd329ab5-ae5c-4b68-a4c6-b82f6ea29dd6.roa
File:                     fd329ab5-ae5c-4b68-a4c6-b82f6ea29dd6.roa (raw, json)
Hash identifier:          wNtiRdYQMEFlrBKeTa581hNjzd9JeoyVH01NVG5Q2mg=
Subject key identifier:   72:F5:7F:94:A5:08:38:27:48:CC:86:8F:B9:E4:D1:CA:C0:94:23:C3
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0B0AC188643490E2E6B9948831E16E43FBBCC08A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fd329ab5-ae5c-4b68-a4c6-b82f6ea29dd6.roa
Signing time:             Fri 26 Sep 2025 19:20:16 +0000
ROA not before:           Fri 26 Sep 2025 19:20:16 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2a05:d06f:5000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:0a:c1:88:64:34:90:e2:e6:b9:94:88:31:e1:6e:43:fb:bc:c0:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 19:20:16 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=1dda1fa0944231484fd6ee84f95e6c39d8fae1cd44174561797d8d54cc1dae95, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:5e:cd:92:ee:98:6e:69:49:e5:be:1d:a9:ff:
                    1c:1e:94:18:da:d5:95:bf:00:f4:48:11:37:86:34:
                    06:86:26:d5:0a:a9:87:e0:5a:01:ba:7e:8f:7d:7b:
                    d8:01:97:5b:dc:fc:6b:c2:d1:f2:d2:41:be:37:1f:
                    8b:cc:49:b1:f5:ce:60:fd:f9:0a:d0:d2:7d:d9:73:
                    cb:0a:08:97:57:11:9d:7b:d7:98:60:62:39:60:23:
                    9d:09:32:a3:ac:a4:b4:3b:c0:fa:14:1b:29:46:bf:
                    82:93:9a:61:fd:37:20:a7:29:69:87:64:51:cc:2b:
                    72:41:35:42:d2:73:cb:59:81:6d:62:18:75:96:4c:
                    47:82:aa:70:a1:37:1d:52:05:9f:d0:b0:96:98:51:
                    9e:61:6f:52:e4:68:9d:10:9b:a8:ca:c4:29:bb:16:
                    08:90:c5:f5:a4:0b:00:93:93:55:0e:9a:b4:f1:ce:
                    e5:e3:ff:fe:36:7e:9e:5b:ec:f8:cb:6d:08:7e:dd:
                    ce:0c:32:7f:cf:8f:09:e1:91:6e:4b:34:9f:38:22:
                    00:53:c5:7c:cb:96:b2:90:7f:54:70:0a:8a:c8:e5:
                    c2:ad:0e:2d:e3:d9:c0:a8:74:1d:f7:18:95:2f:67:
                    41:11:78:d7:59:2a:5c:d6:d7:a5:cd:bf:4e:f9:c6:
                    af:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:F5:7F:94:A5:08:38:27:48:CC:86:8F:B9:E4:D1:CA:C0:94:23:C3
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fd329ab5-ae5c-4b68-a4c6-b82f6ea29dd6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d06f:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         91:bf:ef:86:35:64:a5:da:06:12:3d:f8:02:e8:e9:ea:08:a0:
         79:d9:61:06:bd:f8:a9:9c:81:8d:97:b9:14:4c:7d:7d:61:51:
         f6:1b:a6:b2:a7:98:84:02:29:a4:80:31:9b:fc:a3:61:5a:d3:
         7c:a3:9b:ac:ba:4f:80:b6:80:d7:c0:ed:5e:b6:6a:0a:cc:27:
         d1:f0:ba:54:09:f6:f6:b9:13:75:1a:c4:e6:43:71:c7:d9:d2:
         b5:22:01:e8:99:61:49:36:18:a0:3f:4d:b3:74:9f:5f:3e:a4:
         a9:98:d1:ce:65:91:3c:0a:5e:36:da:78:5f:01:76:4e:42:9b:
         fb:c3:1e:23:24:68:01:9d:21:1a:1d:ea:55:ed:2b:16:d0:03:
         27:c3:65:9a:98:9c:65:5a:e0:a4:36:fa:64:34:87:5f:05:8d:
         8f:df:26:d6:8b:e9:cf:58:bf:d7:04:8f:d0:d4:1b:2a:75:d8:
         5a:5e:5b:4c:06:db:20:e7:9e:01:e5:0d:03:1a:eb:f9:5b:09:
         06:24:16:17:78:c2:6f:8d:48:dc:fa:f0:30:4b:26:91:fb:9c:
         09:f7:87:53:87:01:01:d5:05:04:79:5d:2a:bf:48:55:a8:6f:
         c3:c6:48:b5:74:d8:70:3c:5a:b7:db:62:5c:d2:31:2d:bd:0a:
         06:65:9d:41
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCwrBiGQ0kOLmuZSIMeFuQ/u8wIowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTIwMTZaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDFkZGExZmEwOTQ0MjMxNDg0ZmQ2ZWU4NGY5NWU2YzM5ZDhmYWUxY2Q0NDE3
NDU2MTc5N2Q4ZDU0Y2MxZGFlOTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOVezZLumG5pSeW+Han/HB6UGNrVlb8A9EgRN4Y0BoYm1Qqph+BaAbp+j317
2AGXW9z8a8LR8tJBvjcfi8xJsfXOYP35CtDSfdlzywoIl1cRnXvXmGBiOWAjnQky
o6yktDvA+hQbKUa/gpOaYf03IKcpaYdkUcwrckE1QtJzy1mBbWIYdZZMR4KqcKE3
HVIFn9CwlphRnmFvUuRonRCbqMrEKbsWCJDF9aQLAJOTVQ6atPHO5eP//jZ+nlvs
+MttCH7dzgwyf8+PCeGRbks0nzgiAFPFfMuWspB/VHAKisjlwq0OLePZwKh0HfcY
lS9nQRF411kqXNbXpc2/TvnGrwUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRy9X+U
pQg4J0jMho+55NHKwJQjwzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmQzMjlhYjUtYWU1Yy00YjY4LWE0YzYtYjgyZjZlYTI5ZGQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G9Q
MA0GCSqGSIb3DQEBCwUAA4IBAQCRv++GNWSl2gYSPfgC6OnqCKB52WEGvfipnIGN
l7kUTH19YVH2G6ayp5iEAimkgDGb/KNhWtN8o5usuk+AtoDXwO1etmoKzCfR8LpU
Cfb2uRN1GsTmQ3HH2dK1IgHomWFJNhigP02zdJ9fPqSpmNHOZZE8Cl422nhfAXZO
Qpv7wx4jJGgBnSEaHepV7SsW0AMnw2WamJxlWuCkNvpkNIdfBY2P3ybWi+nPWL/X
BI/Q1BsqddhaXltMBtsg554B5Q0DGuv5WwkGJBYXeMJvjUjc+vAwSyaR+5wJ94dT
hwEB1QUEeV0qv0hVqG/Dxki1dNhwPFq322Jc0jEtvQoGZZ1B
-----END CERTIFICATE-----
Generated at Mon Oct 20 06:43:08 2025 by rpki-client