Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fec4786d-f73f-4e64-99a3-0377bdf5c566.roa
File:                     fec4786d-f73f-4e64-99a3-0377bdf5c566.roa (raw, json)
Hash identifier:          ShMXpiRnLvG1T9wuBoPFT8xeONYT3d+Qm85fFlryldE=
Subject key identifier:   FE:F5:BA:7F:F4:38:9A:94:EE:20:42:B1:1A:5C:96:29:CD:2B:10:3E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       78939AB23030CA8B2D2E892B8C3D3777C9C3EE2E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fec4786d-f73f-4e64-99a3-0377bdf5c566.roa
Signing time:             Fri 26 Sep 2025 20:10:03 +0000
ROA not before:           Fri 26 Sep 2025 20:10:03 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d02e::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:93:9a:b2:30:30:ca:8b:2d:2e:89:2b:8c:3d:37:77:c9:c3:ee:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep 26 20:10:03 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=335c08b66ecb4c108c46d0dbf6cae639e830508bd29ac8a3232d337454421cf4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:dc:0c:1c:e7:19:55:be:42:ce:39:98:71:de:
                    0d:65:de:86:a7:49:50:13:0a:0f:5f:93:d1:14:b4:
                    27:a8:d2:5c:94:1f:5c:4c:b8:c1:a0:61:48:04:14:
                    03:17:86:41:e5:21:ef:a8:92:17:00:dd:08:50:5a:
                    cf:d2:5a:3a:c1:63:76:13:0f:09:aa:c1:44:9d:7f:
                    b3:01:d5:b8:ad:0d:31:3b:7f:bc:55:c5:a8:0d:8e:
                    53:36:fa:b9:fe:c7:17:1d:df:2b:98:ab:ca:57:a6:
                    80:87:14:09:97:bb:28:2e:ec:42:13:ba:8a:5d:77:
                    07:98:b4:50:2b:78:88:2f:55:06:2f:96:07:f5:b7:
                    0e:3b:64:8a:ad:e3:ae:29:cc:9a:c9:81:0e:20:29:
                    1e:bf:f9:78:1d:ba:71:66:d1:f0:8b:3a:c2:24:a2:
                    f9:22:f6:4f:a1:f8:41:69:a6:9b:02:2b:32:4d:10:
                    2c:fc:05:ae:18:25:d3:6f:0b:3b:1b:ae:86:c6:a3:
                    ef:f0:a9:77:c1:38:dd:bd:9e:3d:54:5a:50:fc:0a:
                    50:84:70:4b:63:93:72:aa:d4:29:7a:fd:81:85:69:
                    25:08:a0:c8:ca:ec:c8:6e:27:5e:5e:e2:50:5a:39:
                    5c:d7:e4:7b:06:26:b7:ef:af:08:8c:3e:06:45:e0:
                    3b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:F5:BA:7F:F4:38:9A:94:EE:20:42:B1:1A:5C:96:29:CD:2B:10:3E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fec4786d-f73f-4e64-99a3-0377bdf5c566.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d02e::/36

    Signature Algorithm: sha256WithRSAEncryption
         4d:aa:27:d2:da:fd:37:ba:ab:dd:b2:05:e3:bc:43:9f:64:ff:
         18:eb:bd:5b:b8:53:99:96:04:71:b2:46:61:04:ba:0b:f0:ed:
         a4:af:2b:af:3d:fe:96:f1:30:a7:c9:50:05:fa:e9:0e:f5:c0:
         3a:33:c5:80:c3:df:9f:96:4a:4d:b2:c5:10:94:b0:b2:91:3d:
         6d:fa:5d:15:91:ca:1f:fe:84:58:3a:87:6e:f9:bb:33:fd:33:
         15:e8:bd:e5:d2:88:fa:31:1a:a1:a6:a8:80:c4:dc:ce:94:4b:
         dc:7f:86:8a:6a:1c:55:6b:10:08:39:97:e6:55:84:2a:da:cc:
         fa:72:92:26:32:16:29:2a:5e:63:1a:69:4f:59:a1:69:66:c4:
         1c:af:e3:36:58:b8:fb:e3:99:69:3b:2a:9c:1a:bf:27:ed:f7:
         ea:1a:62:62:60:9e:37:32:4c:7c:4a:6d:f9:e1:19:35:02:4d:
         d6:81:73:6d:58:0c:83:89:f6:95:b0:14:dc:79:d4:6a:58:6e:
         dc:2c:ad:e0:fd:75:cd:4a:65:dd:09:eb:03:92:d1:30:ab:9f:
         05:70:e6:e2:49:b7:f8:65:2f:3b:16:3c:14:e5:30:40:3c:7e:
         33:2e:e6:68:8e:25:f0:e5:d6:2e:7c:6b:f2:f8:bf:10:9f:2f:
         70:dd:f7:72
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUeJOasjAwyostLokrjD03d8nD7i4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDEwMDNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDMzNWMwOGI2NmVjYjRjMTA4YzQ2ZDBkYmY2Y2FlNjM5ZTgzMDUwOGJkMjlh
YzhhMzIzMmQzMzc0NTQ0MjFjZjQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKDcDBznGVW+Qs45mHHeDWXehqdJUBMKD1+T0RS0J6jSXJQfXEy4waBhSAQU
AxeGQeUh76iSFwDdCFBaz9JaOsFjdhMPCarBRJ1/swHVuK0NMTt/vFXFqA2OUzb6
uf7HFx3fK5irylemgIcUCZe7KC7sQhO6il13B5i0UCt4iC9VBi+WB/W3Djtkiq3j
rinMmsmBDiApHr/5eB26cWbR8Is6wiSi+SL2T6H4QWmmmwIrMk0QLPwFrhgl028L
Oxuuhsaj7/Cpd8E43b2ePVRaUPwKUIRwS2OTcqrUKXr9gYVpJQigyMrsyG4nXl7i
UFo5XNfkewYmt++vCIw+BkXgO88CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT+9bp/
9DialO4gQrEaXJYpzSsQPjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmVjNDc4NmQtZjczZi00ZTY0LTk5YTMtMDM3N2JkZjVjNTY2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0C4A
MA0GCSqGSIb3DQEBCwUAA4IBAQBNqifS2v03uqvdsgXjvEOfZP8Y671buFOZlgRx
skZhBLoL8O2kryuvPf6W8TCnyVAF+ukO9cA6M8WAw9+flkpNssUQlLCykT1t+l0V
kcof/oRYOodu+bsz/TMV6L3l0oj6MRqhpqiAxNzOlEvcf4aKahxVaxAIOZfmVYQq
2sz6cpImMhYpKl5jGmlPWaFpZsQcr+M2WLj745lpOyqcGr8n7ffqGmJiYJ43Mkx8
Sm354Rk1Ak3WgXNtWAyDifaVsBTcedRqWG7cLK3g/XXNSmXdCesDktEwq58FcObi
Sbf4ZS87FjwU5TBAPH4zLuZojiXw5dYufGvy+L8Qny9w3fdy
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:17 2025 by rpki-client