Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0cadec3e-a35e-4321-b172-825de7a521d7.roa
File:                     0cadec3e-a35e-4321-b172-825de7a521d7.roa (raw, json)
Hash identifier:          ibb8MhltxQfizkhrBZ5ehmk2sU8kC35VWfd961+pdfw=
Subject key identifier:   41:E7:A6:29:50:CB:55:58:C7:39:76:96:CA:A2:90:4A:85:29:C6:8D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7EEBCEEA784B21FF90CCE396C0FE5D7E44C4D014
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0cadec3e-a35e-4321-b172-825de7a521d7.roa
Signing time:             Mon 31 Mar 2025 19:20:19 +0000
ROA not before:           Mon 31 Mar 2025 19:20:19 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:90c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:eb:ce:ea:78:4b:21:ff:90:cc:e3:96:c0:fe:5d:7e:44:c4:d0:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:20:19 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:73:97:0e:89:71:c0:03:5d:d3:e2:5b:f6:f5:
                    71:7c:78:4a:6a:fd:69:b1:08:af:26:4e:93:fc:9a:
                    2a:46:aa:e5:65:ed:36:7c:b5:6d:f6:e9:7a:37:ea:
                    9b:83:e3:00:a0:44:51:f6:b5:84:9b:6f:68:a4:5c:
                    0f:6c:0e:12:44:74:1d:14:88:cc:5e:8b:bf:58:55:
                    ee:42:a9:29:c7:c8:53:ed:30:6b:e7:99:b3:9e:f8:
                    56:15:04:59:ed:37:22:06:85:83:f0:9f:ee:82:e8:
                    0b:f3:3a:db:25:14:9f:78:57:1d:3a:0e:67:e8:29:
                    21:c1:9a:41:87:30:74:21:2a:81:85:fa:a0:25:35:
                    16:bf:07:9d:6c:e7:83:59:55:3c:ff:5b:ed:c9:9f:
                    52:f0:b8:2a:68:3a:dc:56:65:75:85:9d:4a:08:9b:
                    74:5f:81:ef:1a:ae:71:47:6f:8a:31:c0:b0:5b:d1:
                    1d:7c:e1:af:dd:1d:99:be:15:46:2b:52:58:34:7f:
                    75:14:08:98:25:02:46:8a:0d:b2:ea:28:9c:4b:6b:
                    35:58:12:94:da:65:0d:45:39:7b:bd:02:b8:f5:ea:
                    c6:59:e9:62:aa:9f:d8:f2:9d:27:d7:f4:5a:92:fa:
                    76:4a:0d:3c:c2:99:89:13:56:0d:8c:48:95:79:49:
                    91:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:E7:A6:29:50:CB:55:58:C7:39:76:96:CA:A2:90:4A:85:29:C6:8D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0cadec3e-a35e-4321-b172-825de7a521d7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:90c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:e5:41:a3:e8:35:25:3e:85:de:59:56:bd:c6:07:59:f8:34:
         15:be:41:a8:30:f4:e5:db:3c:28:12:bb:77:9b:f2:b7:04:3f:
         b8:1b:ee:ed:c6:86:d7:2f:4c:7d:57:64:53:79:fa:b9:37:8f:
         f5:8d:49:97:99:d1:14:47:00:24:d2:ad:2d:99:fc:12:28:46:
         fd:3f:aa:98:e2:eb:77:e7:e1:ba:a0:5b:a9:11:43:18:85:12:
         09:ab:74:99:b0:93:22:f0:17:dc:30:76:d9:1b:e5:5c:6b:09:
         6b:2a:5d:92:b3:fe:ea:e8:08:50:19:93:42:e3:cc:b1:4b:2d:
         e7:91:5a:12:a9:7b:b8:2f:96:f8:a6:5e:98:5d:54:74:db:07:
         84:e3:ba:32:d6:5b:d1:c7:58:24:02:32:af:68:f8:34:50:ed:
         1e:76:e6:f9:af:91:c5:30:d0:0f:a2:60:9e:15:0b:4d:1a:b2:
         ff:76:21:bb:3f:e3:0e:23:49:99:d7:82:57:6d:a1:80:5c:62:
         dc:dd:f0:7e:e6:f0:97:c9:88:f5:d3:bc:aa:85:f5:55:69:df:
         c6:b6:0e:f4:74:53:8e:6b:d4:c4:05:b2:97:6a:61:12:9e:a1:
         c9:0d:45:92:cc:54:4d:45:24:c0:37:2a:cf:d9:2f:50:ed:9b:
         5a:ef:8f:b9
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUfuvO6nhLIf+QzOOWwP5dfkTE0BQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTIwMTlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQwNWQ2MjVlYWM4ZDJhNmQ5Zjc0NzIwMWI0NGFkNjMyZjRkNDE1ZGVkNjI1
ZjUyZjczMzlhZTAwOTIyOWU1ZmYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM1zlw6JccADXdPiW/b1cXx4Smr9abEIryZOk/yaKkaq5WXtNny1bfbpejfq
m4PjAKBEUfa1hJtvaKRcD2wOEkR0HRSIzF6Lv1hV7kKpKcfIU+0wa+eZs574VhUE
We03IgaFg/Cf7oLoC/M62yUUn3hXHToOZ+gpIcGaQYcwdCEqgYX6oCU1Fr8HnWzn
g1lVPP9b7cmfUvC4Kmg63FZldYWdSgibdF+B7xqucUdvijHAsFvRHXzhr90dmb4V
RitSWDR/dRQImCUCRooNsuoonEtrNVgSlNplDUU5e70CuPXqxlnpYqqf2PKdJ9f0
WpL6dkoNPMKZiRNWDYxIlXlJkfMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRB56Yp
UMtVWMc5dpbKopBKhSnGjTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGNhZGVjM2UtYTM1ZS00MzIxLWIxNzItODI1ZGU3YTUyMWQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DGQ
wDANBgkqhkiG9w0BAQsFAAOCAQEAquVBo+g1JT6F3llWvcYHWfg0Fb5BqDD05ds8
KBK7d5vytwQ/uBvu7caG1y9MfVdkU3n6uTeP9Y1Jl5nRFEcAJNKtLZn8EihG/T+q
mOLrd+fhuqBbqRFDGIUSCat0mbCTIvAX3DB22RvlXGsJaypdkrP+6ugIUBmTQuPM
sUst55FaEql7uC+W+KZemF1UdNsHhOO6MtZb0cdYJAIyr2j4NFDtHnbm+a+RxTDQ
D6JgnhULTRqy/3Yhuz/jDiNJmdeCV22hgFxi3N3wfubwl8mI9dO8qoX1VWnfxrYO
9HRTjmvUxAWyl2phEp6hyQ1FksxUTUUkwDcqz9kvUO2bWu+PuQ==
-----END CERTIFICATE-----