Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/42ef7d89-b9bf-460f-b906-7443d96f4a6f.roa
File:                     42ef7d89-b9bf-460f-b906-7443d96f4a6f.roa (raw, json)
Hash identifier:          rmZyEwgJHk1KBhpyPNF7SehrTfPFf07+WKBdVtpZSJE=
Subject key identifier:   F9:FB:EC:CD:FB:2F:7C:3A:FC:94:8F:FA:41:61:EE:90:2F:0F:A4:96
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7E31A7C2636A882B900DDDAAED7E47CFD33E6C25
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/42ef7d89-b9bf-460f-b906-7443d96f4a6f.roa
Signing time:             Fri 11 Jul 2025 18:50:03 +0000
ROA not before:           Fri 11 Jul 2025 18:50:03 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:8090::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:31:a7:c2:63:6a:88:2b:90:0d:dd:aa:ed:7e:47:cf:d3:3e:6c:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Jul 11 18:50:03 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=15053b0962536dcbccab9a311fd744d3b705e500bbba1fab2f05e18b401b9954, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:48:0e:1e:03:f7:0c:67:7f:9d:4a:0b:79:6d:
                    f9:e1:29:c4:1d:2f:a2:dc:95:89:96:e0:62:9b:74:
                    2f:e1:a4:be:6d:69:6e:f1:26:f1:2e:75:57:77:e2:
                    8f:4c:8b:1e:42:e6:ce:df:02:2e:8f:2d:1e:cd:ea:
                    e7:fd:e9:00:fb:6e:49:b1:35:8b:1f:7c:37:01:95:
                    46:c9:23:0c:bd:f4:22:43:c6:a6:34:55:ef:0b:bf:
                    68:e2:89:91:21:59:78:ff:64:12:fd:0e:e1:ce:63:
                    8c:73:58:1e:8a:b8:32:fe:92:e2:67:83:14:5c:68:
                    c4:ec:8f:d7:6c:f4:24:32:3e:f3:1b:d0:d3:b8:fa:
                    33:00:04:f3:ba:eb:bc:fe:a9:19:72:28:80:05:29:
                    96:f7:cc:91:e1:cd:5b:1d:fc:ac:b5:19:06:b7:56:
                    25:cb:ce:b3:b2:b2:70:c4:31:18:76:e8:82:b2:c8:
                    bc:50:4e:29:94:d5:2a:88:03:03:ff:84:1b:08:56:
                    83:8b:6f:fe:f6:5b:b4:f5:6a:f2:cb:b7:79:cb:e7:
                    d4:67:18:0a:30:77:76:3d:8b:b5:20:63:94:2c:57:
                    62:ba:29:a4:e8:9d:90:c3:0a:be:e7:ce:4d:a8:38:
                    be:ac:07:d2:d2:9c:da:1f:c4:bb:90:d9:7f:46:d6:
                    97:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:FB:EC:CD:FB:2F:7C:3A:FC:94:8F:FA:41:61:EE:90:2F:0F:A4:96
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/42ef7d89-b9bf-460f-b906-7443d96f4a6f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:8090::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:6e:c9:8e:0f:8d:e9:32:78:e5:56:50:56:d4:ae:25:56:85:
         c7:cf:df:42:b3:9a:58:0e:85:a1:75:79:82:99:79:d2:2e:34:
         15:cd:99:c9:24:e0:63:9f:06:6c:b1:0e:c9:4e:11:2f:a0:41:
         d0:13:90:13:55:95:3c:12:57:23:f1:3c:54:44:47:41:25:f3:
         0a:5e:d6:3a:d6:d4:e7:9e:28:da:fd:4f:81:49:23:89:a7:89:
         16:f1:92:68:77:74:fe:99:0d:55:1f:36:69:8f:67:09:7b:f7:
         03:de:2b:2f:65:5d:65:54:19:6a:ee:48:79:fe:68:78:df:c9:
         5e:bf:3a:04:d5:de:cf:57:32:25:52:c4:a3:ed:29:6d:16:94:
         ab:da:0f:cd:ff:a8:39:42:c6:5a:e1:04:dc:70:a5:60:87:f4:
         27:e7:6a:18:22:9c:20:1e:db:a1:0c:a8:26:61:1b:56:89:29:
         a0:3c:22:9b:55:a4:6f:a3:8d:7b:6d:e7:ee:61:ba:01:c3:d1:
         af:ca:9f:0c:e7:04:aa:7c:ff:fa:01:92:28:03:2a:1f:71:a6:
         6d:bf:ae:31:6a:4a:04:12:10:a2:6d:51:5b:da:4f:a5:bc:3f:
         f0:a3:c3:30:b0:df:48:e7:66:6e:18:13:df:b4:5c:22:c4:c0:
         8f:76:57:48
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUfjGnwmNqiCuQDd2q7X5Hz9M+bCUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTExODUwMDNaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDE1MDUzYjA5NjI1MzZkY2JjY2FiOWEzMTFmZDc0NGQzYjcwNWU1MDBiYmJh
MWZhYjJmMDVlMThiNDAxYjk5NTQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMhIDh4D9wxnf51KC3lt+eEpxB0votyViZbgYpt0L+Gkvm1pbvEm8S51V3fi
j0yLHkLmzt8CLo8tHs3q5/3pAPtuSbE1ix98NwGVRskjDL30IkPGpjRV7wu/aOKJ
kSFZeP9kEv0O4c5jjHNYHoq4Mv6S4meDFFxoxOyP12z0JDI+8xvQ07j6MwAE87rr
vP6pGXIogAUplvfMkeHNWx38rLUZBrdWJcvOs7KycMQxGHbogrLIvFBOKZTVKogD
A/+EGwhWg4tv/vZbtPVq8su3ecvn1GcYCjB3dj2LtSBjlCxXYroppOidkMMKvufO
Tag4vqwH0tKc2h/Eu5DZf0bWl6ECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT5++zN
+y98OvyUj/pBYe6QLw+kljAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDJlZjdkODktYjliZi00NjBmLWI5MDYtNzQ0M2Q5NmY0YTZmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACA
kDANBgkqhkiG9w0BAQsFAAOCAQEAoW7Jjg+N6TJ45VZQVtSuJVaFx8/fQrOaWA6F
oXV5gpl50i40Fc2ZySTgY58GbLEOyU4RL6BB0BOQE1WVPBJXI/E8VERHQSXzCl7W
OtbU554o2v1PgUkjiaeJFvGSaHd0/pkNVR82aY9nCXv3A94rL2VdZVQZau5Ief5o
eN/JXr86BNXez1cyJVLEo+0pbRaUq9oPzf+oOULGWuEE3HClYIf0J+dqGCKcIB7b
oQyoJmEbVokpoDwim1Wkb6ONe23n7mG6AcPRr8qfDOcEqnz/+gGSKAMqH3Gmbb+u
MWpKBBIQom1RW9pPpbw/8KPDMLDfSOdmbhgT37RcIsTAj3ZXSA==
-----END CERTIFICATE-----
Generated at Wed Jul 23 03:53:59 2025 by rpki-client