Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/11c150fc-dcb5-402c-9bf0-5a46c2b58d35.roa
File:                     11c150fc-dcb5-402c-9bf0-5a46c2b58d35.roa (raw, json)
Hash identifier:          DcDrDyiAyCP4QBMZ7EsBfSQaTbXM9ctmWPg9YKgOcLM=
Subject key identifier:   DB:F0:FD:82:AE:56:F5:56:1B:F8:97:3E:B7:AF:F0:EC:D2:64:B3:F3
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3D68033DD3E10CBB9B465E285CF94A633608AF98
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/11c150fc-dcb5-402c-9bf0-5a46c2b58d35.roa
Signing time:             Mon 31 Mar 2025 21:20:11 +0000
ROA not before:           Mon 31 Mar 2025 21:20:11 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d01b:800::/37 maxlen: 37
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:68:03:3d:d3:e1:0c:bb:9b:46:5e:28:5c:f9:4a:63:36:08:af:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:20:11 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b0:4b:64:08:da:af:79:25:60:3d:52:81:84:
                    9e:90:b8:33:1e:14:b6:20:33:d3:7c:5e:34:97:ab:
                    f1:bf:cf:73:9f:1d:fc:0d:89:f5:38:f6:87:54:a7:
                    6a:97:08:df:4a:c4:f3:5f:27:f8:ac:2f:51:5a:bf:
                    c2:f5:6f:18:15:28:67:d2:75:db:7a:5b:6c:e9:b1:
                    bb:b6:54:39:22:74:e7:9d:0d:83:23:94:f6:f3:13:
                    65:08:6d:39:18:e9:7d:bc:96:f1:e6:15:4d:ea:35:
                    eb:c9:1b:38:57:8d:a0:9d:32:e7:bb:ff:2c:28:19:
                    3a:a4:c5:7a:7b:14:c0:89:13:f0:eb:48:bd:a5:88:
                    c4:12:c8:36:c1:53:d4:29:a9:0b:e3:ea:8f:84:23:
                    39:db:93:9c:dc:18:d2:75:ae:22:12:d8:03:82:a6:
                    1e:b6:ca:86:5a:96:0b:90:62:1c:a6:cf:ce:1d:55:
                    1c:51:87:46:28:f7:63:ab:3a:e6:af:fe:f2:f7:2c:
                    d6:c2:b6:45:f1:a2:8c:07:2b:10:c7:93:03:32:d1:
                    0e:6e:f4:f0:b6:3a:6d:05:93:fd:fb:ec:fb:8f:c6:
                    cb:3c:13:2d:36:c6:9b:d1:2b:31:61:b1:aa:ad:76:
                    02:0f:8e:50:c3:a0:9b:40:95:90:61:57:9d:94:30:
                    b3:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F0:FD:82:AE:56:F5:56:1B:F8:97:3E:B7:AF:F0:EC:D2:64:B3:F3
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/11c150fc-dcb5-402c-9bf0-5a46c2b58d35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d01b:800::/37

    Signature Algorithm: sha256WithRSAEncryption
         a4:24:4c:0b:c2:1c:56:ea:9f:ca:e8:d3:39:f6:da:58:92:7c:
         cb:0b:7e:74:87:5d:9c:69:75:32:5b:e4:a7:2b:07:3a:c1:a3:
         d4:ef:f7:fc:6b:b9:9c:ff:09:44:f1:52:74:ac:94:62:82:03:
         88:cb:41:e8:80:33:a3:0c:5c:ed:79:f8:90:b3:a6:88:e3:89:
         c4:a8:f2:a4:0f:44:b2:b2:41:ba:fb:00:4b:c2:d0:cc:ac:87:
         01:21:b2:46:b9:c7:46:66:46:91:1f:f7:70:71:ca:c9:37:07:
         f5:ae:cf:8d:52:0f:27:64:0d:ef:2b:df:9b:f5:44:ee:f1:db:
         40:79:da:c2:db:3f:4e:0c:1a:f0:f0:aa:ff:74:e1:cc:e7:da:
         98:a1:85:55:b8:fc:e2:5b:6d:6a:6a:0a:2e:e7:f1:21:ad:98:
         64:95:95:84:24:33:96:78:2b:6a:da:31:c2:3f:7b:07:a2:ab:
         72:31:2c:55:36:31:a0:b3:6f:dc:2c:0f:ac:08:02:f1:3a:90:
         57:5c:36:21:14:24:c5:e9:e1:0a:3c:4c:0e:47:58:99:be:49:
         fa:9c:e8:ac:50:eb:0f:e8:23:7a:f6:ed:17:42:94:0c:6e:00:
         c1:f9:f4:aa:77:b8:71:4d:d3:07:1a:ca:c7:16:eb:b5:19:a3:
         22:58:72:ca
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPWgDPdPhDLubRl4oXPlKYzYIr5gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTIwMTFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGYxYjU2YTM3ODQxNmMyYmI3OTgzMzhmMjYwYjcxMTQ2ODY5ZjE1MWFjYTBk
YmFiOWYxNWQzMDA3Y2ZlYjY3N2MxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANOwS2QI2q95JWA9UoGEnpC4Mx4UtiAz03xeNJer8b/Pc58d/A2J9Tj2h1Sn
apcI30rE818n+KwvUVq/wvVvGBUoZ9J123pbbOmxu7ZUOSJ0550NgyOU9vMTZQht
ORjpfbyW8eYVTeo168kbOFeNoJ0y57v/LCgZOqTFensUwIkT8OtIvaWIxBLINsFT
1CmpC+Pqj4QjOduTnNwY0nWuIhLYA4KmHrbKhlqWC5BiHKbPzh1VHFGHRij3Y6s6
5q/+8vcs1sK2RfGijAcrEMeTAzLRDm708LY6bQWT/fvs+4/GyzwTLTbGm9ErMWGx
qq12Ag+OUMOgm0CVkGFXnZQws50CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTb8P2C
rlb1Vhv4lz63r/Ds0mSz8zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTFjMTUwZmMtZGNiNS00MDJjLTliZjAtNWE0NmMyYjU4ZDM1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAyoF0BsI
MA0GCSqGSIb3DQEBCwUAA4IBAQCkJEwLwhxW6p/K6NM59tpYknzLC350h12caXUy
W+SnKwc6waPU7/f8a7mc/wlE8VJ0rJRiggOIy0HogDOjDFztefiQs6aI44nEqPKk
D0SyskG6+wBLwtDMrIcBIbJGucdGZkaRH/dwccrJNwf1rs+NUg8nZA3vK9+b9UTu
8dtAedrC2z9ODBrw8Kr/dOHM59qYoYVVuPziW21qagou5/EhrZhklZWEJDOWeCtq
2jHCP3sHoqtyMSxVNjGgs2/cLA+sCALxOpBXXDYhFCTF6eEKPEwOR1iZvkn6nOis
UOsP6CN69u0XQpQMbgDB+fSqd7hxTdMHGsrHFuu1GaMiWHLK
-----END CERTIFICATE-----