Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4967c03f-f17b-42f4-bfca-8694bb963ab0.roa
File:                     4967c03f-f17b-42f4-bfca-8694bb963ab0.roa (raw, json)
Hash identifier:          avupNc2uAaPaHniZ567mXAUrWgcd6VmaFKUcluoUSIw=
Subject key identifier:   86:68:F4:04:35:92:75:4F:52:D0:FB:5B:55:28:80:61:4B:F9:29:03
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       11531BBB9F723C035FEBDB48924A8D3604D83E11
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4967c03f-f17b-42f4-bfca-8694bb963ab0.roa
Signing time:             Mon 31 Mar 2025 19:10:17 +0000
ROA not before:           Mon 31 Mar 2025 19:10:17 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:9040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:53:1b:bb:9f:72:3c:03:5f:eb:db:48:92:4a:8d:36:04:d8:3e:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:10:17 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:dd:f4:d0:1c:66:60:a5:28:74:14:fb:51:57:
                    3d:e9:fa:ff:a7:15:a4:13:05:1a:92:0b:d1:2a:c7:
                    6b:13:9d:3c:46:0b:ea:77:ff:c0:ab:f6:c8:e1:fb:
                    30:6f:5a:ad:ed:cc:39:6f:ba:6b:c1:36:2e:5c:6e:
                    63:83:a2:ea:4c:0e:e8:f4:d8:11:27:a5:50:5a:dd:
                    20:c5:12:64:eb:ae:63:07:17:06:1e:53:fe:06:84:
                    81:6c:c3:aa:48:ce:f2:fe:74:63:81:57:8a:2d:d1:
                    85:fa:4c:a7:7c:05:b8:a7:5c:bc:ce:00:15:fe:74:
                    82:17:3c:e4:14:50:86:65:e2:3e:78:34:15:fd:49:
                    fa:56:45:ef:13:24:2f:85:eb:9f:0f:97:a3:84:31:
                    75:61:0d:61:a1:30:e1:d3:a6:13:b3:8c:20:f4:32:
                    12:2f:0a:65:10:41:71:48:54:a1:d0:26:73:db:a5:
                    b2:f7:f5:23:a7:d2:8b:24:da:c2:20:7d:d3:7c:2e:
                    55:24:5d:dd:18:39:78:20:48:6a:c7:b3:e5:54:d9:
                    04:eb:3d:28:62:63:c9:13:e9:21:39:3a:b1:73:70:
                    c3:6c:cb:67:d5:e2:fa:7f:10:60:85:4e:f5:72:67:
                    10:88:53:cb:68:9d:b3:99:15:0f:b2:50:0a:aa:05:
                    16:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:68:F4:04:35:92:75:4F:52:D0:FB:5B:55:28:80:61:4B:F9:29:03
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4967c03f-f17b-42f4-bfca-8694bb963ab0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:9040::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:82:61:a7:bf:d0:a0:54:b9:30:a7:bf:0b:29:90:ed:36:de:
         5c:f4:58:86:9d:60:33:9d:98:9b:64:5b:43:ff:f8:28:5d:6e:
         4f:5f:51:e7:76:c1:33:84:14:cd:30:83:ab:5a:95:ed:08:5d:
         ab:8d:a9:87:24:22:45:65:79:58:be:8b:41:86:2b:89:e4:2f:
         70:a7:0a:a2:49:74:41:55:a9:9d:57:33:90:d6:4c:61:eb:bf:
         f8:fb:9d:27:b6:14:d9:92:2f:8b:9e:a9:df:4c:0a:62:01:54:
         e9:ba:cf:00:41:65:08:64:ed:5d:8f:13:da:94:b4:b6:59:4b:
         dc:ea:09:cb:52:a7:af:bd:06:2c:43:88:8c:49:39:cb:c4:ec:
         6c:ab:92:92:64:9e:4a:50:15:4c:44:b6:50:31:b1:39:6f:9c:
         dd:07:08:b4:18:e6:ce:50:78:7e:b6:e0:63:db:f2:d0:c9:97:
         86:26:48:76:58:a9:25:a9:93:67:a7:1a:7f:b9:b1:e7:c7:42:
         54:49:bc:30:3b:ec:82:37:82:db:15:cb:7b:ec:25:32:9e:28:
         5b:23:54:c1:a5:42:a8:72:04:1f:ca:01:8f:9f:64:c0:04:96:
         a3:08:e0:2a:83:85:74:12:51:81:a7:42:ea:f4:57:6e:b9:09:
         1d:ab:89:f0
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUEVMbu59yPANf69tIkkqNNgTYPhEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTEwMTdaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGFmOTk1MmY5Y2U3NTc3MGFhZjA0N2QxZjVjNmJkNmVlMTQ4YThmYjQ0YzZk
N2UyZGVhOTBkNGU4YWNkYTFmN2IxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAObd9NAcZmClKHQU+1FXPen6/6cVpBMFGpIL0SrHaxOdPEYL6nf/wKv2yOH7
MG9are3MOW+6a8E2LlxuY4Oi6kwO6PTYESelUFrdIMUSZOuuYwcXBh5T/gaEgWzD
qkjO8v50Y4FXii3RhfpMp3wFuKdcvM4AFf50ghc85BRQhmXiPng0Ff1J+lZF7xMk
L4Xrnw+Xo4QxdWENYaEw4dOmE7OMIPQyEi8KZRBBcUhUodAmc9ulsvf1I6fSiyTa
wiB903wuVSRd3Rg5eCBIasez5VTZBOs9KGJjyRPpITk6sXNww2zLZ9Xi+n8QYIVO
9XJnEIhTy2ids5kVD7JQCqoFFrUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSGaPQE
NZJ1T1LQ+1tVKIBhS/kpAzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDk2N2MwM2YtZjE3Yi00MmY0LWJmY2EtODY5NGJiOTYzYWIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAJoJhp7/QoFS5MKe/CymQ7TbeXPRYhp1gM52Y
m2RbQ//4KF1uT19R53bBM4QUzTCDq1qV7Qhdq42phyQiRWV5WL6LQYYrieQvcKcK
okl0QVWpnVczkNZMYeu/+PudJ7YU2ZIvi56p30wKYgFU6brPAEFlCGTtXY8T2pS0
tllL3OoJy1Knr70GLEOIjEk5y8TsbKuSkmSeSlAVTES2UDGxOW+c3QcItBjmzlB4
frbgY9vy0MmXhiZIdlipJamTZ6caf7mx58dCVEm8MDvsgjeC2xXLe+wlMp4oWyNU
waVCqHIEH8oBj59kwASWowjgKoOFdBJRgadC6vRXbrkJHauJ8A==
-----END CERTIFICATE-----