Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04a64076-9adb-4301-817c-2be1c1e1d57e.roa
File:                     04a64076-9adb-4301-817c-2be1c1e1d57e.roa (raw, json)
Hash identifier:          Bs7KCHFPTbv6rEl0Ol8BjKvdWsRCnbpBSKxXJk9m4II=
Subject key identifier:   6D:DF:98:D8:3F:6C:BD:CD:B7:36:31:7B:BF:E6:73:05:E9:2C:94:E8
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       505BE7EEB81A6D40240B5A82BE5867681BABCFAA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04a64076-9adb-4301-817c-2be1c1e1d57e.roa
Signing time:             Wed 26 Mar 2025 19:37:05 +0000
ROA not before:           Wed 26 Mar 2025 19:37:05 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d071:800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:5b:e7:ee:b8:1a:6d:40:24:0b:5a:82:be:58:67:68:1b:ab:cf:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 26 19:37:05 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:eb:9a:5e:b6:9d:14:b7:78:5b:18:7e:07:82:
                    0f:39:be:e1:46:15:19:1a:ac:2b:1d:08:77:8a:c4:
                    b4:ab:c9:9f:d0:73:00:60:f1:d1:79:c7:c0:87:09:
                    a4:91:23:ef:e6:06:b4:25:20:b3:3f:26:20:0a:f0:
                    15:9c:85:f0:be:cf:70:ca:66:3d:3a:37:8f:25:9e:
                    1d:4e:a3:e3:4f:e1:c4:fd:aa:96:3a:89:bb:80:92:
                    80:ff:b2:76:d3:16:75:fc:dc:00:d5:ed:cc:c8:53:
                    1f:b8:bc:f6:c4:77:d3:e5:4d:70:68:db:cd:65:04:
                    c5:3b:ef:9d:18:20:bb:7b:8f:0c:9f:b0:67:1b:f1:
                    ae:a7:94:61:a6:07:15:ee:d9:6a:44:d5:01:af:0a:
                    54:21:3f:47:01:8c:89:ac:fa:c2:bd:ba:44:df:5b:
                    fc:49:ff:2c:8b:58:71:c6:20:9c:31:5f:0e:62:2c:
                    f0:68:29:56:39:9c:de:02:36:4d:83:98:66:e6:a4:
                    83:37:8b:4f:40:11:f7:4d:1b:5d:c2:12:de:55:29:
                    76:be:6d:d5:b3:c5:f5:2a:96:8d:22:e2:85:62:7e:
                    93:2c:33:dd:e1:c5:9b:53:a3:19:5d:32:60:71:44:
                    78:04:f7:45:46:5b:8d:ef:e8:ff:d5:8f:4a:59:95:
                    06:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:DF:98:D8:3F:6C:BD:CD:B7:36:31:7B:BF:E6:73:05:E9:2C:94:E8
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04a64076-9adb-4301-817c-2be1c1e1d57e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d071:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         2e:1c:68:5e:f2:a3:2f:0d:51:1c:a2:62:68:aa:fa:2e:38:99:
         9c:ff:40:65:3a:92:6b:ed:88:f1:78:5f:3d:85:a4:cf:4f:e3:
         33:a0:18:d6:7f:a8:aa:2f:98:10:2d:42:30:31:b2:b2:3a:cd:
         32:c0:0b:0a:c9:8b:e7:a7:0d:21:2d:cc:0d:d9:8b:33:c8:30:
         4a:7d:aa:48:30:a2:18:14:8d:76:6e:2c:a5:6f:e9:e3:4e:54:
         42:9f:a4:a4:16:72:c3:8f:cf:8b:08:a1:55:9e:cc:21:75:ef:
         ea:bf:63:96:1d:36:a6:8b:9e:92:02:75:b8:cd:13:64:6e:75:
         2c:b9:bf:ae:1d:c7:6b:43:d5:e2:2d:c3:84:03:48:2c:c5:71:
         d6:2d:70:a6:71:bf:f4:af:17:c1:2d:d5:84:8d:8d:60:cd:c9:
         b8:d3:bb:b1:44:67:4c:5c:0c:c8:f4:1d:b5:e4:f2:41:60:38:
         1d:5f:46:bd:81:31:ff:f4:b6:63:64:39:6d:88:41:ab:6c:7b:
         d0:62:e2:b0:b3:68:02:b5:d7:c6:12:9c:3c:6d:5a:88:5a:57:
         5b:29:24:c0:56:ca:e7:1f:c5:0c:9a:91:ec:bf:a2:d4:e5:c4:
         7d:30:4d:81:cd:ee:35:f1:b6:af:5e:18:91:ed:1b:71:06:c7:
         7b:2f:c2:15
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUFvn7rgabUAkC1qCvlhnaBurz6owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjYxOTM3MDVaFw0yNTA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDAxYWFjYjc2OTlmZTUzZDAyNWQ4NDc4NjY3MmVkZGVkZmU5ZWQ3YWY3Y2Uw
YWIzYmZlMmZkYWVlYzUxOWVlOTIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPLrml62nRS3eFsYfgeCDzm+4UYVGRqsKx0Id4rEtKvJn9BzAGDx0XnHwIcJ
pJEj7+YGtCUgsz8mIArwFZyF8L7PcMpmPTo3jyWeHU6j40/hxP2qljqJu4CSgP+y
dtMWdfzcANXtzMhTH7i89sR30+VNcGjbzWUExTvvnRggu3uPDJ+wZxvxrqeUYaYH
Fe7ZakTVAa8KVCE/RwGMiaz6wr26RN9b/En/LItYccYgnDFfDmIs8GgpVjmc3gI2
TYOYZuakgzeLT0AR900bXcIS3lUpdr5t1bPF9SqWjSLihWJ+kywz3eHFm1OjGV0y
YHFEeAT3RUZbje/o/9WPSlmVBisCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRt35jY
P2y9zbc2MXu/5nMF6SyU6DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDRhNjQwNzYtOWFkYi00MzAxLTgxN2MtMmJlMWMxZTFkNTdlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HEI
MA0GCSqGSIb3DQEBCwUAA4IBAQAuHGhe8qMvDVEcomJoqvouOJmc/0BlOpJr7Yjx
eF89haTPT+MzoBjWf6iqL5gQLUIwMbKyOs0ywAsKyYvnpw0hLcwN2YszyDBKfapI
MKIYFI12biylb+njTlRCn6SkFnLDj8+LCKFVnswhde/qv2OWHTami56SAnW4zRNk
bnUsub+uHcdrQ9XiLcOEA0gsxXHWLXCmcb/0rxfBLdWEjY1gzcm407uxRGdMXAzI
9B215PJBYDgdX0a9gTH/9LZjZDltiEGrbHvQYuKws2gCtdfGEpw8bVqIWldbKSTA
VsrnH8UMmpHsv6LU5cR9ME2Bze418bavXhiR7RtxBsd7L8IV
-----END CERTIFICATE-----