Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d1f04e42-73c1-443a-82e2-623f7a02136a.roa
File:                     d1f04e42-73c1-443a-82e2-623f7a02136a.roa (raw, json)
Hash identifier:          Vp2pn/hCZjTRwvACpdiBAloiYkLnrfl4eJ1ZIx4Bq44=
Subject key identifier:   9B:84:F0:D8:3D:6D:71:76:7D:9B:C6:FC:6D:49:E6:2D:AF:B9:75:4D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1827CE3779097C027E6BBC54FAC9C1CD20A7DA01
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d1f04e42-73c1-443a-82e2-623f7a02136a.roa
Signing time:             Mon 07 Jul 2025 18:21:08 +0000
ROA not before:           Mon 07 Jul 2025 18:21:08 +0000
ROA not after:            Mon 11 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07b:800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:27:ce:37:79:09:7c:02:7e:6b:bc:54:fa:c9:c1:cd:20:a7:da:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Jul  7 18:21:08 2025 GMT
            Not After : Aug 11 23:59:59 2025 GMT
        Subject: serialNumber=a6acea98ae2b6442aaa2f5f1111fdd2173ea0a4b8fb4828b0c96724db42f6375, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:28:18:2b:45:f9:ed:e1:81:28:39:ac:31:e4:
                    a8:b3:6c:cd:f4:e2:5a:f7:41:5a:e9:d6:a8:e7:64:
                    d3:ea:26:f2:f4:12:38:20:2c:23:a2:62:32:97:fa:
                    26:4c:00:c2:a9:d1:00:52:62:dc:b7:67:41:5d:53:
                    4e:03:8c:91:82:a2:9f:70:54:77:a4:8c:39:63:54:
                    a9:fc:7b:73:33:72:6f:f5:e5:98:4b:62:8d:d2:20:
                    bd:ab:a5:0c:ec:ad:37:c3:8c:8d:3c:ea:07:f8:c7:
                    61:b9:b8:87:c3:19:e3:ea:7d:f5:e0:7b:89:b9:93:
                    c0:e8:09:02:6e:7b:c8:e1:15:4d:ad:6a:2a:12:b4:
                    37:c3:12:0f:f0:fb:97:47:85:0d:78:8c:55:65:ad:
                    61:30:e2:61:48:8c:5d:f5:3f:d8:27:84:8a:77:2c:
                    00:26:3c:76:a7:3f:ba:da:80:04:06:68:b8:d0:bf:
                    76:3d:33:82:87:64:0a:6a:22:5d:83:3d:0b:19:be:
                    3a:b4:75:ec:e9:36:f9:ec:5b:de:38:8e:5a:38:f1:
                    20:47:03:21:ac:09:b1:48:29:17:4c:23:cf:3e:57:
                    a3:5d:5b:b7:8b:b1:8e:5f:e5:7f:3c:f5:58:ce:5f:
                    3f:c6:64:6c:69:bd:2f:0f:7c:eb:a6:b5:b3:4e:80:
                    87:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:84:F0:D8:3D:6D:71:76:7D:9B:C6:FC:6D:49:E6:2D:AF:B9:75:4D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d1f04e42-73c1-443a-82e2-623f7a02136a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07b:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         81:2f:f3:1a:e0:b3:04:fb:93:03:64:ef:6a:2d:71:b5:37:ab:
         6d:b2:9c:d5:09:c8:0b:d8:5a:16:30:ef:63:fc:b2:91:98:c7:
         7a:aa:6c:11:d6:49:2d:4e:bb:f8:8e:f6:c6:7f:12:77:c6:07:
         9a:9a:ab:49:eb:a5:8c:7b:50:07:f0:fc:5a:76:b9:32:83:78:
         9e:82:6a:31:6b:97:ed:21:9f:97:09:80:8b:66:b4:66:1e:01:
         ac:f5:d6:5a:a8:8e:7d:c1:7f:3e:88:1f:c6:bc:28:e1:47:ba:
         9b:a9:c5:a8:bf:34:ae:ad:ba:43:ea:26:55:1b:1e:9f:5b:16:
         d4:37:51:9a:3d:4e:56:fc:99:f2:e2:31:73:b9:cf:bd:d4:e6:
         ab:56:5e:9c:7f:5d:29:7c:57:ef:9f:c2:31:90:af:98:07:0c:
         7c:49:e0:f4:25:be:27:80:5b:6d:4e:0b:e6:1c:b4:bd:42:bd:
         56:07:01:25:22:08:7b:3b:7f:01:ff:f3:d5:01:85:0b:7f:d5:
         c0:ad:1d:e7:d6:e0:7d:ff:3f:b2:cc:f7:9b:2a:57:a2:6a:23:
         36:44:3b:17:90:3d:7d:51:3e:1a:82:ac:84:da:bf:a1:13:ad:
         3a:ce:00:7e:aa:68:57:4a:ec:e0:4e:94:41:9b:b3:85:c9:37:
         d0:19:c8:e4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGCfON3kJfAJ+a7xU+snBzSCn2gEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MDcxODIxMDhaFw0yNTA4MTEyMzU5NTlaMHoxSTBHBgNV
BAUTQGE2YWNlYTk4YWUyYjY0NDJhYWEyZjVmMTExMWZkZDIxNzNlYTBhNGI4ZmI0
ODI4YjBjOTY3MjRkYjQyZjYzNzUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJAoGCtF+e3hgSg5rDHkqLNszfTiWvdBWunWqOdk0+om8vQSOCAsI6JiMpf6
JkwAwqnRAFJi3LdnQV1TTgOMkYKin3BUd6SMOWNUqfx7czNyb/XlmEtijdIgvaul
DOytN8OMjTzqB/jHYbm4h8MZ4+p99eB7ibmTwOgJAm57yOEVTa1qKhK0N8MSD/D7
l0eFDXiMVWWtYTDiYUiMXfU/2CeEincsACY8dqc/utqABAZouNC/dj0zgodkCmoi
XYM9Cxm+OrR17Ok2+exb3jiOWjjxIEcDIawJsUgpF0wjzz5Xo11bt4uxjl/lfzz1
WM5fP8ZkbGm9Lw9866a1s06Ah3MCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSbhPDY
PW1xdn2bxvxtSeYtr7l1TTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDFmMDRlNDItNzNjMS00NDNhLTgyZTItNjIzZjdhMDIxMzZhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HsI
MA0GCSqGSIb3DQEBCwUAA4IBAQCBL/Ma4LME+5MDZO9qLXG1N6ttspzVCcgL2FoW
MO9j/LKRmMd6qmwR1kktTrv4jvbGfxJ3xgeamqtJ66WMe1AH8Pxadrkyg3iegmox
a5ftIZ+XCYCLZrRmHgGs9dZaqI59wX8+iB/GvCjhR7qbqcWovzSurbpD6iZVGx6f
WxbUN1GaPU5W/Jny4jFzuc+91OarVl6cf10pfFfvn8IxkK+YBwx8SeD0Jb4ngFtt
TgvmHLS9Qr1WBwElIgh7O38B//PVAYULf9XArR3n1uB9/z+yzPebKleiaiM2RDsX
kD19UT4agqyE2r+hE606zgB+qmhXSuzgTpRBm7OFyTfQGcjk
-----END CERTIFICATE-----
Generated at Wed Jul 23 03:52:31 2025 by rpki-client