Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04c34ea1-cddb-45aa-979f-bfe1fa0995af.roa
File:                     04c34ea1-cddb-45aa-979f-bfe1fa0995af.roa (raw, json)
Hash identifier:          OYIupjTAgg+BChF4M1nb66vLcsMfqARFLJHhOTq8HQQ=
Subject key identifier:   1E:CB:8D:E8:D7:9E:1E:79:FC:BA:7B:36:9F:C2:E4:D7:98:F0:F0:8F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5EEC9D0086C9321AD0556A0BB3402C8E561556F1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04c34ea1-cddb-45aa-979f-bfe1fa0995af.roa
Signing time:             Mon 31 Mar 2025 19:51:08 +0000
ROA not before:           Mon 31 Mar 2025 19:51:08 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:c000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:ec:9d:00:86:c9:32:1a:d0:55:6a:0b:b3:40:2c:8e:56:15:56:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:51:08 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:86:12:64:0a:d8:23:ba:3f:ee:64:09:c9:6a:
                    fc:86:53:45:55:fa:94:b3:68:b9:64:11:67:7f:86:
                    ed:5e:6e:f8:02:6d:1b:c4:d5:4b:d1:76:6d:8e:ca:
                    8f:13:04:90:c0:e1:13:96:d2:60:91:ec:c9:3f:f7:
                    05:28:fd:c9:71:36:5f:07:c0:5f:c8:43:20:3e:1b:
                    ff:e0:93:39:3e:1c:a3:e6:c3:05:8f:2d:84:ad:dd:
                    18:65:82:f8:90:80:ff:df:d4:52:7c:44:2c:d0:52:
                    18:cb:d9:1c:a2:7e:07:85:dd:2c:13:34:87:71:3b:
                    3a:90:3a:69:56:45:d1:cf:52:1b:46:65:5f:7c:c5:
                    20:a4:69:e3:d5:8a:b9:e8:09:da:a6:71:3b:a7:26:
                    af:61:3f:6e:86:70:f8:4b:85:b4:41:28:5e:d4:c1:
                    a6:9e:26:45:e5:0e:38:22:02:87:7a:08:f1:79:7f:
                    13:0a:dc:2b:a6:48:02:67:01:f9:73:9b:14:87:77:
                    4f:f9:3e:fa:ab:05:de:c6:7d:45:22:eb:c2:d9:88:
                    16:12:6e:3f:f4:d9:2f:0a:dc:6a:47:58:89:ca:b2:
                    26:9c:1a:9c:9a:f8:3d:fc:db:58:29:cd:4f:5b:55:
                    f7:50:b5:20:77:24:f4:77:dc:20:d4:26:d5:27:e4:
                    29:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:CB:8D:E8:D7:9E:1E:79:FC:BA:7B:36:9F:C2:E4:D7:98:F0:F0:8F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04c34ea1-cddb-45aa-979f-bfe1fa0995af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         89:7d:fe:26:6c:a3:5a:f5:fa:78:e9:45:0a:12:1b:e9:1c:21:
         67:ea:69:d5:d1:fd:86:fe:1d:2b:7f:84:74:e3:2b:1b:54:9a:
         42:c8:6f:4e:c5:84:4b:f4:68:4c:ef:cc:65:d7:30:8f:4f:12:
         79:50:0c:4b:cb:51:6b:d8:da:bb:b1:89:25:e2:c8:71:9a:cb:
         f7:e3:a7:60:3c:ec:6a:5a:4f:5c:74:0c:cc:5c:45:40:13:35:
         96:69:51:df:d5:65:86:75:6e:a4:33:94:eb:86:25:af:f7:85:
         dd:22:d0:96:6a:31:1a:aa:03:87:f4:e5:22:a1:9e:a5:85:23:
         7a:09:93:62:d5:41:25:52:ec:9c:55:73:07:2e:87:e2:a6:c3:
         84:c4:a5:62:5d:a6:5f:80:a6:42:be:a2:9f:44:11:10:2c:43:
         de:26:df:23:25:7a:71:91:0a:af:18:7a:1a:8f:39:02:1c:e3:
         6e:af:4c:01:c1:23:93:67:59:b5:c6:ee:0c:47:38:76:09:cd:
         7a:2c:bd:ed:96:46:f9:13:34:7a:21:98:82:53:ab:ab:87:37:
         5f:4f:bc:10:a2:1d:ca:51:06:a1:20:b4:33:b3:31:bd:44:1a:
         9a:a8:bc:ec:55:6d:32:12:35:2c:79:62:58:e1:6b:64:4c:43:
         64:2e:d6:c3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXuydAIbJMhrQVWoLs0AsjlYVVvEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTUxMDhaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGU5OGIwNjI3ZTI4NjZhNDM2NThiNDdiYjI4MTkzOWRjYzNiMWFkYjAxNDZk
YzEyYWE1YTQwZTJhMjFlM2FhYzMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKWGEmQK2CO6P+5kCclq/IZTRVX6lLNouWQRZ3+G7V5u+AJtG8TVS9F2bY7K
jxMEkMDhE5bSYJHsyT/3BSj9yXE2XwfAX8hDID4b/+CTOT4co+bDBY8thK3dGGWC
+JCA/9/UUnxELNBSGMvZHKJ+B4XdLBM0h3E7OpA6aVZF0c9SG0ZlX3zFIKRp49WK
uegJ2qZxO6cmr2E/boZw+EuFtEEoXtTBpp4mReUOOCICh3oI8Xl/EwrcK6ZIAmcB
+XObFId3T/k++qsF3sZ9RSLrwtmIFhJuP/TZLwrcakdYicqyJpwanJr4PfzbWCnN
T1tV91C1IHck9HfcINQm1SfkKSkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQey43o
154eefy6ezafwuTXmPDwjzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDRjMzRlYTEtY2RkYi00NWFhLTk3OWYtYmZlMWZhMDk5NWFmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DHA
MA0GCSqGSIb3DQEBCwUAA4IBAQCJff4mbKNa9fp46UUKEhvpHCFn6mnV0f2G/h0r
f4R04ysbVJpCyG9OxYRL9GhM78xl1zCPTxJ5UAxLy1Fr2Nq7sYkl4shxmsv346dg
POxqWk9cdAzMXEVAEzWWaVHf1WWGdW6kM5TrhiWv94XdItCWajEaqgOH9OUioZ6l
hSN6CZNi1UElUuycVXMHLofipsOExKViXaZfgKZCvqKfRBEQLEPeJt8jJXpxkQqv
GHoajzkCHONur0wBwSOTZ1m1xu4MRzh2Cc16LL3tlkb5EzR6IZiCU6urhzdfT7wQ
oh3KUQahILQzszG9RBqaqLzsVW0yEjUseWJY4WtkTENkLtbD
-----END CERTIFICATE-----