Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a732efb-e23f-49a4-ad51-1a43431e07c9.roa
File:                     9a732efb-e23f-49a4-ad51-1a43431e07c9.roa (raw, json)
Hash identifier:          F+4h/fI9GK1q5kRQ4n/80/SFAuSSGc87PAi+HNz+UMc=
Subject key identifier:   A9:DB:13:DB:63:37:5B:70:86:28:83:88:29:0B:D6:40:D9:4B:4D:F7
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       04C7CC14105A14E80E469F8B26DB6149CC60475B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a732efb-e23f-49a4-ad51-1a43431e07c9.roa
Signing time:             Mon 16 Jun 2025 21:31:26 +0000
ROA not before:           Mon 16 Jun 2025 21:31:26 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d034:9000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:c7:cc:14:10:5a:14:e8:0e:46:9f:8b:26:db:61:49:cc:60:47:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Jun 16 21:31:26 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=cf71e0356712f70b4ff1ea5f62112febf74edd626cd2e6700ac457eabed9b5ce, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:68:88:48:b2:85:c2:c5:dd:ef:ad:b9:33:18:
                    0f:32:de:31:fb:5a:64:cf:8b:72:24:b7:9b:52:3b:
                    2e:56:d3:6d:61:96:68:79:8e:00:23:44:2d:49:a8:
                    4a:eb:23:ff:bd:a3:10:91:a4:06:b3:f3:f8:27:da:
                    9b:ea:59:a7:d9:3d:59:2f:85:1e:fd:a5:8a:6e:51:
                    13:87:d6:1e:a0:7f:69:a9:56:e8:78:01:b7:d9:78:
                    82:7a:36:b5:2a:03:ce:83:c7:3d:b2:6f:1b:fa:1e:
                    8f:5c:73:c6:67:cb:33:25:9d:2d:ff:18:46:91:35:
                    20:0a:ae:2a:44:37:84:ca:ee:f8:8b:be:62:db:6a:
                    9d:fd:3f:6e:30:c9:3e:9d:61:5d:93:ee:17:55:79:
                    4c:88:1f:29:0d:95:13:0c:3c:56:70:ac:89:39:f4:
                    a7:00:e3:b6:64:c6:d3:d7:9d:52:29:52:90:fd:bb:
                    58:50:1f:b0:78:49:d4:4f:3b:97:11:84:69:de:b7:
                    b2:b4:d9:ce:e1:95:90:da:fe:c7:a6:34:3f:9f:9a:
                    6d:1a:53:f2:a4:6b:b4:99:84:d8:56:4b:23:2a:8b:
                    77:12:75:8f:21:79:44:c5:8f:c3:d6:e6:09:82:87:
                    7a:95:d7:0b:86:8d:d5:7a:fa:ef:14:8c:81:c2:f5:
                    32:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:DB:13:DB:63:37:5B:70:86:28:83:88:29:0B:D6:40:D9:4B:4D:F7
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a732efb-e23f-49a4-ad51-1a43431e07c9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d034:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         6b:df:13:6e:4b:58:1e:91:1e:51:2c:fd:e8:13:11:95:5a:9d:
         88:09:12:02:0f:73:99:7a:a0:0a:49:80:ff:e5:62:e3:10:2f:
         70:10:bf:b0:95:73:a1:0f:c2:db:60:a5:03:7f:09:27:12:8d:
         cc:f4:5d:46:b0:f3:b5:ee:97:72:cd:e2:fe:8a:ac:9a:91:f8:
         dc:d1:9c:51:df:84:87:d8:4c:36:79:80:4a:4a:e4:41:bd:ef:
         f2:1f:24:c2:d7:66:90:03:a5:a6:5c:08:af:20:80:0b:ae:25:
         0c:6d:4a:be:76:8f:55:94:1b:0c:84:58:c9:a4:90:be:7f:94:
         76:53:7a:7a:ce:81:6d:fd:44:48:8f:bd:85:2b:2f:b6:2d:31:
         e6:c6:91:b4:1c:b4:1b:28:c1:fb:15:b0:a8:e4:5d:44:65:3d:
         7d:64:9f:28:b3:07:cb:32:fc:38:18:1f:3e:21:95:f6:5d:5f:
         07:69:99:e2:d2:12:f9:b0:1f:c2:53:2a:33:5e:10:d7:93:eb:
         8b:e4:37:63:b6:48:ca:92:83:0e:c0:3e:2a:d7:d1:ef:1a:86:
         94:80:ba:32:5b:ee:d8:bc:d8:e5:61:84:7f:c2:8f:7e:a4:f3:
         70:01:50:c2:8a:00:7d:1b:4e:43:1a:cb:72:5e:6a:66:aa:7d:
         82:b9:fa:4e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBMfMFBBaFOgORp+LJtthScxgR1swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA2MTYyMTMxMjZaFw0yNTA3MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGNmNzFlMDM1NjcxMmY3MGI0ZmYxZWE1ZjYyMTEyZmViZjc0ZWRkNjI2Y2Qy
ZTY3MDBhYzQ1N2VhYmVkOWI1Y2UxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO5oiEiyhcLF3e+tuTMYDzLeMftaZM+LciS3m1I7LlbTbWGWaHmOACNELUmo
Susj/72jEJGkBrPz+Cfam+pZp9k9WS+FHv2lim5RE4fWHqB/aalW6HgBt9l4gno2
tSoDzoPHPbJvG/oej1xzxmfLMyWdLf8YRpE1IAquKkQ3hMru+Iu+Yttqnf0/bjDJ
Pp1hXZPuF1V5TIgfKQ2VEww8VnCsiTn0pwDjtmTG09edUilSkP27WFAfsHhJ1E87
lxGEad63srTZzuGVkNr+x6Y0P5+abRpT8qRrtJmE2FZLIyqLdxJ1jyF5RMWPw9bm
CYKHepXXC4aN1Xr67xSMgcL1MpMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSp2xPb
YzdbcIYog4gpC9ZA2UtN9zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWE3MzJlZmItZTIzZi00OWE0LWFkNTEtMWE0MzQzMWUwN2M5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DSQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBr3xNuS1gekR5RLP3oExGVWp2ICRICD3OZeqAK
SYD/5WLjEC9wEL+wlXOhD8LbYKUDfwknEo3M9F1GsPO17pdyzeL+iqyakfjc0ZxR
34SH2Ew2eYBKSuRBve/yHyTC12aQA6WmXAivIIALriUMbUq+do9VlBsMhFjJpJC+
f5R2U3p6zoFt/URIj72FKy+2LTHmxpG0HLQbKMH7FbCo5F1EZT19ZJ8oswfLMvw4
GB8+IZX2XV8HaZni0hL5sB/CUyozXhDXk+uL5DdjtkjKkoMOwD4q19HvGoaUgLoy
W+7YvNjlYYR/wo9+pPNwAVDCigB9G05DGstyXmpmqn2CufpO
-----END CERTIFICATE-----
Generated at Tue Jul 1 22:52:25 2025 by rpki-client