Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ff4816c3-2e55-42d8-a2fa-8e7ac7375d0e.roa
File:                     ff4816c3-2e55-42d8-a2fa-8e7ac7375d0e.roa (raw, json)
Hash identifier:          fDFnuDoA+hEtw2b6Jh6Lt59ETpfipZEcI/0mUhJh3Ak=
Subject key identifier:   1A:A5:7D:EA:03:85:96:7A:C6:4F:ED:AD:C9:B4:A7:F4:3C:94:20:32
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5897C278E4D6138F8009E1535D6CE100328AC43F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ff4816c3-2e55-42d8-a2fa-8e7ac7375d0e.roa
Signing time:             Fri 10 Oct 2025 17:04:20 +0000
ROA not before:           Fri 10 Oct 2025 17:04:20 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2a05:d074:a000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:97:c2:78:e4:d6:13:8f:80:09:e1:53:5d:6c:e1:00:32:8a:c4:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 10 17:04:20 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=35f350806bc15c0fe3ed855587cfa4f0062a698aaaa3a63edd8943873259fcaf, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:95:39:8b:68:7d:7d:61:77:38:37:0a:22:ce:
                    7a:9b:26:bb:7a:a6:27:14:4c:d6:2c:77:07:5d:41:
                    b2:70:4a:52:12:be:6d:48:85:04:8d:21:69:09:48:
                    09:68:ad:5c:63:6b:86:9c:6f:87:3e:78:c3:fc:68:
                    64:3d:aa:f8:96:33:67:9e:0d:9e:05:25:c7:60:84:
                    98:87:92:d1:31:43:6a:60:86:df:a0:d7:56:9f:da:
                    51:26:84:dd:01:9d:fd:33:f2:ca:ea:d0:59:a9:27:
                    71:3b:46:5c:87:fd:74:a5:f0:88:a0:10:84:de:e7:
                    3f:13:f6:47:10:6d:98:b5:41:11:90:e1:ce:64:cf:
                    69:0c:d9:73:25:6f:e2:31:0d:77:5e:98:df:54:71:
                    93:ee:d9:cb:f3:eb:3a:0f:6a:c7:70:ef:79:4a:dd:
                    a6:1d:b0:f2:a4:ec:6c:4f:af:c6:8a:ff:17:c8:c9:
                    5f:2e:25:d5:14:3d:2e:37:b7:5f:48:c0:93:21:1a:
                    34:cd:7e:01:ec:90:be:1a:73:23:8d:37:fe:a8:fa:
                    df:9e:5b:0e:77:bf:f9:e3:17:af:8a:fc:8d:95:76:
                    87:b4:cf:8a:e0:00:64:58:de:ad:df:b0:00:aa:c5:
                    9a:55:7e:d9:21:3b:a4:e6:ea:14:21:f2:74:dd:02:
                    c0:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:A5:7D:EA:03:85:96:7A:C6:4F:ED:AD:C9:B4:A7:F4:3C:94:20:32
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ff4816c3-2e55-42d8-a2fa-8e7ac7375d0e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d074:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:d7:4e:b6:18:35:cb:9d:b2:7f:36:3d:b8:2a:72:11:83:5a:
         5b:42:ec:a4:e4:cd:78:80:5c:54:3f:9c:9c:9e:64:ce:fc:3e:
         71:f9:81:f5:74:e7:1d:cf:cc:93:f0:eb:37:bb:db:72:cd:ad:
         e9:c6:7f:5e:66:5a:b9:93:18:bb:c4:aa:8a:1b:7f:ac:92:65:
         a5:97:2c:0f:5d:37:ce:c8:bb:09:50:fb:cc:49:b8:e2:d4:e9:
         74:c5:f6:8c:b2:d2:1a:d4:01:6c:6b:d5:35:e5:6b:44:d3:c3:
         f0:37:d1:5a:81:83:a5:8a:a7:82:6b:a1:18:b5:8d:07:17:64:
         d5:2d:75:61:e4:d7:b4:d6:a9:57:39:7c:49:7d:58:a2:c5:75:
         f0:9e:6d:1a:8d:00:43:1b:3d:64:6c:32:83:8b:a2:ed:93:74:
         45:87:22:b0:51:3d:ca:5f:3e:75:d7:44:e3:4f:d2:8a:66:0c:
         85:06:9b:78:a2:a7:e0:e8:70:42:41:e4:4c:39:54:1d:c1:51:
         a4:2c:d7:1d:1d:a0:03:8a:bc:9c:f5:98:48:7a:53:47:75:97:
         f7:05:b0:40:db:a5:7c:ba:8c:6f:0e:42:9f:43:db:36:5f:e7:
         61:11:e2:c3:46:7e:94:82:3e:aa:ec:08:e7:f1:ea:b5:81:7e:
         05:62:85:c3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUWJfCeOTWE4+ACeFTXWzhADKKxD8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzA0MjBaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDM1ZjM1MDgwNmJjMTVjMGZlM2VkODU1NTg3Y2ZhNGYwMDYyYTY5OGFhYWEz
YTYzZWRkODk0Mzg3MzI1OWZjYWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK+VOYtofX1hdzg3CiLOepsmu3qmJxRM1ix3B11BsnBKUhK+bUiFBI0haQlI
CWitXGNrhpxvhz54w/xoZD2q+JYzZ54NngUlx2CEmIeS0TFDamCG36DXVp/aUSaE
3QGd/TPyyurQWakncTtGXIf9dKXwiKAQhN7nPxP2RxBtmLVBEZDhzmTPaQzZcyVv
4jENd16Y31Rxk+7Zy/PrOg9qx3DveUrdph2w8qTsbE+vxor/F8jJXy4l1RQ9Lje3
X0jAkyEaNM1+AeyQvhpzI403/qj6355bDne/+eMXr4r8jZV2h7TPiuAAZFjerd+w
AKrFmlV+2SE7pObqFCHydN0CwKECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQapX3q
A4WWesZP7a3JtKf0PJQgMjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmY0ODE2YzMtMmU1NS00MmQ4LWEyZmEtOGU3YWM3Mzc1ZDBlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HSg
MA0GCSqGSIb3DQEBCwUAA4IBAQAk1062GDXLnbJ/Nj24KnIRg1pbQuyk5M14gFxU
P5ycnmTO/D5x+YH1dOcdz8yT8Os3u9tyza3pxn9eZlq5kxi7xKqKG3+skmWllywP
XTfOyLsJUPvMSbji1Ol0xfaMstIa1AFsa9U15WtE08PwN9FagYOliqeCa6EYtY0H
F2TVLXVh5Ne01qlXOXxJfViixXXwnm0ajQBDGz1kbDKDi6Ltk3RFhyKwUT3KXz51
10TjT9KKZgyFBpt4oqfg6HBCQeRMOVQdwVGkLNcdHaADiryc9ZhIelNHdZf3BbBA
26V8uoxvDkKfQ9s2X+dhEeLDRn6Ugj6q7Ajn8eq1gX4FYoXD
-----END CERTIFICATE-----
Generated at Mon Oct 20 11:47:06 2025 by rpki-client