Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99404275-57dd-4a36-8c29-529ab06d1d00.roa
File:                     99404275-57dd-4a36-8c29-529ab06d1d00.roa (raw, json)
Hash identifier:          mrS12n9mKRODRvGWl2nO4UPMT+Qv7ED0I/5iY0w9BMY=
Subject key identifier:   05:18:D4:A4:02:F4:87:31:86:92:B7:F8:0F:D8:FD:FE:0A:71:5E:3D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2028D94FCB9757524EF183D6A2E98EDCA51D7850
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99404275-57dd-4a36-8c29-529ab06d1d00.roa
Signing time:             Tue 20 May 2025 20:11:32 +0000
ROA not before:           Tue 20 May 2025 20:11:32 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d03a:b000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:28:d9:4f:cb:97:57:52:4e:f1:83:d6:a2:e9:8e:dc:a5:1d:78:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: May 20 20:11:32 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=e8629b0fb2fd194cc572b58556cf1dd4c3bf3cdcade8fe0ebbf608637b66c5b6, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b9:9b:da:db:f5:4b:e7:68:a2:29:51:d7:61:
                    59:44:cc:c8:83:b6:0c:2b:b6:13:87:6e:bd:14:9f:
                    31:ab:17:7c:17:ce:ba:3d:c6:72:f2:ab:c9:00:f3:
                    7b:57:cf:a8:1b:30:a6:ea:26:b7:d5:3b:ed:00:d1:
                    63:78:7c:83:08:e2:ee:40:94:51:12:90:95:b3:ed:
                    b1:b5:2c:55:91:43:9a:a5:4c:8e:0d:4c:b2:b1:c2:
                    d0:6e:ca:5f:06:63:ff:3e:26:aa:dc:6d:80:f8:61:
                    3a:f3:99:db:34:27:d9:e6:b1:7d:44:40:b2:59:71:
                    83:5a:3b:10:f8:0b:d0:19:c1:41:79:0f:61:a5:e9:
                    c2:c6:01:da:bd:bc:e6:45:25:fc:04:f5:e5:33:7f:
                    41:09:7c:48:e1:9b:6d:a4:3b:e0:e5:02:90:da:66:
                    12:bc:44:33:9d:d0:69:fd:d4:32:3b:78:70:bb:6f:
                    59:3e:52:14:24:20:c9:12:d6:bc:f1:85:83:22:37:
                    0d:ac:bc:dc:72:45:f2:56:fb:f3:01:8f:b4:a6:9b:
                    f0:b0:8f:5d:19:03:1d:66:68:cc:b1:a5:b1:14:aa:
                    4b:b6:12:b9:f7:8d:df:dd:47:c2:17:4c:8c:5d:01:
                    3c:32:92:42:af:46:19:60:25:1a:99:00:7e:e0:24:
                    91:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:18:D4:A4:02:F4:87:31:86:92:B7:F8:0F:D8:FD:FE:0A:71:5E:3D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99404275-57dd-4a36-8c29-529ab06d1d00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d03a:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         33:9f:12:64:7e:64:16:c2:f0:26:46:40:aa:4b:ac:29:3d:d6:
         dd:b8:14:f0:ac:7a:b9:ad:aa:ed:eb:38:6d:d9:73:c4:d3:85:
         be:ed:3c:c4:16:87:30:34:a0:ef:3a:72:72:ca:74:e9:27:55:
         c4:88:6e:2c:87:7b:ea:92:85:3d:51:da:d1:e4:ba:98:d8:92:
         4d:4d:8c:e7:f8:9c:b8:17:b4:5e:10:5a:75:c9:50:6a:b3:45:
         5d:16:4f:2c:80:19:48:8e:49:0e:b4:54:cc:5f:60:a0:b0:c8:
         11:85:4e:c0:2e:b7:08:25:14:7d:3e:09:04:67:5a:e0:0e:28:
         65:de:6b:d2:05:c5:1c:05:eb:06:8e:74:4d:11:01:53:8b:08:
         93:f4:33:68:76:84:31:ea:54:c0:44:1d:a0:8b:d0:3a:e4:4d:
         ca:9c:31:37:df:26:5a:41:82:40:e1:40:1e:a4:4a:25:f1:33:
         69:a7:b9:54:28:b5:bb:1c:a6:41:76:f4:8c:2b:16:cb:39:79:
         e4:68:54:77:d1:5b:6e:80:20:31:8d:ec:69:18:11:56:28:23:
         3e:d9:a2:5d:b2:e3:0f:25:e0:40:bc:4d:9b:f0:d4:49:39:ec:
         25:fa:9d:c7:66:50:1d:eb:88:3c:73:32:62:ae:f9:f6:cf:50:
         82:b0:cb:41
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUICjZT8uXV1JO8YPWoumO3KUdeFAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA1MjAyMDExMzJaFw0yNTA2MjQyMzU5NTlaMHoxSTBHBgNV
BAUTQGU4NjI5YjBmYjJmZDE5NGNjNTcyYjU4NTU2Y2YxZGQ0YzNiZjNjZGNhZGU4
ZmUwZWJiZjYwODYzN2I2NmM1YjYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMO5m9rb9UvnaKIpUddhWUTMyIO2DCu2E4duvRSfMasXfBfOuj3GcvKryQDz
e1fPqBswpuomt9U77QDRY3h8gwji7kCUURKQlbPtsbUsVZFDmqVMjg1MsrHC0G7K
XwZj/z4mqtxtgPhhOvOZ2zQn2eaxfURAsllxg1o7EPgL0BnBQXkPYaXpwsYB2r28
5kUl/AT15TN/QQl8SOGbbaQ74OUCkNpmErxEM53Qaf3UMjt4cLtvWT5SFCQgyRLW
vPGFgyI3Day83HJF8lb78wGPtKab8LCPXRkDHWZozLGlsRSqS7YSufeN391HwhdM
jF0BPDKSQq9GGWAlGpkAfuAkkRMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQFGNSk
AvSHMYaSt/gP2P3+CnFePTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTk0MDQyNzUtNTdkZC00YTM2LThjMjktNTI5YWIwNmQxZDAwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dqw
MA0GCSqGSIb3DQEBCwUAA4IBAQAznxJkfmQWwvAmRkCqS6wpPdbduBTwrHq5rart
6zht2XPE04W+7TzEFocwNKDvOnJyynTpJ1XEiG4sh3vqkoU9UdrR5LqY2JJNTYzn
+Jy4F7ReEFp1yVBqs0VdFk8sgBlIjkkOtFTMX2CgsMgRhU7ALrcIJRR9PgkEZ1rg
Dihl3mvSBcUcBesGjnRNEQFTiwiT9DNodoQx6lTARB2gi9A65E3KnDE33yZaQYJA
4UAepEol8TNpp7lUKLW7HKZBdvSMKxbLOXnkaFR30VtugCAxjexpGBFWKCM+2aJd
suMPJeBAvE2b8NRJOewl+p3HZlAd64g8czJirvn2z1CCsMtB
-----END CERTIFICATE-----
Generated at Sat Jun 14 23:17:37 2025 by rpki-client