Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5a585e9d-8bf0-4bc1-ad7b-b6c3e0bf9b93.roa
File:                     5a585e9d-8bf0-4bc1-ad7b-b6c3e0bf9b93.roa (raw, json)
Hash identifier:          b2IlgKfccI7dmtlfNZfzRgRkcMtH45R49IEQkIocQx8=
Subject key identifier:   6D:68:D9:BE:F9:17:C5:95:8A:FF:52:4B:87:FE:C6:75:34:D9:7B:C7
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       48857B046B957DBF3E86B4DC39C9F44F579205D6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5a585e9d-8bf0-4bc1-ad7b-b6c3e0bf9b93.roa
Signing time:             Fri 11 Jul 2025 20:51:01 +0000
ROA not before:           Fri 11 Jul 2025 20:51:01 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d025:1000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:85:7b:04:6b:95:7d:bf:3e:86:b4:dc:39:c9:f4:4f:57:92:05:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Jul 11 20:51:01 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=92c416c8d1a3cc5920a5eebb8946a5ecf0963d13a1cd12a62a2acd1db4db749e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:aa:b6:46:de:86:e1:21:41:8e:3e:fc:b3:b0:
                    a6:ca:84:e8:6a:43:8b:74:0a:c4:56:1f:e2:fe:4c:
                    3a:03:74:42:12:bd:79:09:5b:a2:92:f0:1d:df:ed:
                    97:94:4d:76:46:64:d7:b8:47:a0:0d:4f:83:58:72:
                    ab:3d:60:7a:fa:3b:0f:28:b1:4c:ce:33:81:0a:52:
                    f5:10:db:b1:a0:40:f2:f6:b1:71:5b:6c:75:be:1e:
                    da:a4:06:f0:b2:13:5c:43:32:8a:13:d9:f8:8e:e4:
                    a8:8b:14:d2:27:cc:15:30:e1:3a:83:10:2e:5e:44:
                    fa:fb:c8:87:d1:6e:c1:03:b8:ee:ab:67:fa:54:1e:
                    b8:09:b3:23:58:5e:8b:fd:ef:9c:71:26:84:9c:df:
                    ea:4f:8c:03:1b:b8:0b:75:75:7c:82:53:a2:58:42:
                    7a:76:3a:f9:3c:33:97:87:03:d2:7b:e9:be:fd:96:
                    74:80:4b:33:e3:73:ad:b1:07:d5:45:0f:be:54:3b:
                    00:38:b4:cf:d4:09:60:cf:04:56:40:9c:c8:83:3b:
                    80:a1:2f:9a:70:e6:20:68:f3:3a:2e:53:37:f3:95:
                    c9:f3:f9:e1:63:de:cb:02:f0:b6:54:6f:9c:49:3d:
                    55:05:8e:c8:d5:06:0b:47:f8:38:a4:03:41:71:e6:
                    c4:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:68:D9:BE:F9:17:C5:95:8A:FF:52:4B:87:FE:C6:75:34:D9:7B:C7
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5a585e9d-8bf0-4bc1-ad7b-b6c3e0bf9b93.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d025:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         1b:17:46:d3:34:ab:15:1d:c5:0b:72:e1:07:7a:7f:0b:47:5c:
         0e:bb:4f:e3:39:d5:7f:fc:34:2c:46:97:e0:b8:c7:47:da:ca:
         f9:e5:44:ea:eb:e8:e1:48:6b:d5:a2:72:73:4f:88:82:28:04:
         20:20:2c:25:43:26:d0:61:c4:91:87:78:b4:98:51:93:8e:2b:
         6e:cd:47:8f:bd:8d:ca:af:e2:e6:09:d5:8e:8e:ce:10:5d:51:
         c8:03:bd:8d:28:82:5d:a9:36:82:34:2c:bf:39:6d:59:2a:ef:
         9b:4f:59:37:87:e3:fe:90:40:7c:4d:7c:68:60:2e:dd:d4:51:
         c7:a5:92:5a:a4:b9:e4:09:b6:46:8c:eb:bf:9d:db:d2:40:f3:
         c7:8a:3e:b4:13:5e:8c:7a:a8:ec:10:ad:f0:06:bd:50:b0:23:
         53:1e:f7:62:9f:b2:1a:e8:c6:fc:fa:c6:a5:73:18:9b:f8:b8:
         79:fe:48:09:67:af:b9:9e:1f:52:57:30:d4:23:45:5a:45:45:
         ae:b9:85:93:1c:8d:46:bd:f6:93:ee:3a:29:a5:ca:fa:d6:86:
         0e:a2:6d:3f:42:30:89:27:a9:40:66:24:c5:a1:1b:ba:71:1c:
         fe:60:e0:1e:0b:06:f8:af:9e:be:79:3f:20:a6:d7:73:85:bc:
         51:c9:40:75
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUSIV7BGuVfb8+hrTcOcn0T1eSBdYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDUxMDFaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDkyYzQxNmM4ZDFhM2NjNTkyMGE1ZWViYjg5NDZhNWVjZjA5NjNkMTNhMWNk
MTJhNjJhMmFjZDFkYjRkYjc0OWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKOqtkbehuEhQY4+/LOwpsqE6GpDi3QKxFYf4v5MOgN0QhK9eQlbopLwHd/t
l5RNdkZk17hHoA1Pg1hyqz1gevo7DyixTM4zgQpS9RDbsaBA8vaxcVtsdb4e2qQG
8LITXEMyihPZ+I7kqIsU0ifMFTDhOoMQLl5E+vvIh9FuwQO47qtn+lQeuAmzI1he
i/3vnHEmhJzf6k+MAxu4C3V1fIJTolhCenY6+Twzl4cD0nvpvv2WdIBLM+NzrbEH
1UUPvlQ7ADi0z9QJYM8EVkCcyIM7gKEvmnDmIGjzOi5TN/OVyfP54WPeywLwtlRv
nEk9VQWOyNUGC0f4OKQDQXHmxLsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRtaNm+
+RfFlYr/UkuH/sZ1NNl7xzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWE1ODVlOWQtOGJmMC00YmMxLWFkN2ItYjZjM2UwYmY5YjkzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CUQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAbF0bTNKsVHcULcuEHen8LR1wOu0/jOdV//DQs
RpfguMdH2sr55UTq6+jhSGvVonJzT4iCKAQgICwlQybQYcSRh3i0mFGTjituzUeP
vY3Kr+LmCdWOjs4QXVHIA72NKIJdqTaCNCy/OW1ZKu+bT1k3h+P+kEB8TXxoYC7d
1FHHpZJapLnkCbZGjOu/ndvSQPPHij60E16MeqjsEK3wBr1QsCNTHvdin7Ia6Mb8
+salcxib+Lh5/kgJZ6+5nh9SVzDUI0VaRUWuuYWTHI1GvfaT7joppcr61oYOom0/
QjCJJ6lAZiTFoRu6cRz+YOAeCwb4r56+eT8gptdzhbxRyUB1
-----END CERTIFICATE-----
Generated at Wed Jul 23 03:52:29 2025 by rpki-client