Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5dca02e6-03a4-4251-b6d3-5c96d22af7cb.roa
File:                     5dca02e6-03a4-4251-b6d3-5c96d22af7cb.roa (raw, json)
Hash identifier:          cZD/6A94fll1dHZZYQqSDVHFEjcgw6zUOPBGJnud7GA=
Subject key identifier:   ED:7A:7E:3D:26:5C:CF:45:38:44:66:58:AC:6F:32:79:85:AD:BE:D4
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4FF0F55142D95C8C8CF8B8D12D2DF6788698B822
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5dca02e6-03a4-4251-b6d3-5c96d22af7cb.roa
Signing time:             Tue 01 Apr 2025 15:00:24 +0000
ROA not before:           Tue 01 Apr 2025 15:00:24 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        79.125.24.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:f0:f5:51:42:d9:5c:8c:8c:f8:b8:d1:2d:2d:f6:78:86:98:b8:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  1 15:00:24 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:90:47:f3:77:2c:d3:4a:1e:6c:14:82:46:d0:
                    67:49:90:e4:ee:69:ea:41:45:89:55:cc:b5:36:70:
                    59:7d:5e:8b:69:12:42:57:eb:16:7f:ef:4f:ad:3b:
                    b7:ce:65:fd:0e:d3:bf:e0:1d:87:0d:16:7b:09:70:
                    15:23:dd:f9:3e:43:9e:1d:73:85:6e:8f:ee:f5:d1:
                    bf:61:1f:da:77:05:8a:eb:61:fb:0c:fa:f5:ed:07:
                    9d:83:67:6b:48:5b:76:20:2e:5b:5c:ea:d5:22:e5:
                    e0:36:af:08:98:d0:e9:e7:49:ec:0d:ae:5b:d6:ae:
                    35:1c:a7:65:77:a9:02:2e:53:0e:e5:0e:23:de:5b:
                    db:da:f9:7b:e4:a6:1a:1a:ba:7e:26:af:f4:6c:c0:
                    35:c5:b8:8a:16:1e:80:ad:3b:87:99:ed:ff:6c:6a:
                    dd:97:40:3a:d6:82:bc:5d:fc:ea:66:e9:14:41:de:
                    f2:a4:4f:07:f2:6f:37:7e:d1:d1:a2:da:61:b0:fa:
                    40:f2:d3:0e:85:b9:a6:99:ff:1f:fe:63:37:56:0a:
                    e8:87:24:70:b3:4f:81:03:ca:b4:6a:19:3d:6c:f7:
                    5a:6f:a6:77:70:08:d7:95:76:9c:41:f2:7c:b6:68:
                    25:40:e0:44:99:3c:4c:af:c4:a9:8b:8b:8a:b9:fe:
                    58:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:7A:7E:3D:26:5C:CF:45:38:44:66:58:AC:6F:32:79:85:AD:BE:D4
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5dca02e6-03a4-4251-b6d3-5c96d22af7cb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.125.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:a4:07:0e:b7:f4:d4:a9:3d:92:a4:0f:f2:cc:fd:cc:52:c0:
         6a:a8:76:03:9f:2f:83:e6:bb:0b:ee:59:ea:07:23:0b:bc:ae:
         c1:d5:32:c5:05:40:f6:f7:8a:8e:81:ef:24:4f:94:06:ee:45:
         d6:8e:e1:fe:09:69:76:fc:32:78:68:61:fd:b3:46:fe:a9:53:
         f6:07:a0:2c:d6:bb:13:99:a1:cb:6c:32:fc:63:57:4d:38:94:
         42:e4:e5:16:21:34:72:9b:98:36:2a:27:ec:e4:31:fe:72:89:
         c6:5d:27:43:e0:f9:9e:a4:93:9b:cf:38:b5:65:00:13:14:c8:
         54:97:2c:b2:2b:e9:c6:d6:e6:7a:43:44:34:1e:14:f3:41:81:
         7d:50:71:93:4b:33:9f:ad:97:e3:01:74:e6:a5:8d:a7:22:ec:
         6b:b3:ff:41:b1:2d:12:a8:52:ad:78:dd:c0:77:3c:da:7d:44:
         1c:54:41:bb:4f:6a:8e:f9:5e:9c:b1:89:7f:84:e5:32:b8:fd:
         62:6a:4a:55:67:63:1a:f3:cf:53:21:b8:8d:54:fa:89:90:d8:
         8a:40:8a:71:b5:aa:90:6f:71:f0:77:04:32:73:b5:56:e0:d7:
         4b:a0:af:e8:b0:bd:e8:26:90:89:02:b3:b9:40:e7:7b:e0:1b:
         bc:4b:11:c7
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUT/D1UULZXIyM+LjRLS32eIaYuCIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDExNTAwMjRaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGIwMzI2ZjhhOWUzZDM5MTc1YjZkOTAyNTcxMTY3NzU2ZWE2YWNhNGIyNTgw
ODk1NzM3M2UzNjIwMmFhOTQ5NjAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMGQR/N3LNNKHmwUgkbQZ0mQ5O5p6kFFiVXMtTZwWX1ei2kSQlfrFn/vT607
t85l/Q7Tv+Adhw0WewlwFSPd+T5Dnh1zhW6P7vXRv2Ef2ncFiuth+wz69e0HnYNn
a0hbdiAuW1zq1SLl4DavCJjQ6edJ7A2uW9auNRynZXepAi5TDuUOI95b29r5e+Sm
Ghq6fiav9GzANcW4ihYegK07h5nt/2xq3ZdAOtaCvF386mbpFEHe8qRPB/JvN37R
0aLaYbD6QPLTDoW5ppn/H/5jN1YK6IckcLNPgQPKtGoZPWz3Wm+md3AI15V2nEHy
fLZoJUDgRJk8TK/EqYuLirn+WIMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTten49
JlzPRThEZlisbzJ5ha2+1DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWRjYTAyZTYtMDNhNC00MjUxLWI2ZDMtNWM5NmQyMmFmN2NiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAk99GDAN
BgkqhkiG9w0BAQsFAAOCAQEAr6QHDrf01Kk9kqQP8sz9zFLAaqh2A58vg+a7C+5Z
6gcjC7yuwdUyxQVA9veKjoHvJE+UBu5F1o7h/glpdvwyeGhh/bNG/qlT9gegLNa7
E5mhy2wy/GNXTTiUQuTlFiE0cpuYNion7OQx/nKJxl0nQ+D5nqSTm884tWUAExTI
VJcssivpxtbmekNENB4U80GBfVBxk0szn62X4wF05qWNpyLsa7P/QbEtEqhSrXjd
wHc82n1EHFRBu09qjvlenLGJf4TlMrj9YmpKVWdjGvPPUyG4jVT6iZDYikCKcbWq
kG9x8HcEMnO1VuDXS6Cv6LC96CaQiQKzuUDne+AbvEsRxw==
-----END CERTIFICATE-----