Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3fa7e298-325c-4151-ac0e-2364c78e67e5.roa
File:                     3fa7e298-325c-4151-ac0e-2364c78e67e5.roa (raw, json)
Hash identifier:          yl8sYp+pUp8UlsvJ1VyTVsGvH5lWh6kkEg/SpNrz4O4=
Subject key identifier:   A3:C0:2F:F8:9F:9D:13:5A:05:2B:3E:02:68:A3:44:3B:83:C8:5A:ED
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       08058BF320B50DC8848EB07866FF0DAC0719D247
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3fa7e298-325c-4151-ac0e-2364c78e67e5.roa
Signing time:             Mon 31 Mar 2025 20:31:21 +0000
ROA not before:           Mon 31 Mar 2025 20:31:21 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:6000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:05:8b:f3:20:b5:0d:c8:84:8e:b0:78:66:ff:0d:ac:07:19:d2:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:31:21 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:86:f3:bf:e1:71:01:38:12:95:16:05:44:b7:
                    fe:93:9c:2e:75:0b:15:6c:ab:8b:62:06:14:c1:12:
                    5d:8f:4c:3a:2c:20:68:35:fc:d2:77:a3:d5:33:8f:
                    83:0b:5d:59:7f:41:c8:d0:5d:20:46:5e:92:23:44:
                    f8:eb:f4:13:45:a8:bf:40:93:b8:87:fc:39:75:2e:
                    ac:5a:16:54:03:e4:38:b3:95:db:ef:37:68:97:00:
                    3f:ca:a0:51:34:6e:43:d2:fa:73:6c:2c:39:9a:40:
                    15:00:42:0b:04:17:d6:fe:6b:c0:62:65:6d:72:f3:
                    da:6f:e6:41:76:94:3b:ea:8d:ab:a7:59:cc:82:27:
                    55:f9:54:43:2e:3d:ef:12:ec:b8:19:79:ab:1a:85:
                    58:01:10:75:8f:01:36:65:12:c9:07:63:e2:20:39:
                    7a:03:62:dc:02:70:3a:78:03:57:6b:82:ab:6b:0c:
                    26:e1:c5:d5:bc:8b:e7:c4:4d:b4:63:10:79:4c:9d:
                    03:fb:8a:fd:ae:ca:7a:c3:dc:fd:69:53:70:e0:fd:
                    04:c6:5b:22:85:52:14:d8:6b:d8:d4:86:14:99:e2:
                    d3:8c:06:fb:df:1c:11:4b:53:6a:34:1f:bc:57:72:
                    d4:d6:22:75:06:99:f8:e1:af:22:99:a7:2a:a0:ed:
                    53:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:C0:2F:F8:9F:9D:13:5A:05:2B:3E:02:68:A3:44:3B:83:C8:5A:ED
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3fa7e298-325c-4151-ac0e-2364c78e67e5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         86:11:2a:e8:b6:f9:c0:5f:37:95:9e:6e:95:79:ef:ac:01:4b:
         ae:21:c9:83:35:23:4e:52:b2:61:ce:7c:79:52:51:6d:83:d1:
         e6:b7:46:06:fa:7e:28:c4:5f:ae:71:81:60:9b:7e:a1:af:42:
         99:0e:c7:07:66:d5:60:a4:69:7a:ce:34:fc:e9:76:6e:c5:95:
         f6:14:5f:e0:32:dd:77:16:fc:6d:fe:bc:0e:ff:af:9e:96:98:
         47:1c:82:5e:72:ff:17:46:97:0e:6c:42:22:48:67:2a:3c:f9:
         01:66:91:a9:88:15:20:6e:7e:51:b1:b8:07:40:2a:88:1f:7d:
         02:65:a3:b9:0c:8e:83:ec:c8:fe:a8:53:ec:31:c2:37:a9:44:
         8c:81:60:0e:92:08:47:72:ce:8e:e5:74:1d:e7:dd:3a:bb:aa:
         bd:58:f3:2a:59:f3:e9:d5:10:72:80:db:91:f5:e8:f7:a9:e3:
         2c:81:40:7e:3c:76:5c:89:2b:88:56:3a:29:07:45:88:72:a7:
         11:8e:42:67:77:10:fb:da:ec:86:3d:8a:2c:b4:f5:04:77:15:
         b3:79:9e:ba:d8:05:04:c8:fe:4a:28:4d:ce:19:f4:ff:fe:56:
         fc:4f:bd:5b:d7:46:1d:ce:c5:2e:a1:1d:4e:fe:3c:91:e8:08:
         e3:75:5d:89
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCAWL8yC1DciEjrB4Zv8NrAcZ0kcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMxMjFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ1NTgxOTRiYTQ4NWYwMDlmZGZiNWE0YzEyZWM1NDZiNDMzYjI5Zjc5OWFk
M2EyYTBkZjNkNWFjYTY0MWRjMjkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK6G87/hcQE4EpUWBUS3/pOcLnULFWyri2IGFMESXY9MOiwgaDX80nej1TOP
gwtdWX9ByNBdIEZekiNE+Ov0E0Wov0CTuIf8OXUurFoWVAPkOLOV2+83aJcAP8qg
UTRuQ9L6c2wsOZpAFQBCCwQX1v5rwGJlbXLz2m/mQXaUO+qNq6dZzIInVflUQy49
7xLsuBl5qxqFWAEQdY8BNmUSyQdj4iA5egNi3AJwOngDV2uCq2sMJuHF1byL58RN
tGMQeUydA/uK/a7KesPc/WlTcOD9BMZbIoVSFNhr2NSGFJni04wG+98cEUtTajQf
vFdy1NYidQaZ+OGvIpmnKqDtU0UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSjwC/4
n50TWgUrPgJoo0Q7g8ha7TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2ZhN2UyOTgtMzI1Yy00MTUxLWFjMGUtMjM2NGM3OGU2N2U1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hdg
MA0GCSqGSIb3DQEBCwUAA4IBAQCGESrotvnAXzeVnm6Vee+sAUuuIcmDNSNOUrJh
znx5UlFtg9Hmt0YG+n4oxF+ucYFgm36hr0KZDscHZtVgpGl6zjT86XZuxZX2FF/g
Mt13Fvxt/rwO/6+elphHHIJecv8XRpcObEIiSGcqPPkBZpGpiBUgbn5RsbgHQCqI
H30CZaO5DI6D7Mj+qFPsMcI3qUSMgWAOkghHcs6O5XQd5906u6q9WPMqWfPp1RBy
gNuR9ej3qeMsgUB+PHZciSuIVjopB0WIcqcRjkJndxD72uyGPYostPUEdxWzeZ66
2AUEyP5KKE3OGfT//lb8T71b10YdzsUuoR1O/jyR6AjjdV2J
-----END CERTIFICATE-----