Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/245b62a3-aba6-4bec-8e4d-d798fd0e1a73.roa
File:                     245b62a3-aba6-4bec-8e4d-d798fd0e1a73.roa (raw, json)
Hash identifier:          e8Dp5ygiad8izP67XU6zcppeetWf/KJBHSTZMdriXiE=
Subject key identifier:   AF:DC:9A:2E:82:BF:27:8E:3A:43:1F:0B:B4:F5:1F:AB:2B:84:E9:4F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       55703B90AF103080E148B43E02B057ABFD1C716B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/245b62a3-aba6-4bec-8e4d-d798fd0e1a73.roa
Signing time:             Mon 31 Mar 2025 20:01:00 +0000
ROA not before:           Mon 31 Mar 2025 20:01:00 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:80c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:70:3b:90:af:10:30:80:e1:48:b4:3e:02:b0:57:ab:fd:1c:71:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:01:00 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f3:68:91:b8:07:f1:c4:17:65:68:65:30:45:
                    ba:6a:3a:c5:1c:12:b4:de:e3:a3:d0:fb:16:b5:67:
                    06:74:9d:5f:86:e1:22:4d:40:f1:d7:2a:ba:b4:6b:
                    95:6c:b3:a6:8f:7b:a6:b7:ca:a8:b5:4f:f2:8b:1b:
                    d5:ca:33:85:21:7c:ee:b3:87:39:5e:2d:b6:17:60:
                    78:d3:49:48:bf:a9:bc:be:74:e4:27:89:ca:39:17:
                    46:b6:ab:c8:ca:8f:dd:ef:9f:f4:95:7f:8f:12:0c:
                    ec:3e:36:de:a2:05:27:6c:b2:eb:99:d5:0f:ad:72:
                    16:93:33:da:4b:da:52:1f:f3:be:20:cd:02:50:1d:
                    9f:a5:bd:6a:08:ac:a7:af:e4:fb:a7:c2:3d:03:13:
                    55:88:2e:8d:45:b4:98:bf:2f:47:fd:a2:ea:88:54:
                    b9:9c:d4:51:d0:a3:8a:61:d2:24:32:55:fd:c0:b3:
                    47:03:46:9c:f6:a7:16:d9:32:46:7f:70:a1:6f:24:
                    9a:d5:dc:3a:95:e2:8e:78:69:4a:65:da:c1:d2:27:
                    d4:a2:9a:81:2d:c8:a1:9c:94:1c:37:42:1d:a1:33:
                    36:ee:2f:1b:b9:e9:11:7e:3a:22:4d:31:ba:ed:63:
                    3a:c9:3d:94:76:95:78:d0:59:0a:0d:33:1d:7e:e8:
                    13:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:DC:9A:2E:82:BF:27:8E:3A:43:1F:0B:B4:F5:1F:AB:2B:84:E9:4F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/245b62a3-aba6-4bec-8e4d-d798fd0e1a73.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:80c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         b1:4d:97:06:6f:d0:ba:0f:78:55:d4:1d:3a:ef:47:ed:a6:ab:
         c6:d5:cd:d8:a7:a2:a0:d7:3d:80:f9:70:57:f7:b9:d0:0c:94:
         67:42:60:2f:63:a6:19:f7:83:09:a6:5a:fd:6b:9a:5c:d5:96:
         e6:c7:20:35:99:ad:38:11:a3:9e:24:aa:0b:5b:09:c4:e2:8a:
         e7:f9:c5:90:97:c1:c3:d0:49:19:49:7f:a6:87:71:3f:0f:03:
         4b:0f:f5:08:9e:f4:a2:00:97:c5:a2:b8:12:ee:93:fc:69:72:
         7a:8c:20:48:33:e1:ea:16:10:c4:c8:75:06:b3:f5:55:3c:67:
         50:d6:cd:d7:80:84:58:0c:d7:87:4e:bd:63:2e:4d:a0:79:12:
         7e:0b:8e:41:82:a6:e4:78:b4:e9:31:43:5c:0f:b0:6d:09:4d:
         92:eb:c8:87:54:2f:0c:85:70:42:81:ae:5c:65:52:95:b6:f9:
         1d:17:f2:30:dc:48:a0:3a:ca:ef:4d:3d:81:69:db:25:63:b6:
         36:40:3e:21:f8:fd:2a:17:22:20:d4:56:dc:ee:f0:45:bb:5f:
         c7:5d:51:36:c7:3e:02:fc:5e:48:d7:73:13:d2:e1:e8:cb:60:
         95:df:2e:00:16:ae:be:95:60:02:56:7f:71:e0:73:c6:3f:90:
         e3:19:d6:63
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUVXA7kK8QMIDhSLQ+ArBXq/0ccWswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDAxMDBaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDhlNDdlZDUyYjc5YjQ5NmM2NjM2YWQyZjNiZDI2NWE1ZGRjNzNlZjNmZjdj
OGZiOGFjNTc4ODgwMTM4NWVkZjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJjzaJG4B/HEF2VoZTBFumo6xRwStN7jo9D7FrVnBnSdX4bhIk1A8dcqurRr
lWyzpo97prfKqLVP8osb1cozhSF87rOHOV4tthdgeNNJSL+pvL505CeJyjkXRrar
yMqP3e+f9JV/jxIM7D423qIFJ2yy65nVD61yFpMz2kvaUh/zviDNAlAdn6W9agis
p6/k+6fCPQMTVYgujUW0mL8vR/2i6ohUuZzUUdCjimHSJDJV/cCzRwNGnPanFtky
Rn9woW8kmtXcOpXijnhpSmXawdIn1KKagS3IoZyUHDdCHaEzNu4vG7npEX46Ik0x
uu1jOsk9lHaVeNBZCg0zHX7oE6sCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSv3Jou
gr8njjpDHwu09R+rK4TpTzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjQ1YjYyYTMtYWJhNi00YmVjLThlNGQtZDc5OGZkMGUxYTczLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HeA
wDANBgkqhkiG9w0BAQsFAAOCAQEAsU2XBm/Qug94VdQdOu9H7aarxtXN2KeioNc9
gPlwV/e50AyUZ0JgL2OmGfeDCaZa/WuaXNWW5scgNZmtOBGjniSqC1sJxOKK5/nF
kJfBw9BJGUl/podxPw8DSw/1CJ70ogCXxaK4Eu6T/GlyeowgSDPh6hYQxMh1BrP1
VTxnUNbN14CEWAzXh069Yy5NoHkSfguOQYKm5Hi06TFDXA+wbQlNkuvIh1QvDIVw
QoGuXGVSlbb5HRfyMNxIoDrK7009gWnbJWO2NkA+Ifj9KhciINRW3O7wRbtfx11R
Nsc+AvxeSNdzE9Lh6Mtgld8uABauvpVgAlZ/ceBzxj+Q4xnWYw==
-----END CERTIFICATE-----