Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f231f7ae-7dbf-4dbb-8f7a-91b4103218aa.roa
File:                     f231f7ae-7dbf-4dbb-8f7a-91b4103218aa.roa (raw, json)
Hash identifier:          AK4SUar1p/EoMmTGjn9NoZ1heLcQjws7AjUr3QrzHSk=
Subject key identifier:   C4:1F:E0:7A:4C:36:B5:7B:19:70:B3:45:FC:CD:65:C4:48:29:98:BD
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       67ADCD28173C46704C60662C599968BA16EE1E95
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f231f7ae-7dbf-4dbb-8f7a-91b4103218aa.roa
Signing time:             Mon 07 Jul 2025 18:20:50 +0000
ROA not before:           Mon 07 Jul 2025 18:20:50 +0000
ROA not after:            Mon 11 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:8c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:ad:cd:28:17:3c:46:70:4c:60:66:2c:59:99:68:ba:16:ee:1e:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Jul  7 18:20:50 2025 GMT
            Not After : Aug 11 23:59:59 2025 GMT
        Subject: serialNumber=f7f22d6ffd2ed22926fbeea1997a258b7f810b2057074f544b04ea3ddf3d9eb5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ba:f5:99:57:dd:46:21:78:af:f0:ac:b9:3c:
                    33:c4:e5:87:86:af:f0:83:b8:f4:7a:e0:44:ff:90:
                    b9:83:7d:f9:84:e7:9a:a9:93:8c:e6:bc:de:8f:61:
                    b1:1f:6d:eb:6d:df:bd:1d:79:54:a2:26:2c:74:2a:
                    61:16:4b:46:8d:e5:c5:b3:db:6d:df:7c:5d:a4:90:
                    e1:c7:4e:fa:59:8b:8b:8f:da:35:49:e1:dd:d5:83:
                    f1:a5:ea:9f:6d:b9:71:cc:f2:1e:8f:5e:bc:08:67:
                    2f:1a:f2:98:c1:71:89:dc:5f:e5:bd:d9:af:70:60:
                    77:4d:21:87:b1:7b:91:c3:d2:f3:3b:9b:5c:ba:ca:
                    25:af:e4:3c:2d:de:24:9e:70:bc:02:90:e8:b1:5a:
                    4b:e7:93:34:db:e1:e1:86:e3:40:ab:ae:33:a9:e6:
                    c0:a4:f8:ab:a8:b2:90:92:b3:ab:d0:2c:bd:bb:eb:
                    7c:b2:01:8c:75:ae:d1:cc:38:68:fc:63:94:c0:9a:
                    5d:17:ae:2a:35:fd:3f:3d:04:bb:cd:a7:f8:c6:70:
                    be:ee:02:2b:2f:88:b5:d5:75:d0:11:f9:5e:74:ee:
                    bf:6e:76:f7:54:78:a9:8c:c3:5e:87:5d:c6:60:20:
                    5c:0a:69:18:c3:75:cf:e1:e2:ba:7e:ba:c3:51:93:
                    e0:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:1F:E0:7A:4C:36:B5:7B:19:70:B3:45:FC:CD:65:C4:48:29:98:BD
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f231f7ae-7dbf-4dbb-8f7a-91b4103218aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:8c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:fd:b4:1b:ae:64:b6:e9:c4:0f:19:2a:91:4c:59:83:7d:db:
         59:8f:da:f4:ed:d7:b0:cd:d9:c5:25:3f:c3:df:8e:78:b3:e7:
         b7:28:53:57:99:6f:a6:6c:f6:54:9a:95:8f:be:ce:35:a8:ca:
         6a:ab:24:35:bd:82:f7:10:ca:8a:b7:ba:b4:e7:57:ac:1d:5f:
         15:7f:1f:ce:16:3b:41:fe:81:f1:43:fa:21:ef:82:16:2a:c8:
         9b:91:95:5f:bb:f9:4b:7d:4c:80:dc:35:7e:b9:0f:76:c0:9c:
         83:71:da:76:54:35:c6:e5:62:ea:a8:97:82:0b:72:3f:84:19:
         38:e5:ce:5e:f1:c6:68:04:7c:d7:39:5b:73:c5:26:1c:9d:83:
         19:05:8a:06:45:1a:b6:85:b2:c3:61:5b:9a:b8:64:a7:4f:9e:
         21:3b:0c:28:ba:57:6e:09:9a:2f:aa:b6:fe:fa:c9:6a:05:0f:
         c4:c8:04:41:a3:32:fd:06:a8:a7:5f:e3:a2:07:d4:bf:08:7a:
         48:fb:20:d2:93:a7:00:e9:91:8c:2e:e1:6e:68:d6:ef:02:8f:
         35:9b:a9:73:be:64:a4:a3:fa:4a:38:61:39:26:ae:48:7d:ac:
         20:f6:e7:ea:ee:e7:16:ff:18:f0:92:8a:79:d2:be:38:f2:12:
         f5:f2:57:84
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUZ63NKBc8RnBMYGYsWZlouhbuHpUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA3MDcxODIwNTBaFw0yNTA4MTEyMzU5NTlaMHoxSTBHBgNV
BAUTQGY3ZjIyZDZmZmQyZWQyMjkyNmZiZWVhMTk5N2EyNThiN2Y4MTBiMjA1NzA3
NGY1NDRiMDRlYTNkZGYzZDllYjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM269ZlX3UYheK/wrLk8M8Tlh4av8IO49HrgRP+QuYN9+YTnmqmTjOa83o9h
sR9t623fvR15VKImLHQqYRZLRo3lxbPbbd98XaSQ4cdO+lmLi4/aNUnh3dWD8aXq
n225cczyHo9evAhnLxrymMFxidxf5b3Zr3Bgd00hh7F7kcPS8zubXLrKJa/kPC3e
JJ5wvAKQ6LFaS+eTNNvh4YbjQKuuM6nmwKT4q6iykJKzq9AsvbvrfLIBjHWu0cw4
aPxjlMCaXReuKjX9Pz0Eu82n+MZwvu4CKy+ItdV10BH5XnTuv25291R4qYzDXodd
xmAgXAppGMN1z+Hiun66w1GT4CsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTEH+B6
TDa1exlws0X8zWXESCmYvTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjIzMWY3YWUtN2RiZi00ZGJiLThmN2EtOTFiNDEwMzIxOGFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HII
wDANBgkqhkiG9w0BAQsFAAOCAQEApP20G65ktunEDxkqkUxZg33bWY/a9O3XsM3Z
xSU/w9+OeLPntyhTV5lvpmz2VJqVj77ONajKaqskNb2C9xDKire6tOdXrB1fFX8f
zhY7Qf6B8UP6Ie+CFirIm5GVX7v5S31MgNw1frkPdsCcg3HadlQ1xuVi6qiXggty
P4QZOOXOXvHGaAR81zlbc8UmHJ2DGQWKBkUatoWyw2Fbmrhkp0+eITsMKLpXbgma
L6q2/vrJagUPxMgEQaMy/Qaop1/jogfUvwh6SPsg0pOnAOmRjC7hbmjW7wKPNZup
c75kpKP6SjhhOSauSH2sIPbn6u7nFv8Y8JKKedK+OPIS9fJXhA==
-----END CERTIFICATE-----
Generated at Wed Jul 23 03:57:56 2025 by rpki-client