Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e875eadd-6478-4ac0-8792-06722aa80dd0.roa
File:                     e875eadd-6478-4ac0-8792-06722aa80dd0.roa (raw, json)
Hash identifier:          PuG85/kl2BUiu0AdA0KUajkWwv+5UkZu6oMuhSFGsUo=
Subject key identifier:   CB:41:52:F3:D0:E4:D9:AD:47:77:58:43:7A:73:09:5C:E2:F8:98:34
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6C8FFC734402BA0224CD296C91FD72426D5B39B8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e875eadd-6478-4ac0-8792-06722aa80dd0.roa
Signing time:             Fri 11 Jul 2025 18:50:13 +0000
ROA not before:           Fri 11 Jul 2025 18:50:13 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:20c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:8f:fc:73:44:02:ba:02:24:cd:29:6c:91:fd:72:42:6d:5b:39:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Jul 11 18:50:13 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=ebf11211f640f05caffd830fabe6c9f15f13cf2af9d233e6a0b0a497ab421e21, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:42:15:78:30:ca:12:be:c7:4a:13:4f:14:c1:
                    8f:9c:ce:36:ea:4d:d3:93:c1:35:51:ba:36:80:99:
                    25:ba:7c:6f:06:63:c1:ab:f4:e3:1c:5b:94:20:8c:
                    e3:f3:41:a0:5f:07:b8:e1:42:7a:0a:21:4d:f1:8b:
                    87:a3:08:a6:ba:86:e4:50:c4:be:3b:5e:fb:bd:84:
                    51:42:2a:cc:8b:a2:dc:41:78:be:b2:c6:94:4b:31:
                    e4:b7:54:70:5e:67:0d:bd:4c:2b:a7:e5:34:2f:46:
                    2b:5c:63:4a:88:0f:d9:b4:ca:ea:b0:27:f5:d6:b9:
                    f0:5e:e8:34:ca:75:69:cb:5f:b2:3f:8d:34:7e:f0:
                    ab:d4:3e:36:74:49:c0:bc:6a:74:c0:e3:23:f3:c0:
                    57:2c:ef:76:ca:29:07:90:8b:fe:28:aa:93:e2:6a:
                    03:83:e0:3e:83:71:57:4c:18:f3:c6:4a:66:e3:ce:
                    79:67:92:76:e6:59:88:9f:97:9b:24:61:cf:4c:e7:
                    8c:82:e1:76:f7:4a:42:9c:47:46:a6:73:4d:f1:32:
                    a8:88:fc:16:a6:52:7e:7b:f3:86:66:1f:5b:83:03:
                    f8:83:23:be:e6:c0:e3:77:14:10:b6:66:c5:0d:85:
                    8d:79:c0:30:f7:b5:27:f1:5b:19:78:18:fa:f6:4f:
                    0e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:41:52:F3:D0:E4:D9:AD:47:77:58:43:7A:73:09:5C:E2:F8:98:34
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e875eadd-6478-4ac0-8792-06722aa80dd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:20c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:c0:d3:0b:49:01:23:78:8d:32:e3:dc:18:61:b8:46:34:ac:
         0e:74:6e:e1:02:1d:42:b3:bb:3b:61:0d:89:29:17:b2:03:88:
         9a:c2:2e:17:19:0a:93:cc:50:8f:6a:ce:98:70:cd:99:0c:9a:
         c4:06:f1:9c:b1:02:e9:ea:af:0a:2a:48:80:2d:e0:90:24:d0:
         23:6b:0a:47:e1:74:1c:63:e6:a3:55:73:10:88:44:b8:12:65:
         50:44:92:8b:85:a3:6d:3d:59:e1:94:4e:1a:8d:88:a1:73:d7:
         b1:84:2c:7c:6e:d7:d2:34:2c:d4:b1:56:3b:64:1f:33:3e:1c:
         97:55:15:c7:96:77:06:ed:a1:aa:03:73:f8:d9:e6:84:31:4f:
         b4:e5:d6:1c:87:57:9e:19:c8:0d:c3:d6:dc:ed:ea:16:ed:bc:
         d8:7e:e2:3f:4d:78:f0:8d:7f:94:0b:ee:8a:28:29:90:ac:81:
         fc:cc:4c:c4:bf:1e:eb:f7:91:3e:2a:da:cb:9c:df:be:d6:e8:
         fd:76:9a:fd:cd:11:3f:95:90:d8:f4:13:85:ae:88:2f:af:d5:
         2d:e2:99:d6:86:4f:45:08:8f:ef:4a:51:a8:88:cd:0c:e8:78:
         74:95:44:d7:27:fc:28:97:3c:6b:a4:b3:51:a0:8d:64:08:6a:
         19:ad:4b:40
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUbI/8c0QCugIkzSlskf1yQm1bObgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MTExODUwMTNaFw0yNTA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQGViZjExMjExZjY0MGYwNWNhZmZkODMwZmFiZTZjOWYxNWYxM2NmMmFmOWQy
MzNlNmEwYjBhNDk3YWI0MjFlMjExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOpCFXgwyhK+x0oTTxTBj5zONupN05PBNVG6NoCZJbp8bwZjwav04xxblCCM
4/NBoF8HuOFCegohTfGLh6MIprqG5FDEvjte+72EUUIqzIui3EF4vrLGlEsx5LdU
cF5nDb1MK6flNC9GK1xjSogP2bTK6rAn9da58F7oNMp1actfsj+NNH7wq9Q+NnRJ
wLxqdMDjI/PAVyzvdsopB5CL/iiqk+JqA4PgPoNxV0wY88ZKZuPOeWeSduZZiJ+X
myRhz0znjILhdvdKQpxHRqZzTfEyqIj8FqZSfnvzhmYfW4MD+IMjvubA43cUELZm
xQ2FjXnAMPe1J/FbGXgY+vZPDh0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTLQVLz
0OTZrUd3WEN6cwlc4viYNDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTg3NWVhZGQtNjQ3OC00YWMwLTg3OTItMDY3MjJhYTgwZGQwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HIg
wDANBgkqhkiG9w0BAQsFAAOCAQEAI8DTC0kBI3iNMuPcGGG4RjSsDnRu4QIdQrO7
O2ENiSkXsgOImsIuFxkKk8xQj2rOmHDNmQyaxAbxnLEC6eqvCipIgC3gkCTQI2sK
R+F0HGPmo1VzEIhEuBJlUESSi4WjbT1Z4ZROGo2IoXPXsYQsfG7X0jQs1LFWO2Qf
Mz4cl1UVx5Z3Bu2hqgNz+NnmhDFPtOXWHIdXnhnIDcPW3O3qFu282H7iP0148I1/
lAvuiigpkKyB/MxMxL8e6/eRPiray5zfvtbo/Xaa/c0RP5WQ2PQTha6IL6/VLeKZ
1oZPRQiP70pRqIjNDOh4dJVE1yf8KJc8a6SzUaCNZAhqGa1LQA==
-----END CERTIFICATE-----
Generated at Wed Jul 23 03:55:53 2025 by rpki-client