Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a961f3a-fb71-4357-a4fc-28c4024b0441.roa
File:                     1a961f3a-fb71-4357-a4fc-28c4024b0441.roa (raw, json)
Hash identifier:          ST2Iqz9jRZqy6YgHRF7tLdqsBm33++ahdYc5+bS+PXQ=
Subject key identifier:   D5:2C:B5:AD:93:56:93:4B:AE:B7:3C:E0:3D:E9:BB:FF:E7:D4:56:2F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6EC218C07C9D7C534BDC2BA998BD56DC608A62D5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a961f3a-fb71-4357-a4fc-28c4024b0441.roa
Signing time:             Sat 05 Apr 2025 00:10:11 +0000
ROA not before:           Sat 05 Apr 2025 00:10:11 +0000
ROA not after:            Sat 10 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000::/25 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:c2:18:c0:7c:9d:7c:53:4b:dc:2b:a9:98:bd:56:dc:60:8a:62:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  5 00:10:11 2025 GMT
            Not After : May 10 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:1e:87:bb:8f:42:bd:81:7b:8d:ee:83:a3:d2:
                    b3:8b:85:87:c2:3c:37:7f:51:57:1e:5b:fa:29:0b:
                    1f:cc:05:fe:c8:1a:08:a3:dd:c8:2d:e2:0c:7a:1e:
                    e3:ca:5a:44:ac:4e:20:6e:51:3f:e1:ea:76:92:24:
                    68:18:60:41:cf:6e:e3:a6:69:cb:c8:c7:9d:64:17:
                    bf:dd:82:a0:1b:12:81:5c:93:c2:d8:9c:3f:6d:17:
                    ce:1e:97:7d:93:f5:2c:a8:ff:7d:56:de:54:18:0f:
                    d0:81:6a:13:0d:b6:5f:61:0c:c3:f4:5c:1e:a1:7c:
                    ec:74:4c:4f:b5:03:a3:a2:c3:ff:cb:35:7c:69:b8:
                    40:6d:3a:0d:90:83:d9:fc:6f:e7:b3:3f:26:77:6e:
                    50:25:00:0c:d2:38:f9:4c:fa:b3:a8:cc:e7:bf:eb:
                    d9:bb:ab:ec:e4:36:62:c4:ca:3f:f9:68:cd:d7:28:
                    dc:11:28:44:e4:ed:a2:24:22:c3:65:34:9b:aa:fa:
                    10:e6:67:52:72:0e:66:32:9d:ef:ec:2b:b6:d8:32:
                    fc:e2:80:66:0f:a3:b0:9d:4b:28:0f:1d:ce:bc:b1:
                    bd:5d:3d:07:8a:73:f6:e9:96:fb:2e:c6:77:0d:7b:
                    3b:83:d7:36:40:98:90:2d:d8:82:05:f3:f8:ad:7a:
                    4d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:2C:B5:AD:93:56:93:4B:AE:B7:3C:E0:3D:E9:BB:FF:E7:D4:56:2F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a961f3a-fb71-4357-a4fc-28c4024b0441.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000::/25

    Signature Algorithm: sha256WithRSAEncryption
         6b:52:4e:8b:d5:a6:3b:55:48:19:69:20:62:b4:b8:f5:08:5c:
         00:b4:b9:64:96:29:45:f8:f5:7c:ae:bc:38:11:b2:b5:54:ca:
         f1:18:6b:c1:8b:13:a9:55:49:a2:07:58:99:b7:4c:03:62:a1:
         04:c1:ba:94:0b:b9:67:a3:05:43:ac:18:7a:ff:08:98:2a:30:
         d1:c9:7f:7a:19:b6:1f:35:ad:e2:f4:84:36:5a:9c:d7:be:b2:
         bd:2f:d1:c0:37:36:24:fa:2a:17:95:cc:43:27:27:92:24:b3:
         46:74:3c:03:6d:37:2d:93:d9:1b:25:e1:70:92:19:48:f3:57:
         55:ef:ae:54:25:92:11:fb:f3:d3:72:d1:c1:4f:66:6d:d6:92:
         a6:db:ce:c8:20:49:84:af:d6:38:66:02:65:41:7f:c7:8b:c1:
         c9:8b:66:78:6f:9b:5a:86:38:bf:b7:46:da:26:bf:9c:a8:7b:
         f3:d5:2d:d4:54:60:f2:a9:5a:af:fa:98:39:bc:02:09:d4:82:
         54:c1:02:e0:74:51:1e:6a:53:12:f1:6d:d8:f1:3e:8b:fa:c6:
         9d:61:8d:0d:47:8d:85:ba:b1:61:fb:3b:3c:81:de:01:07:d5:
         95:a9:8b:f4:75:49:06:db:3f:0f:32:eb:70:2e:b9:d1:f2:f5:
         61:5d:4f:f8
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUbsIYwHydfFNL3CupmL1W3GCKYtUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDUwMDEwMTFaFw0yNTA1MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGQwYTVhYTMyNzA2OTA3YWIzNDAwNDYxZjExZmUyNTI0NDk2OThjMzVjOWFl
MzNmOWQwOTk3NTNjYTk1YmNiMDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANEeh7uPQr2Be43ug6PSs4uFh8I8N39RVx5b+ikLH8wF/sgaCKPdyC3iDHoe
48paRKxOIG5RP+HqdpIkaBhgQc9u46Zpy8jHnWQXv92CoBsSgVyTwticP20Xzh6X
fZP1LKj/fVbeVBgP0IFqEw22X2EMw/RcHqF87HRMT7UDo6LD/8s1fGm4QG06DZCD
2fxv57M/JnduUCUADNI4+Uz6s6jM57/r2bur7OQ2YsTKP/lozdco3BEoROTtoiQi
w2U0m6r6EOZnUnIOZjKd7+wrttgy/OKAZg+jsJ1LKA8dzryxvV09B4pz9umW+y7G
dw17O4PXNkCYkC3YggXz+K16TTMCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBTVLLWt
k1aTS663POA96bv/59RWLzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWE5NjFmM2EtZmI3MS00MzU3LWE0ZmMtMjhjNDAyNGIwNDQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFByoF0AAw
DQYJKoZIhvcNAQELBQADggEBAGtSTovVpjtVSBlpIGK0uPUIXAC0uWSWKUX49Xyu
vDgRsrVUyvEYa8GLE6lVSaIHWJm3TANioQTBupQLuWejBUOsGHr/CJgqMNHJf3oZ
th81reL0hDZanNe+sr0v0cA3NiT6KheVzEMnJ5Iks0Z0PANtNy2T2Rsl4XCSGUjz
V1XvrlQlkhH789Ny0cFPZm3WkqbbzsggSYSv1jhmAmVBf8eLwcmLZnhvm1qGOL+3
Rtomv5yoe/PVLdRUYPKpWq/6mDm8AgnUglTBAuB0UR5qUxLxbdjxPov6xp1hjQ1H
jYW6sWH7OzyB3gEH1ZWpi/R1SQbbPw8y63AuudHy9WFdT/g=
-----END CERTIFICATE-----