Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/65c46db4-023b-4885-8c6b-9444db174ad3.roa
File:                     65c46db4-023b-4885-8c6b-9444db174ad3.roa (raw, json)
Hash identifier:          hY5VHsqq7VfFjBFQ8XZGJsautsnIjshjy735MWPgXUU=
Subject key identifier:   A3:8E:4B:32:3B:DD:FE:E8:9D:45:46:62:6D:E8:94:D7:9B:BC:76:6F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3DEA7C1C38042A46B69F0C5295412E4EFC922C74
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/65c46db4-023b-4885-8c6b-9444db174ad3.roa
Signing time:             Mon 31 Mar 2025 20:40:04 +0000
ROA not before:           Mon 31 Mar 2025 20:40:04 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07b:c080::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:ea:7c:1c:38:04:2a:46:b6:9f:0c:52:95:41:2e:4e:fc:92:2c:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:40:04 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:8e:d8:43:13:d6:34:33:a3:cc:3e:e0:db:21:
                    1e:30:10:57:4a:67:7c:a6:97:63:f8:2d:ac:01:73:
                    90:e3:db:31:1d:e5:c9:80:c9:04:ac:10:a3:c1:e2:
                    5d:ce:22:79:a4:b7:7c:55:35:89:a9:d1:98:45:48:
                    43:18:84:46:66:60:7e:85:de:27:5f:e8:9f:35:b9:
                    1d:0a:2c:ec:3f:3a:18:16:45:06:24:13:fe:d1:d4:
                    34:a7:33:87:ab:40:ae:ab:45:9c:3a:97:ed:12:23:
                    5d:34:0b:cc:fa:bd:27:21:d9:4a:37:88:5b:c5:3e:
                    a7:26:87:56:2b:3d:93:87:5a:95:c7:01:80:c7:80:
                    1d:29:56:52:c7:3e:e5:d2:9a:91:ed:3f:1e:40:91:
                    1e:89:4c:5a:44:43:44:e2:a6:00:13:8d:c4:fa:ca:
                    e8:fa:f4:a2:ee:ac:f2:9e:a0:6e:ba:8c:f3:55:61:
                    b0:e6:8f:d8:9a:8a:93:99:90:65:31:4d:44:46:b6:
                    9e:0a:e4:f6:d0:f9:28:e9:0e:71:90:4f:7e:c6:38:
                    8a:6d:30:b2:6a:b4:f5:8c:46:0b:40:a7:a5:0c:2c:
                    a5:8d:5f:22:73:01:7f:a0:ff:fb:52:50:2d:bd:bc:
                    3b:ce:c1:47:91:8f:aa:f6:e9:cc:0a:8e:12:c7:f3:
                    04:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:8E:4B:32:3B:DD:FE:E8:9D:45:46:62:6D:E8:94:D7:9B:BC:76:6F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/65c46db4-023b-4885-8c6b-9444db174ad3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07b:c080::/46

    Signature Algorithm: sha256WithRSAEncryption
         85:7d:16:34:0b:14:e0:b6:b4:0f:88:91:1b:bd:0a:87:32:70:
         99:17:bd:99:9c:f6:64:c7:01:f4:f8:a7:c8:2f:62:89:a2:1e:
         81:a3:08:e9:6f:cf:46:ac:c3:ed:29:9b:4a:5a:65:65:6e:0b:
         84:49:3b:cd:1f:e1:1c:c8:ec:57:5a:b6:a8:49:bd:6d:76:a4:
         92:7b:fd:45:bb:2c:56:c3:bb:1a:c1:c3:5c:ed:a3:aa:6a:ef:
         b5:73:3d:ad:d6:f9:d8:5e:15:4d:aa:05:45:39:cc:8b:02:37:
         ae:3b:8e:c5:e1:3a:e5:9e:e0:95:13:0b:03:62:d3:d8:03:d0:
         3c:25:07:ea:46:73:8b:03:0c:8c:fe:2e:35:b4:0a:b3:b9:65:
         72:3d:0a:fa:3b:7c:db:53:95:af:b8:77:5c:fc:8d:41:02:a7:
         e1:aa:fb:8d:a4:86:af:d7:3d:c4:80:67:b7:8e:a8:05:fb:c1:
         24:73:40:9f:d8:ea:b5:95:aa:be:83:aa:7c:85:26:37:d8:01:
         26:26:5e:d6:28:2a:71:8f:a1:38:99:c9:3f:dd:76:4b:7c:c5:
         96:99:27:0e:5d:ff:6c:55:84:07:ba:54:6d:23:18:d9:b7:1f:
         13:5c:0a:53:b7:83:c1:17:29:9c:8a:05:e4:72:1a:97:1a:b8:
         9a:99:54:72
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUPep8HDgEKka2nwxSlUEuTvySLHQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDQwMDRaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ3N2Y4MjRkMTNhN2ViYmFkMGVlZGQ0NzZlYzI3OTc4NTk3MTQwZjdmZTQ5
Y2U0ZDVhM2RlMjI0MmQ3Y2IxNTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIeO2EMT1jQzo8w+4NshHjAQV0pnfKaXY/gtrAFzkOPbMR3lyYDJBKwQo8Hi
Xc4ieaS3fFU1ianRmEVIQxiERmZgfoXeJ1/onzW5HQos7D86GBZFBiQT/tHUNKcz
h6tArqtFnDqX7RIjXTQLzPq9JyHZSjeIW8U+pyaHVis9k4dalccBgMeAHSlWUsc+
5dKake0/HkCRHolMWkRDROKmABONxPrK6Pr0ou6s8p6gbrqM81VhsOaP2JqKk5mQ
ZTFNREa2ngrk9tD5KOkOcZBPfsY4im0wsmq09YxGC0CnpQwspY1fInMBf6D/+1JQ
Lb28O87BR5GPqvbpzAqOEsfzBE8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSjjksy
O93+6J1FRmJt6JTXm7x2bzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjVjNDZkYjQtMDIzYi00ODg1LThjNmItOTQ0NGRiMTc0YWQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HvA
gDANBgkqhkiG9w0BAQsFAAOCAQEAhX0WNAsU4La0D4iRG70KhzJwmRe9mZz2ZMcB
9PinyC9iiaIegaMI6W/PRqzD7SmbSlplZW4LhEk7zR/hHMjsV1q2qEm9bXakknv9
RbssVsO7GsHDXO2jqmrvtXM9rdb52F4VTaoFRTnMiwI3rjuOxeE65Z7glRMLA2LT
2APQPCUH6kZziwMMjP4uNbQKs7llcj0K+jt821OVr7h3XPyNQQKn4ar7jaSGr9c9
xIBnt46oBfvBJHNAn9jqtZWqvoOqfIUmN9gBJiZe1igqcY+hOJnJP912S3zFlpkn
Dl3/bFWEB7pUbSMY2bcfE1wKU7eDwRcpnIoF5HIalxq4mplUcg==
-----END CERTIFICATE-----