Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99ffa238-9133-4fa5-ad84-49e67d34854a.roa
File:                     99ffa238-9133-4fa5-ad84-49e67d34854a.roa (raw, json)
Hash identifier:          KqMdArWSuLA5OAx5MYPsYmA5Ww+//Q9BHhyY3baUwkk=
Subject key identifier:   F4:7A:CF:FC:3C:65:B5:AD:46:27:36:49:C2:1B:04:C1:6B:51:1C:B4
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4E05D4D7309572F92D799BAF5F57B0DEB9FE4595
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99ffa238-9133-4fa5-ad84-49e67d34854a.roa
Signing time:             Mon 01 Sep 2025 21:20:57 +0000
ROA not before:           Mon 01 Sep 2025 21:20:57 +0000
ROA not after:            Mon 06 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d02a::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 10:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:05:d4:d7:30:95:72:f9:2d:79:9b:af:5f:57:b0:de:b9:fe:45:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Sep  1 21:20:57 2025 GMT
            Not After : Oct  6 23:59:59 2025 GMT
        Subject: serialNumber=a8ddfc64912da388779a69aacbffb2879707832b7b13c80ade3c1e0dab4fbaf9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:bf:df:9d:2b:8b:47:9e:38:d9:35:a2:d5:cb:
                    9b:e5:e1:a0:a5:8b:2d:6e:86:f8:68:5b:a5:90:a2:
                    f6:8b:69:5e:9c:64:94:ff:65:b3:3a:9b:9b:9e:dd:
                    7f:d9:61:a7:73:80:5a:f9:70:95:44:9d:a5:7b:8c:
                    e0:4a:35:0e:d4:21:40:70:9f:f7:d2:49:a4:ef:2f:
                    a1:7f:ee:be:f4:cb:84:8a:9a:c0:e0:5f:ff:14:52:
                    e6:ea:f6:1d:eb:92:a6:9f:fe:63:65:06:67:da:0a:
                    de:34:77:4d:99:16:8b:81:14:d9:17:2c:99:b4:a4:
                    6d:b3:8b:bf:f8:9c:00:2f:5b:92:b3:0a:ff:84:fc:
                    71:6e:4d:89:17:c3:29:11:8c:61:e2:e7:15:f9:fe:
                    44:a0:b2:10:7f:86:b0:3d:99:e8:82:71:0f:9b:6c:
                    63:00:c9:ce:4a:62:ca:d8:db:bf:f6:4f:d6:f0:c7:
                    9a:d6:13:86:42:58:b1:16:55:e8:1a:27:92:86:a3:
                    bb:c3:d0:03:91:4f:8d:c8:9c:b9:2b:30:c0:a7:12:
                    06:e2:f2:00:88:a2:6c:5c:a5:f3:99:ba:d2:03:57:
                    60:34:2e:89:6e:26:65:b5:2f:ec:75:ad:2c:85:83:
                    0c:3c:79:5d:df:e5:4b:02:39:a1:fd:ab:b2:43:7c:
                    93:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:7A:CF:FC:3C:65:B5:AD:46:27:36:49:C2:1B:04:C1:6B:51:1C:B4
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99ffa238-9133-4fa5-ad84-49e67d34854a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d02a::/36

    Signature Algorithm: sha256WithRSAEncryption
         6d:cf:f8:62:ae:bc:16:25:f2:b4:ff:34:3b:2b:d4:93:b2:90:
         e6:06:dd:3d:1a:a3:72:27:ce:90:92:3b:83:db:81:ec:11:31:
         f0:63:8e:f2:50:fc:2c:7d:a2:09:83:a0:c3:27:e9:1f:37:ce:
         ee:df:e9:96:c0:8a:ec:82:d4:eb:cf:9b:cb:2a:ba:81:3d:12:
         eb:58:ef:a5:ea:c6:6d:88:71:a7:a1:39:2c:45:6d:06:35:83:
         3e:f6:07:af:87:25:b7:a1:73:6d:f4:7e:8c:b5:0f:3b:1e:ce:
         95:c0:6d:4a:2e:bb:0f:dd:57:d8:be:77:df:68:19:07:92:69:
         d1:8e:36:b9:22:68:43:f7:04:d9:01:6e:79:50:8d:12:a3:8a:
         bf:04:e9:19:50:29:85:64:f3:14:ae:a0:fd:a5:ff:97:93:28:
         27:f3:e3:64:19:a9:6f:e8:76:7f:e2:05:b2:dd:45:b3:a1:1d:
         80:45:5a:7e:21:ff:9d:68:43:13:fc:0d:d6:36:fa:84:85:f0:
         3d:ce:28:36:48:8d:83:0b:e9:1e:f1:64:de:ad:5e:db:0a:35:
         1e:0f:bf:4c:e2:55:80:b2:8e:f4:91:b0:c7:3d:41:fc:6c:a7:
         a7:c3:0b:e0:08:18:11:88:b7:8d:69:c5:17:4f:af:1f:f4:0c:
         23:7f:88:50
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTgXU1zCVcvkteZuvX1ew3rn+RZUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMTIwNTdaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGE4ZGRmYzY0OTEyZGEzODg3NzlhNjlhYWNiZmZiMjg3OTcwNzgzMmI3YjEz
YzgwYWRlM2MxZTBkYWI0ZmJhZjkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN6/350ri0eeONk1otXLm+XhoKWLLW6G+GhbpZCi9otpXpxklP9lszqbm57d
f9lhp3OAWvlwlUSdpXuM4Eo1DtQhQHCf99JJpO8voX/uvvTLhIqawOBf/xRS5ur2
HeuSpp/+Y2UGZ9oK3jR3TZkWi4EU2RcsmbSkbbOLv/icAC9bkrMK/4T8cW5NiRfD
KRGMYeLnFfn+RKCyEH+GsD2Z6IJxD5tsYwDJzkpiytjbv/ZP1vDHmtYThkJYsRZV
6Bonkoaju8PQA5FPjcicuSswwKcSBuLyAIiibFyl85m60gNXYDQuiW4mZbUv7HWt
LIWDDDx5Xd/lSwI5of2rskN8k0UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT0es/8
PGW1rUYnNknCGwTBa1EctDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTlmZmEyMzgtOTEzMy00ZmE1LWFkODQtNDllNjdkMzQ4NTRhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CoA
MA0GCSqGSIb3DQEBCwUAA4IBAQBtz/hirrwWJfK0/zQ7K9STspDmBt09GqNyJ86Q
kjuD24HsETHwY47yUPwsfaIJg6DDJ+kfN87u3+mWwIrsgtTrz5vLKrqBPRLrWO+l
6sZtiHGnoTksRW0GNYM+9gevhyW3oXNt9H6MtQ87Hs6VwG1KLrsP3VfYvnffaBkH
kmnRjja5ImhD9wTZAW55UI0So4q/BOkZUCmFZPMUrqD9pf+Xkygn8+NkGalv6HZ/
4gWy3UWzoR2ARVp+If+daEMT/A3WNvqEhfA9zig2SI2DC+ke8WTerV7bCjUeD79M
4lWAso70kbDHPUH8bKenwwvgCBgRiLeNacUXT68f9Awjf4hQ
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:13:28 2025 by rpki-client