Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/533769c8-002c-491c-9b99-324fe9f5743c.roa
File:                     533769c8-002c-491c-9b99-324fe9f5743c.roa (raw, json)
Hash identifier:          UW8GMUCxGY0pQd2TYQ6Mal3Enu2840038No0EkXoKA4=
Subject key identifier:   C3:58:AE:DA:CE:EC:43:13:1A:70:95:74:64:63:C1:AA:A0:87:A6:9D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       69F2AEDC2BD2A18392E47E248ECD10978F27761C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/533769c8-002c-491c-9b99-324fe9f5743c.roa
Signing time:             Mon 01 Sep 2025 21:21:05 +0000
ROA not before:           Mon 01 Sep 2025 21:21:05 +0000
ROA not after:            Mon 06 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d022::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 10:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:f2:ae:dc:2b:d2:a1:83:92:e4:7e:24:8e:cd:10:97:8f:27:76:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep  1 21:21:05 2025 GMT
            Not After : Oct  6 23:59:59 2025 GMT
        Subject: serialNumber=3ddaf8e649eea10e2beb7501524ffc7eb5da4d36dddfce40b9bd6a0399b24fe9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:8a:17:88:33:4d:4f:95:8c:ce:10:7f:3b:bf:
                    87:4e:90:da:c3:a3:6d:dd:b6:3d:d5:fd:dc:04:1b:
                    9d:e0:9a:cb:74:cd:46:58:1d:63:9f:5b:15:9e:fd:
                    26:af:2a:0b:d6:a9:30:4d:29:36:e2:df:44:6f:91:
                    59:08:50:ec:e1:2d:f1:a4:c9:a0:f5:f0:22:1e:4f:
                    5f:40:76:91:1a:49:66:df:1a:ce:98:1a:56:7f:5d:
                    78:99:29:59:b5:88:f0:76:8d:e7:6a:81:84:fd:30:
                    2e:ca:34:4d:3c:91:67:18:41:ed:09:15:fe:4d:fa:
                    ef:cc:c2:d3:e1:52:93:60:20:9e:4c:6e:63:0b:56:
                    0a:ea:fb:b7:09:e2:ac:68:0a:77:cf:a4:3a:97:69:
                    dc:30:ab:00:14:8e:3c:8a:e5:72:c8:5a:f8:6f:0e:
                    8b:7a:6e:52:81:63:a6:5d:80:28:50:ae:b0:cf:ce:
                    fb:36:1a:c1:c1:a2:42:4e:0f:02:79:a5:4b:d8:f1:
                    d5:95:b0:48:31:9f:83:d9:43:0d:94:80:c9:0b:fd:
                    fc:29:90:80:c7:e7:aa:f1:27:f3:80:cf:54:88:de:
                    6d:21:1b:a7:1e:47:d6:5e:4d:07:01:f1:03:97:48:
                    e3:53:04:7a:a5:0a:d7:3e:73:3e:ad:6e:4b:ea:b4:
                    d4:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:58:AE:DA:CE:EC:43:13:1A:70:95:74:64:63:C1:AA:A0:87:A6:9D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/533769c8-002c-491c-9b99-324fe9f5743c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d022::/36

    Signature Algorithm: sha256WithRSAEncryption
         6c:fd:3c:20:1e:4e:8b:79:99:4a:91:bb:4e:23:bf:6a:cd:d3:
         c8:71:82:0e:ea:45:f9:43:5c:92:d9:44:11:f0:4b:20:7b:48:
         3c:52:b1:8d:d2:64:06:ed:c1:ae:c4:1f:86:d6:42:36:64:bb:
         42:72:fa:32:d3:43:98:09:8d:a1:ab:3b:2e:5d:7b:8c:02:de:
         17:12:61:8e:61:e5:e7:85:b6:44:a0:35:69:b3:fc:87:14:35:
         ec:1b:17:67:00:49:a8:d4:67:64:e0:15:6c:72:25:3d:96:aa:
         de:36:fe:4b:b6:13:0c:72:a3:4d:5b:4f:64:17:65:3e:15:30:
         a8:4a:9a:87:d4:a4:4e:87:95:ea:52:29:ac:c3:d7:02:b0:a5:
         9e:a7:ea:8c:e9:02:74:b8:c3:99:50:70:72:c5:ae:a4:73:0c:
         cc:9f:3d:d9:e6:ab:92:7e:91:c9:23:48:38:93:aa:be:c7:ae:
         e2:e5:71:a8:7d:9e:5b:6c:e4:d7:8f:8a:8a:53:ed:3b:41:49:
         f9:69:94:94:80:ac:a0:af:dd:28:88:c6:25:a3:0f:a6:6d:69:
         bc:97:33:f4:7c:a8:28:e7:bc:16:34:68:cc:96:a9:22:4c:dd:
         fe:ef:0d:b1:54:d1:d8:17:4b:a0:fd:35:04:22:7b:c2:de:4c:
         65:03:1f:bd
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUafKu3CvSoYOS5H4kjs0Ql48ndhwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMTIxMDVaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDNkZGFmOGU2NDllZWExMGUyYmViNzUwMTUyNGZmYzdlYjVkYTRkMzZkZGRm
Y2U0MGI5YmQ2YTAzOTliMjRmZTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOSKF4gzTU+VjM4Qfzu/h06Q2sOjbd22PdX93AQbneCay3TNRlgdY59bFZ79
Jq8qC9apME0pNuLfRG+RWQhQ7OEt8aTJoPXwIh5PX0B2kRpJZt8azpgaVn9deJkp
WbWI8HaN52qBhP0wLso0TTyRZxhB7QkV/k3678zC0+FSk2AgnkxuYwtWCur7twni
rGgKd8+kOpdp3DCrABSOPIrlcsha+G8Oi3puUoFjpl2AKFCusM/O+zYawcGiQk4P
AnmlS9jx1ZWwSDGfg9lDDZSAyQv9/CmQgMfnqvEn84DPVIjebSEbpx5H1l5NBwHx
A5dI41MEeqUK1z5zPq1uS+q01MUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTDWK7a
zuxDExpwlXRkY8GqoIemnTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTMzNzY5YzgtMDAyYy00OTFjLTliOTktMzI0ZmU5ZjU3NDNjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CIA
MA0GCSqGSIb3DQEBCwUAA4IBAQBs/TwgHk6LeZlKkbtOI79qzdPIcYIO6kX5Q1yS
2UQR8Esge0g8UrGN0mQG7cGuxB+G1kI2ZLtCcvoy00OYCY2hqzsuXXuMAt4XEmGO
YeXnhbZEoDVps/yHFDXsGxdnAEmo1Gdk4BVsciU9lqreNv5LthMMcqNNW09kF2U+
FTCoSpqH1KROh5XqUimsw9cCsKWep+qM6QJ0uMOZUHByxa6kcwzMnz3Z5quSfpHJ
I0g4k6q+x67i5XGofZ5bbOTXj4qKU+07QUn5aZSUgKygr90oiMYlow+mbWm8lzP0
fKgo57wWNGjMlqkiTN3+7w2xVNHYF0ug/TUEInvC3kxlAx+9
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:07:02 2025 by rpki-client