Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c3c943d5-fc37-4c49-9dba-128c8e280c32.roa
File:                     c3c943d5-fc37-4c49-9dba-128c8e280c32.roa (raw, json)
Hash identifier:          zK4HqEQgd4+hjlGydkfD4bY7jv9w7c6VfRHxS48n6NU=
Subject key identifier:   4F:36:5D:06:E5:64:3E:EF:6E:49:D8:91:58:F5:FD:48:69:8F:E2:CE
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2348B631882E78E19331702FACE5D796D4F9ED0D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c3c943d5-fc37-4c49-9dba-128c8e280c32.roa
Signing time:             Fri 11 Jul 2025 20:00:41 +0000
ROA not before:           Fri 11 Jul 2025 20:00:41 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07b:5040::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:48:b6:31:88:2e:78:e1:93:31:70:2f:ac:e5:d7:96:d4:f9:ed:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Jul 11 20:00:41 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=6a547f6460beb006917722340c4ac100f4d5a5a8d78056d026055c67f772bfdd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:bd:11:9b:ac:5b:7d:65:e6:01:64:5d:8d:12:
                    5c:6b:2a:25:6e:01:8f:0f:14:a1:25:13:03:2e:87:
                    c8:66:9a:ae:ed:cb:65:8d:01:ec:f0:a9:48:e9:1e:
                    3f:02:6b:c2:34:47:8e:04:54:e4:76:d3:1d:6e:e0:
                    57:c9:12:0d:ca:de:a1:37:b8:12:0a:74:51:16:4d:
                    d5:a3:ef:57:ac:ee:93:55:28:f2:6a:0b:89:f7:a4:
                    a5:12:23:50:7e:e4:21:7e:2f:d5:8d:e4:73:06:2d:
                    8b:39:f5:fd:c2:da:5e:41:5a:ad:3e:95:9e:77:8c:
                    0a:56:77:7d:b8:fc:ce:4e:99:d2:b0:4d:20:99:80:
                    dc:eb:55:00:55:45:85:67:66:2b:11:14:23:ed:ac:
                    b8:c2:7d:c2:d8:19:e1:70:13:51:c4:84:28:14:c6:
                    8b:46:43:d8:30:49:82:54:1b:d7:cd:09:92:d4:5c:
                    6a:90:97:e6:28:19:c8:b5:5c:9e:30:d0:38:1f:30:
                    ae:0a:4d:b4:53:85:9c:01:b3:e1:22:6f:4e:fb:07:
                    9b:a2:98:cb:90:29:08:7c:91:73:db:86:7a:4e:f1:
                    ca:6f:4e:e9:05:04:b2:57:ce:6d:5f:ec:ee:bb:2b:
                    65:b6:65:da:5f:64:77:73:35:70:3c:7b:df:7b:14:
                    21:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:36:5D:06:E5:64:3E:EF:6E:49:D8:91:58:F5:FD:48:69:8F:E2:CE
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c3c943d5-fc37-4c49-9dba-128c8e280c32.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07b:5040::/46

    Signature Algorithm: sha256WithRSAEncryption
         70:23:59:6c:1a:67:cd:21:67:99:51:3a:15:c5:3a:c7:45:a4:
         1f:1c:0c:cd:da:35:23:77:b8:71:8c:f9:06:14:3e:ee:d3:3f:
         c9:34:6d:69:c8:08:5b:46:dd:39:02:fc:25:5c:a7:59:d2:b4:
         cd:07:e3:46:c3:3f:5b:f6:bf:be:a0:3f:9f:4a:f9:32:12:33:
         ae:c2:a0:af:01:ed:35:18:c0:5c:03:28:93:61:a9:a6:ab:92:
         4f:a9:d2:3a:8c:ba:da:d1:ae:2f:df:b3:69:4c:d9:bd:74:38:
         b3:e0:a5:3b:e1:55:f4:65:04:79:76:05:67:a2:ba:74:f2:d9:
         92:c0:a4:33:b5:0c:65:68:03:4d:86:66:4d:00:7d:d4:d4:a7:
         96:28:de:27:48:d5:05:48:47:21:0d:ae:0d:f7:0d:1e:8a:7a:
         ae:fc:b4:5f:43:35:64:e3:d3:85:ba:27:4c:63:c1:e3:6e:7c:
         bf:90:53:b2:0b:40:b5:31:05:d4:5d:56:38:4a:0b:90:19:78:
         2d:15:07:87:21:15:98:40:87:fb:2a:60:f2:ea:ef:a0:30:8c:
         3e:34:24:3e:1d:0a:a1:de:50:d6:0f:f7:e4:c2:f9:94:ce:13:
         f5:27:23:6c:6e:8b:7f:ea:4a:90:e6:cd:c7:2d:e3:9e:2e:f3:
         4c:91:25:b0
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUI0i2MYgueOGTMXAvrOXXltT57Q0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTEyMDAwNDFaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDZhNTQ3ZjY0NjBiZWIwMDY5MTc3MjIzNDBjNGFjMTAwZjRkNWE1YThkNzgw
NTZkMDI2MDU1YzY3Zjc3MmJmZGQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMa9EZusW31l5gFkXY0SXGsqJW4Bjw8UoSUTAy6HyGaaru3LZY0B7PCpSOke
PwJrwjRHjgRU5HbTHW7gV8kSDcreoTe4Egp0URZN1aPvV6zuk1Uo8moLifekpRIj
UH7kIX4v1Y3kcwYtizn1/cLaXkFarT6VnneMClZ3fbj8zk6Z0rBNIJmA3OtVAFVF
hWdmKxEUI+2suMJ9wtgZ4XATUcSEKBTGi0ZD2DBJglQb180JktRcapCX5igZyLVc
njDQOB8wrgpNtFOFnAGz4SJvTvsHm6KYy5ApCHyRc9uGek7xym9O6QUEslfObV/s
7rsrZbZl2l9kd3M1cDx733sUIfECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRPNl0G
5WQ+725J2JFY9f1IaY/izjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzNjOTQzZDUtZmMzNy00YzQ5LTlkYmEtMTI4YzhlMjgwYzMyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HtQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAcCNZbBpnzSFnmVE6FcU6x0WkHxwMzdo1I3e4
cYz5BhQ+7tM/yTRtacgIW0bdOQL8JVynWdK0zQfjRsM/W/a/vqA/n0r5MhIzrsKg
rwHtNRjAXAMok2GppquST6nSOoy62tGuL9+zaUzZvXQ4s+ClO+FV9GUEeXYFZ6K6
dPLZksCkM7UMZWgDTYZmTQB91NSnlijeJ0jVBUhHIQ2uDfcNHop6rvy0X0M1ZOPT
hbonTGPB4258v5BTsgtAtTEF1F1WOEoLkBl4LRUHhyEVmECH+ypg8urvoDCMPjQk
Ph0Kod5Q1g/35ML5lM4T9ScjbG6Lf+pKkObNxy3jni7zTJElsA==
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:50:30 2025 by rpki-client