Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35fc0413-357a-4ddb-84e4-70641635a6c3.roa
File:                     35fc0413-357a-4ddb-84e4-70641635a6c3.roa (raw, json)
Hash identifier:          w6IAbxDYOtvu7JLS1HOR/scdOA6yTg9OYnrYQRhPdHc=
Subject key identifier:   5F:C0:7A:CF:BF:FE:D8:13:24:CD:2C:18:D2:59:AE:F3:EC:56:59:BB
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       71B3CB5B850A76137A9F8998C00AB2D14A04F8C3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35fc0413-357a-4ddb-84e4-70641635a6c3.roa
Signing time:             Fri 11 Jul 2025 19:50:09 +0000
ROA not before:           Fri 11 Jul 2025 19:50:09 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:9040::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:b3:cb:5b:85:0a:76:13:7a:9f:89:98:c0:0a:b2:d1:4a:04:f8:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Jul 11 19:50:09 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=2ea6615df3d4c48ede0731998373d8c5b53ab10ebdea2b52ea0ce75102f12d82, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:3a:12:57:07:a4:d5:6b:97:42:e7:3c:81:e4:
                    f6:09:3d:35:b1:35:63:08:e9:da:e1:5d:ca:e2:b7:
                    9c:b8:9d:fe:fe:30:54:90:94:10:ed:51:c4:52:f2:
                    3a:95:d6:16:fe:49:56:88:0f:f4:10:5f:a2:12:a1:
                    23:fc:11:3b:cf:47:b1:4c:db:57:b5:35:73:d8:58:
                    d8:91:2f:49:b8:74:a5:93:0b:79:2d:b0:06:f6:1d:
                    e4:e4:b5:cc:d9:d5:ca:4d:61:17:94:6b:b9:a4:67:
                    e6:1f:54:17:7b:94:67:a9:c7:fe:77:39:a7:34:3d:
                    d8:e7:d5:f1:7f:d1:eb:7e:00:25:48:61:63:23:5f:
                    db:7d:ba:55:6d:3c:c5:71:cc:c2:32:06:d1:d1:6f:
                    38:0e:12:70:6b:d0:64:10:f6:cf:64:ea:f4:fa:64:
                    00:ba:3b:20:8d:12:84:6c:6d:2f:ed:33:61:dc:e5:
                    03:88:1d:99:05:26:b9:1c:0c:4d:16:07:ad:cd:5a:
                    f3:01:d4:28:2f:18:ee:47:46:2e:63:5c:cf:d2:6f:
                    d5:2a:f1:4a:95:54:d1:da:69:a5:2d:a4:38:47:83:
                    d2:bc:36:c3:4c:2e:c6:db:6f:ef:b3:b4:cf:73:d9:
                    e4:50:d1:8a:56:1f:03:f1:18:15:e1:bf:9f:9f:4d:
                    ad:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:C0:7A:CF:BF:FE:D8:13:24:CD:2C:18:D2:59:AE:F3:EC:56:59:BB
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35fc0413-357a-4ddb-84e4-70641635a6c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:9040::/46

    Signature Algorithm: sha256WithRSAEncryption
         58:a6:e3:25:d5:c4:15:20:04:44:85:5c:70:8a:c8:64:98:d1:
         8b:f7:ce:7c:62:0e:e2:56:c7:c0:45:2b:b6:13:3c:f5:c3:b4:
         59:e1:73:f1:e8:2d:52:73:ad:8b:29:01:a0:da:02:3d:59:89:
         4c:5c:dc:f9:e8:48:91:16:e0:01:66:4d:a7:62:6c:44:79:b3:
         32:b8:68:6a:04:d8:16:71:cb:fc:33:d1:e0:26:70:a0:f5:3e:
         a6:d7:8e:f8:dd:0a:ee:e5:ff:9a:05:4c:7c:da:05:e7:84:45:
         57:da:5d:78:81:78:22:47:92:b1:0a:b5:af:e6:6f:83:d8:49:
         69:51:fb:49:82:13:55:3e:67:3e:3f:34:e2:d2:24:03:dc:07:
         34:7f:da:80:3a:ab:3a:4f:87:e2:4d:fe:2a:c5:24:68:ab:8d:
         1b:dd:2d:09:f5:5e:d2:2e:df:72:12:9d:8c:9a:65:71:1d:0f:
         8d:3b:ef:4d:c3:d2:04:19:2a:fc:07:a7:62:de:36:48:d8:3d:
         f0:6c:22:89:14:be:d5:fd:9e:77:34:be:44:43:f8:cb:c5:0f:
         af:ad:5f:2d:f3:c1:0e:14:61:ba:df:2a:6a:d0:f3:7d:a7:81:
         0b:20:9a:f5:02:a9:52:f3:23:7f:9f:df:35:73:e8:0d:f7:52:
         0d:8c:aa:46
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUcbPLW4UKdhN6n4mYwAqy0UoE+MMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTExOTUwMDlaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJlYTY2MTVkZjNkNGM0OGVkZTA3MzE5OTgzNzNkOGM1YjUzYWIxMGViZGVh
MmI1MmVhMGNlNzUxMDJmMTJkODIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALs6ElcHpNVrl0LnPIHk9gk9NbE1Ywjp2uFdyuK3nLid/v4wVJCUEO1RxFLy
OpXWFv5JVogP9BBfohKhI/wRO89HsUzbV7U1c9hY2JEvSbh0pZMLeS2wBvYd5OS1
zNnVyk1hF5RruaRn5h9UF3uUZ6nH/nc5pzQ92OfV8X/R634AJUhhYyNf2326VW08
xXHMwjIG0dFvOA4ScGvQZBD2z2Tq9PpkALo7II0ShGxtL+0zYdzlA4gdmQUmuRwM
TRYHrc1a8wHUKC8Y7kdGLmNcz9Jv1SrxSpVU0dpppS2kOEeD0rw2w0wuxttv77O0
z3PZ5FDRilYfA/EYFeG/n59NrScCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRfwHrP
v/7YEyTNLBjSWa7z7FZZuzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzVmYzA0MTMtMzU3YS00ZGRiLTg0ZTQtNzA2NDE2MzVhNmMzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DWQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAWKbjJdXEFSAERIVccIrIZJjRi/fOfGIO4lbH
wEUrthM89cO0WeFz8egtUnOtiykBoNoCPVmJTFzc+ehIkRbgAWZNp2JsRHmzMrho
agTYFnHL/DPR4CZwoPU+pteO+N0K7uX/mgVMfNoF54RFV9pdeIF4IkeSsQq1r+Zv
g9hJaVH7SYITVT5nPj804tIkA9wHNH/agDqrOk+H4k3+KsUkaKuNG90tCfVe0i7f
chKdjJplcR0PjTvvTcPSBBkq/AenYt42SNg98GwiiRS+1f2edzS+REP4y8UPr61f
LfPBDhRhut8qatDzfaeBCyCa9QKpUvMjf5/fNXPoDfdSDYyqRg==
-----END CERTIFICATE-----
Generated at Wed Jul 23 03:55:38 2025 by rpki-client