Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5a585e9d-8bf0-4bc1-ad7b-b6c3e0bf9b93.roa
File:                     5a585e9d-8bf0-4bc1-ad7b-b6c3e0bf9b93.roa (raw, json)
Hash identifier:          AyPwJEbR0GjwiMWuuctiLYTNMTDMimcY0AWPvlKQRlc=
Subject key identifier:   0E:CF:9B:0A:08:EE:FE:9B:3C:10:14:31:77:F5:53:BA:A0:79:E1:49
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3E34EA633925847D54F08437778ECB70F9F048B8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5a585e9d-8bf0-4bc1-ad7b-b6c3e0bf9b93.roa
Signing time:             Mon 31 Mar 2025 21:21:04 +0000
ROA not before:           Mon 31 Mar 2025 21:21:04 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d025:1000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:34:ea:63:39:25:84:7d:54:f0:84:37:77:8e:cb:70:f9:f0:48:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:21:04 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:64:84:25:ed:57:e4:ca:32:4d:97:de:dd:ec:
                    05:2b:ec:f0:22:cf:2a:69:00:8c:d2:3e:93:9a:f2:
                    04:af:a2:10:95:07:90:ed:64:68:86:90:f0:ae:d9:
                    4b:ed:b8:3e:d6:7c:6f:39:16:58:cf:53:0e:83:ae:
                    f4:fd:dc:cd:33:93:47:85:8b:39:4a:af:91:19:d2:
                    78:28:c3:2b:31:6b:b5:bf:7e:f4:01:f0:56:d0:d2:
                    c1:62:94:b2:85:79:28:81:fa:f0:d1:10:8f:90:d3:
                    8c:89:bf:49:e3:2c:e0:17:17:c9:c9:93:b7:69:53:
                    50:9d:e3:8d:61:f5:f7:f4:79:96:31:50:b4:5c:81:
                    0b:17:3d:ee:d7:e7:77:dd:88:52:01:7e:fd:cd:a2:
                    5d:46:c4:aa:b4:ce:bf:ed:d0:fd:dd:4e:b9:1b:fe:
                    f3:9a:ac:e4:4d:ac:9d:62:e4:5d:df:15:86:17:33:
                    96:78:96:f4:86:03:c7:03:9e:e8:40:17:8b:8b:c0:
                    ef:69:5f:ca:07:27:a8:7e:2f:c3:c1:62:9d:b9:40:
                    c6:30:c0:4b:52:9c:df:34:89:60:9b:fc:ac:80:76:
                    a4:29:8d:09:27:7e:e6:cc:4e:76:ca:b8:af:b4:95:
                    76:ba:0c:0c:70:9b:e5:88:bc:ea:ab:39:92:b2:cb:
                    43:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:CF:9B:0A:08:EE:FE:9B:3C:10:14:31:77:F5:53:BA:A0:79:E1:49
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5a585e9d-8bf0-4bc1-ad7b-b6c3e0bf9b93.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d025:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         82:d3:c7:f8:61:d6:db:8d:f0:ae:ea:8d:74:12:c7:07:45:45:
         db:b5:92:ca:4c:36:fd:4f:b4:87:20:34:3e:be:58:59:fd:23:
         ad:63:26:c9:ca:7f:5b:88:e0:98:e6:19:c0:e6:08:6c:e0:c6:
         85:96:a3:4c:94:de:89:91:16:64:61:85:c0:d7:eb:14:ca:dd:
         3c:6b:73:68:e8:5a:6c:85:4a:99:ac:08:8a:b9:c5:8b:d5:aa:
         54:2b:4f:10:ee:79:ff:52:44:ee:f8:68:a9:0d:67:3a:66:1f:
         19:a4:06:a5:4a:29:98:cd:80:88:bc:7a:fd:ab:3d:16:88:f8:
         10:fa:e2:cb:d2:3a:23:2d:3c:96:d1:8d:e4:a7:63:71:74:b4:
         07:34:dc:16:57:a0:53:16:c0:ca:45:44:bd:04:d9:d2:f0:f0:
         9c:cb:59:6e:1b:56:27:e1:f7:c4:55:f3:e0:0a:42:dc:f4:0a:
         3b:59:6b:7a:67:76:98:cc:f2:7c:ad:ce:46:62:08:70:e2:bf:
         8d:0e:34:b3:ac:56:64:90:16:97:d6:3b:67:76:ff:bd:8f:8a:
         b7:5a:b5:01:77:e8:93:81:10:1e:30:ee:6a:6d:4c:a5:51:58:
         84:08:c1:40:90:58:99:58:67:d7:71:56:e4:f5:95:07:9b:c1:
         7d:03:ac:d3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPjTqYzklhH1U8IQ3d47LcPnwSLgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTIxMDRaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGJlOGQ4Yjg0ODI5YTM5NWIxNDFkYjM5ODQxZTdhMWEwYTIyZWYyZGNlNzYx
NWRjYjZmMGM1YTg3NTM3ZWZlMDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL9khCXtV+TKMk2X3t3sBSvs8CLPKmkAjNI+k5ryBK+iEJUHkO1kaIaQ8K7Z
S+24PtZ8bzkWWM9TDoOu9P3czTOTR4WLOUqvkRnSeCjDKzFrtb9+9AHwVtDSwWKU
soV5KIH68NEQj5DTjIm/SeMs4BcXycmTt2lTUJ3jjWH19/R5ljFQtFyBCxc97tfn
d92IUgF+/c2iXUbEqrTOv+3Q/d1OuRv+85qs5E2snWLkXd8VhhczlniW9IYDxwOe
6EAXi4vA72lfygcnqH4vw8FinblAxjDAS1Kc3zSJYJv8rIB2pCmNCSd+5sxOdsq4
r7SVdroMDHCb5Yi86qs5krLLQ1UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQOz5sK
CO7+mzwQFDF39VO6oHnhSTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWE1ODVlOWQtOGJmMC00YmMxLWFkN2ItYjZjM2UwYmY5YjkzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CUQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCC08f4YdbbjfCu6o10EscHRUXbtZLKTDb9T7SH
IDQ+vlhZ/SOtYybJyn9biOCY5hnA5ghs4MaFlqNMlN6JkRZkYYXA1+sUyt08a3No
6FpshUqZrAiKucWL1apUK08Q7nn/UkTu+GipDWc6Zh8ZpAalSimYzYCIvHr9qz0W
iPgQ+uLL0jojLTyW0Y3kp2NxdLQHNNwWV6BTFsDKRUS9BNnS8PCcy1luG1Yn4ffE
VfPgCkLc9Ao7WWt6Z3aYzPJ8rc5GYghw4r+NDjSzrFZkkBaX1jtndv+9j4q3WrUB
d+iTgRAeMO5qbUylUViECMFAkFiZWGfXcVbk9ZUHm8F9A6zT
-----END CERTIFICATE-----