Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cf78b714-ce6c-4a9d-a72e-d30a3470f002.roa
File:                     cf78b714-ce6c-4a9d-a72e-d30a3470f002.roa (raw, json)
Hash identifier:          uZMB8vzkbWdqtucC8qzcGA66EEHPdEhHiBYgIA73XJM=
Subject key identifier:   E1:6D:AE:D5:C7:44:FB:A5:4E:69:CD:2D:36:F9:8C:8F:82:20:C2:A1
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1D2E55820763788A04E252CF7424F4EF311CBD7D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cf78b714-ce6c-4a9d-a72e-d30a3470f002.roa
Signing time:             Fri 04 Jul 2025 18:30:11 +0000
ROA not before:           Fri 04 Jul 2025 18:30:11 +0000
ROA not after:            Fri 08 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d076:5000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:2e:55:82:07:63:78:8a:04:e2:52:cf:74:24:f4:ef:31:1c:bd:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Jul  4 18:30:11 2025 GMT
            Not After : Aug  8 23:59:59 2025 GMT
        Subject: serialNumber=80b6f124806d93e648b5c6504d67fb62316bc232b52fc86603b90ee9c4d80771, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:13:02:25:ff:d2:f1:69:d6:80:1b:7e:db:56:
                    ee:7d:43:98:9b:2b:a3:96:6d:b2:00:bf:b4:72:51:
                    3e:4f:41:2f:69:bf:62:ac:ae:40:7e:13:38:e5:5e:
                    ab:02:21:8e:d2:71:6f:c8:b5:26:28:0c:44:6d:68:
                    ea:53:7e:79:01:e5:74:e0:93:16:26:3a:c7:fb:a4:
                    1c:58:6b:3c:51:55:ed:f7:a9:e8:51:f2:76:93:be:
                    c1:73:6f:bc:32:5d:4a:66:98:c7:c6:6c:09:64:22:
                    fc:dd:d2:a0:6a:30:03:cf:19:ab:b7:1c:32:97:16:
                    b4:95:dc:5f:4a:67:9d:c8:4e:a2:19:e0:27:c6:54:
                    0f:11:59:4e:16:3d:04:f8:0e:07:4e:20:b6:7b:42:
                    65:b6:0c:4c:23:26:5a:a9:70:66:52:5f:53:b4:51:
                    60:70:e3:7f:88:37:23:39:02:2e:e5:6d:1c:36:05:
                    8e:43:ed:f9:e4:2f:89:de:28:96:0a:04:39:4e:38:
                    92:f7:40:7e:5a:74:08:ff:c6:31:94:79:0f:f5:6c:
                    de:d4:ee:0c:26:2a:51:2a:35:52:c5:a1:b3:01:62:
                    45:e0:a9:72:82:b2:90:8d:3c:31:b1:97:e9:12:6e:
                    3f:9b:ef:b1:62:95:9f:54:66:14:d6:08:7f:a4:5e:
                    f0:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:6D:AE:D5:C7:44:FB:A5:4E:69:CD:2D:36:F9:8C:8F:82:20:C2:A1
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cf78b714-ce6c-4a9d-a72e-d30a3470f002.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d076:5000::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:dc:0d:bc:89:68:5f:41:bc:aa:dd:dc:0d:c5:91:0c:e0:22:
         b4:4e:e2:a2:25:bd:82:33:ce:a5:89:d3:9e:fd:91:44:41:8e:
         0e:c3:d2:f0:64:d4:4b:03:8c:e6:e7:fb:a2:cd:57:4c:f5:a2:
         20:6d:9e:c3:1f:ee:6c:6d:fc:62:95:26:5a:12:eb:18:1a:38:
         b4:b6:c4:81:7c:dd:b7:7f:76:2a:47:2f:7b:38:5e:96:ac:87:
         cc:9e:bd:40:82:6e:5b:0f:74:4d:23:f0:27:7b:7f:a2:51:c8:
         e3:1c:aa:cf:c4:ed:d0:0b:c1:f0:62:66:d5:ec:f3:7f:c6:3d:
         ea:be:6e:7b:cf:63:ad:24:7a:76:20:90:1f:5b:8a:e0:74:74:
         02:a8:67:95:b4:10:90:ae:fe:a4:4f:f0:5e:a4:78:55:f9:1c:
         7d:3c:37:a8:44:f9:d1:ee:cd:7f:4e:19:b9:2b:c1:d5:09:96:
         98:68:ee:38:85:ae:69:1b:a1:89:70:b7:4a:34:28:dc:26:ec:
         7e:50:9c:61:1a:34:07:13:37:77:49:44:58:6a:a6:50:18:5c:
         18:16:1b:e6:2f:16:98:2c:62:2d:1e:94:cc:52:00:47:b3:57:
         99:05:79:6e:2a:79:bf:24:59:b7:30:81:09:94:92:29:c6:91:
         b0:5c:9e:0d
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUHS5VggdjeIoE4lLPdCT07zEcvX0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MDQxODMwMTFaFw0yNTA4MDgyMzU5NTlaMHoxSTBHBgNV
BAUTQDgwYjZmMTI0ODA2ZDkzZTY0OGI1YzY1MDRkNjdmYjYyMzE2YmMyMzJiNTJm
Yzg2NjAzYjkwZWU5YzRkODA3NzExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALcTAiX/0vFp1oAbfttW7n1DmJsro5ZtsgC/tHJRPk9BL2m/YqyuQH4TOOVe
qwIhjtJxb8i1JigMRG1o6lN+eQHldOCTFiY6x/ukHFhrPFFV7fep6FHydpO+wXNv
vDJdSmaYx8ZsCWQi/N3SoGowA88Zq7ccMpcWtJXcX0pnnchOohngJ8ZUDxFZThY9
BPgOB04gtntCZbYMTCMmWqlwZlJfU7RRYHDjf4g3IzkCLuVtHDYFjkPt+eQvid4o
lgoEOU44kvdAflp0CP/GMZR5D/Vs3tTuDCYqUSo1UsWhswFiReCpcoKykI08MbGX
6RJuP5vvsWKVn1RmFNYIf6Re8KcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBThba7V
x0T7pU5pzS02+YyPgiDCoTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2Y3OGI3MTQtY2U2Yy00YTlkLWE3MmUtZDMwYTM0NzBmMDAyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HZQ
ADANBgkqhkiG9w0BAQsFAAOCAQEAPtwNvIloX0G8qt3cDcWRDOAitE7ioiW9gjPO
pYnTnv2RREGODsPS8GTUSwOM5uf7os1XTPWiIG2ewx/ubG38YpUmWhLrGBo4tLbE
gXzdt392KkcvezhelqyHzJ69QIJuWw90TSPwJ3t/olHI4xyqz8Tt0AvB8GJm1ezz
f8Y96r5ue89jrSR6diCQH1uK4HR0AqhnlbQQkK7+pE/wXqR4VfkcfTw3qET50e7N
f04ZuSvB1QmWmGjuOIWuaRuhiXC3SjQo3CbsflCcYRo0BxM3d0lEWGqmUBhcGBYb
5i8WmCxiLR6UzFIAR7NXmQV5bip5vyRZtzCBCZSSKcaRsFyeDQ==
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:50:30 2025 by rpki-client