Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/62ddc52a-8a4f-4ef2-95ec-dbf3a76be98d.roa
File:                     62ddc52a-8a4f-4ef2-95ec-dbf3a76be98d.roa (raw, json)
Hash identifier:          zKwDQzZaGsRrxvLYWlPnJ+QJJ4aaRSIxkC5tuNy26j0=
Subject key identifier:   3B:B6:DE:DD:36:15:78:94:12:F4:72:39:6D:2E:D6:D0:96:54:8A:3E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       15038F23966291A1AEC0E980AC6D3555FC01AEE5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/62ddc52a-8a4f-4ef2-95ec-dbf3a76be98d.roa
Signing time:             Wed 26 Mar 2025 19:21:55 +0000
ROA not before:           Wed 26 Mar 2025 19:21:55 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:840::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:03:8f:23:96:62:91:a1:ae:c0:e9:80:ac:6d:35:55:fc:01:ae:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 26 19:21:55 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d1:cd:15:64:ee:5f:9a:fe:52:21:b9:92:f9:
                    1a:03:d7:69:3b:71:58:3c:ae:d2:13:e0:e5:6b:7e:
                    92:60:2e:8d:bb:bf:73:b2:5b:30:bd:c4:cf:a3:83:
                    c5:63:25:cb:b3:68:66:a3:df:6f:b3:ac:07:24:f9:
                    af:cb:ab:f5:07:a9:f0:c9:63:38:57:1c:a4:ae:06:
                    5e:68:71:1b:45:89:03:a5:a5:b0:63:d6:cf:e8:cd:
                    f0:7d:7a:eb:c8:46:83:74:ad:e2:ed:ef:d9:d9:fa:
                    87:37:3d:68:21:64:be:a2:66:fa:2b:19:c4:cc:57:
                    90:3d:07:40:ff:4a:7b:55:43:a1:f7:ac:37:20:e7:
                    73:6b:47:b6:46:6e:0b:40:34:17:04:51:a8:e2:6e:
                    20:91:61:02:ff:4a:62:56:70:8b:8e:73:6b:c8:09:
                    ef:32:05:d7:7f:5d:73:37:55:47:a4:8c:b8:a9:2a:
                    ee:ea:d0:a3:77:ef:fd:44:05:b0:bd:f9:a8:f7:75:
                    48:67:ca:a5:11:d4:37:fa:37:11:02:9a:ea:90:83:
                    d4:11:80:02:00:7b:82:5f:70:b8:3c:2f:5a:c5:62:
                    bf:4c:c6:97:22:8a:3c:e4:2a:0a:12:5e:4b:dc:12:
                    58:67:2d:97:ea:7b:03:62:ff:42:c2:6c:b8:51:a1:
                    88:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:B6:DE:DD:36:15:78:94:12:F4:72:39:6D:2E:D6:D0:96:54:8A:3E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/62ddc52a-8a4f-4ef2-95ec-dbf3a76be98d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:840::/46

    Signature Algorithm: sha256WithRSAEncryption
         72:f9:96:3b:f5:92:ca:6b:f1:89:c5:16:29:3a:7d:03:c0:3b:
         69:97:72:75:46:f7:d5:d9:65:00:0e:61:d3:a9:43:41:5f:f8:
         89:ab:ab:18:6e:25:61:69:2c:6b:5e:91:c1:25:90:a7:ad:19:
         a6:e2:c7:d7:98:bc:73:c3:ae:aa:b3:27:66:8b:c6:bb:1c:bc:
         62:1e:26:66:ae:bb:73:a1:b1:12:44:b5:91:ac:ac:d6:f3:6f:
         61:99:23:14:75:58:c4:25:d5:22:4a:54:17:72:4f:6d:82:05:
         0e:a7:7b:03:5c:76:b5:a2:b3:3f:42:88:40:9e:71:05:04:f9:
         c3:c3:8f:0b:b0:ad:14:37:16:f3:5e:10:9d:0d:7f:df:78:6b:
         c0:fb:0d:6f:bb:2f:a7:11:a6:4d:df:c8:10:bd:10:99:8c:44:
         c6:6f:65:66:bd:58:e3:dd:fd:3b:c7:c3:a6:f3:15:31:08:1e:
         e1:36:e3:11:bb:13:66:c6:61:27:bd:db:8f:ce:92:19:30:d8:
         7b:d0:22:ee:5e:71:6d:05:1a:07:cb:45:ca:f8:b2:95:e5:19:
         6f:2c:35:9c:a3:8c:9d:98:8a:17:9d:76:f2:c6:e3:80:5d:6c:
         01:a6:37:e0:7a:c4:55:1c:97:b8:1b:ac:28:af:ee:9b:59:e3:
         8d:d1:f2:a8
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUFQOPI5ZikaGuwOmArG01VfwBruUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjYxOTIxNTVaFw0yNTA0MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGMyZjYzOWU3YmUyMmUxOTA1YjNkN2Y1M2QzYzA1MWNmMTM5NDU0MGYwZWNk
M2ViMTlmZDhlYzVhYzczYTIxNjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJfRzRVk7l+a/lIhuZL5GgPXaTtxWDyu0hPg5Wt+kmAujbu/c7JbML3Ez6OD
xWMly7NoZqPfb7OsByT5r8ur9Qep8MljOFccpK4GXmhxG0WJA6WlsGPWz+jN8H16
68hGg3St4u3v2dn6hzc9aCFkvqJm+isZxMxXkD0HQP9Ke1VDofesNyDnc2tHtkZu
C0A0FwRRqOJuIJFhAv9KYlZwi45za8gJ7zIF139dczdVR6SMuKkq7urQo3fv/UQF
sL35qPd1SGfKpRHUN/o3EQKa6pCD1BGAAgB7gl9wuDwvWsViv0zGlyKKPOQqChJe
S9wSWGctl+p7A2L/QsJsuFGhiBMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQ7tt7d
NhV4lBL0cjltLtbQllSKPjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjJkZGM1MmEtOGE0Zi00ZWYyLTk1ZWMtZGJmM2E3NmJlOThkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DUI
QDANBgkqhkiG9w0BAQsFAAOCAQEAcvmWO/WSymvxicUWKTp9A8A7aZdydUb31dll
AA5h06lDQV/4iaurGG4lYWksa16RwSWQp60ZpuLH15i8c8OuqrMnZovGuxy8Yh4m
Zq67c6GxEkS1kays1vNvYZkjFHVYxCXVIkpUF3JPbYIFDqd7A1x2taKzP0KIQJ5x
BQT5w8OPC7CtFDcW814QnQ1/33hrwPsNb7svpxGmTd/IEL0QmYxExm9lZr1Y4939
O8fDpvMVMQge4TbjEbsTZsZhJ73bj86SGTDYe9Ai7l5xbQUaB8tFyviyleUZbyw1
nKOMnZiKF5128sbjgF1sAaY34HrEVRyXuBusKK/um1njjdHyqA==
-----END CERTIFICATE-----