Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/408fc879-4db9-446c-bdb3-37bf4ee28c97.roa
File:                     408fc879-4db9-446c-bdb3-37bf4ee28c97.roa (raw, json)
Hash identifier:          cMHmrG+H5NCCNN2Qg0sNp8II/4Fse4o07M/sU+EuJwE=
Subject key identifier:   AD:9A:15:50:3F:60:9D:AA:84:A4:66:EF:1A:41:EC:33:7B:5C:31:19
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5857620978A989663B98A6EA0DC3F6F0E5EEEBAD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/408fc879-4db9-446c-bdb3-37bf4ee28c97.roa
Signing time:             Fri 11 Jul 2025 20:21:38 +0000
ROA not before:           Fri 11 Jul 2025 20:21:38 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07a:a000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:57:62:09:78:a9:89:66:3b:98:a6:ea:0d:c3:f6:f0:e5:ee:eb:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Jul 11 20:21:38 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=54f63c9972863fff05065c11ae9a3455b13c45954cb9b8e764069d827cd293ae, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:84:04:fa:29:bb:7b:0b:0c:ca:d7:8a:7d:d7:
                    67:b2:8c:33:80:94:83:a6:3e:f7:1a:f3:2b:47:77:
                    b4:82:e4:31:63:b0:cc:15:40:d3:cf:02:68:1d:3c:
                    61:8c:91:78:2b:c9:04:57:12:dd:fc:e1:4f:5b:21:
                    c0:86:1d:dc:3d:b0:c8:61:26:e4:ff:17:25:5e:b0:
                    c3:4c:85:08:f1:84:40:d6:11:ca:f5:84:c3:77:11:
                    ba:96:13:53:62:0c:5b:86:c3:98:9b:af:76:2b:07:
                    63:c4:97:a0:c6:49:11:58:c5:00:de:c0:25:13:6f:
                    40:89:44:52:0c:25:9c:d0:29:7b:d9:7d:c5:94:7e:
                    32:5d:30:04:6a:98:da:53:be:b1:7f:ef:a6:46:04:
                    81:7a:34:d5:fb:2b:d6:a5:64:c2:85:04:3d:04:42:
                    81:6d:a6:2b:49:61:a6:c1:34:81:79:fd:02:4a:20:
                    96:cd:e8:64:79:fb:93:66:ed:b7:15:72:b6:97:79:
                    d4:bc:44:d8:e6:95:17:10:8e:c7:24:b1:00:c7:cf:
                    ac:6b:d4:36:5e:ef:39:ee:cf:f2:c0:1e:38:d5:b0:
                    5c:ca:f5:5f:97:06:99:6a:8e:01:31:d4:48:3e:b4:
                    e9:f2:b5:f6:38:fb:67:af:5f:6c:5e:78:c4:4d:a8:
                    c7:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:9A:15:50:3F:60:9D:AA:84:A4:66:EF:1A:41:EC:33:7B:5C:31:19
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/408fc879-4db9-446c-bdb3-37bf4ee28c97.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07a:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         94:33:49:2c:a4:c8:1e:56:90:07:1d:8a:e9:f8:f5:ee:80:71:
         36:ce:ba:2c:fa:74:40:cf:1c:6c:c8:fa:8e:27:d0:96:e5:1c:
         53:f5:2a:d1:ef:15:21:da:5f:7c:a7:a1:63:73:4a:7d:0e:94:
         6a:47:ca:81:a1:67:b1:8e:67:ba:41:63:a4:9d:d3:89:6f:86:
         a0:82:33:a7:ab:97:b9:ed:59:08:c4:ec:b0:a2:c3:2c:4c:08:
         23:59:38:13:ec:92:a9:9d:9e:ab:7e:25:01:6f:e2:0e:7c:c3:
         c1:52:cf:e0:3c:c9:b6:fe:bd:ec:45:64:4f:ef:39:a7:af:5a:
         86:c3:4f:3b:f1:4d:44:60:63:34:48:2d:b3:80:b4:e6:6d:5b:
         1e:38:76:03:df:9f:25:ee:e7:5c:36:8b:8e:42:ae:de:2a:b7:
         0c:47:57:21:49:29:97:da:87:ac:95:83:a7:ce:48:91:67:3d:
         29:df:ad:19:4e:ba:50:16:0c:0f:b9:7d:38:5f:b9:c4:09:9b:
         05:2e:16:10:5a:06:27:71:c4:db:1a:af:f5:f2:35:32:c3:16:
         6f:0e:f9:d4:00:49:fb:6b:7c:e7:9c:51:c1:14:7d:8e:ed:81:
         be:89:d3:52:c1:fb:0d:f6:6e:7b:2f:24:e8:c5:dc:26:56:d1:
         97:1c:80:65
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUWFdiCXipiWY7mKbqDcP28OXu660wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDIxMzhaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDU0ZjYzYzk5NzI4NjNmZmYwNTA2NWMxMWFlOWEzNDU1YjEzYzQ1OTU0Y2I5
YjhlNzY0MDY5ZDgyN2NkMjkzYWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKCEBPopu3sLDMrXin3XZ7KMM4CUg6Y+9xrzK0d3tILkMWOwzBVA088CaB08
YYyReCvJBFcS3fzhT1shwIYd3D2wyGEm5P8XJV6ww0yFCPGEQNYRyvWEw3cRupYT
U2IMW4bDmJuvdisHY8SXoMZJEVjFAN7AJRNvQIlEUgwlnNApe9l9xZR+Ml0wBGqY
2lO+sX/vpkYEgXo01fsr1qVkwoUEPQRCgW2mK0lhpsE0gXn9Akogls3oZHn7k2bt
txVytpd51LxE2OaVFxCOxySxAMfPrGvUNl7vOe7P8sAeONWwXMr1X5cGmWqOATHU
SD606fK19jj7Z69fbF54xE2ox4cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBStmhVQ
P2CdqoSkZu8aQewze1wxGTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDA4ZmM4NzktNGRiOS00NDZjLWJkYjMtMzdiZjRlZTI4Yzk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hqg
MA0GCSqGSIb3DQEBCwUAA4IBAQCUM0kspMgeVpAHHYrp+PXugHE2zros+nRAzxxs
yPqOJ9CW5RxT9SrR7xUh2l98p6Fjc0p9DpRqR8qBoWexjme6QWOkndOJb4aggjOn
q5e57VkIxOywosMsTAgjWTgT7JKpnZ6rfiUBb+IOfMPBUs/gPMm2/r3sRWRP7zmn
r1qGw0878U1EYGM0SC2zgLTmbVseOHYD358l7udcNouOQq7eKrcMR1chSSmX2oes
lYOnzkiRZz0p360ZTrpQFgwPuX04X7nECZsFLhYQWgYnccTbGq/18jUywxZvDvnU
AEn7a3znnFHBFH2O7YG+idNSwfsN9m57LyToxdwmVtGXHIBl
-----END CERTIFICATE-----
Generated at Wed Jul 23 03:51:05 2025 by rpki-client