Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6b4f5b06-ebd9-4673-8db1-8e72df99c996.roa
File:                     6b4f5b06-ebd9-4673-8db1-8e72df99c996.roa (raw, json)
Hash identifier:          lczmQjaReFFqK3bXl8O0BFi6L8Om5pWOJOjpX/65l8w=
Subject key identifier:   A5:18:7A:D1:D2:AD:5F:7B:04:96:92:64:22:1E:4C:0A:A5:BE:A1:BA
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       146FFCDA2956BB78875D6C712EDC4EA170C4E247
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6b4f5b06-ebd9-4673-8db1-8e72df99c996.roa
Signing time:             Mon 31 Mar 2025 19:31:01 +0000
ROA not before:           Mon 31 Mar 2025 19:31:01 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:2080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:6f:fc:da:29:56:bb:78:87:5d:6c:71:2e:dc:4e:a1:70:c4:e2:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:31:01 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b1:c4:77:23:d0:0e:3f:1f:c8:c8:63:07:03:
                    a8:0c:95:aa:fc:74:f1:7f:1a:dd:fc:69:c5:03:40:
                    bd:89:82:43:90:f9:89:3b:a3:c7:db:31:c3:6c:2f:
                    8d:f4:d6:47:f6:8d:3a:3f:08:01:d7:67:77:5a:46:
                    66:9d:31:33:4e:f5:6a:81:b9:48:50:d5:19:ac:ab:
                    c9:12:8b:19:a9:a2:82:ee:c7:ba:71:36:d4:28:52:
                    1c:c1:73:ef:33:5d:92:69:d3:2d:99:46:0b:c5:c7:
                    fb:2f:86:f9:3e:b0:5b:24:35:96:45:a4:6e:2c:79:
                    1a:c4:2f:48:19:9e:50:1f:0a:e7:4b:a8:90:c7:90:
                    84:72:25:37:c6:f9:8e:a8:b9:e1:6b:76:52:f1:55:
                    8c:20:c6:f0:c4:63:4f:0b:b6:51:49:d2:e5:62:7f:
                    ee:3f:50:6f:90:36:8e:93:94:73:f5:ca:a6:20:2b:
                    4a:0f:37:bf:7e:10:46:40:5a:a5:a8:11:ab:a4:02:
                    72:e0:fc:a8:e5:cb:05:4a:0b:d2:2b:10:20:9a:16:
                    fe:28:4b:90:37:ec:33:35:e2:57:8f:39:a1:a3:58:
                    27:2c:6a:7e:25:bf:92:3f:44:cb:e8:46:72:73:a6:
                    1b:68:2a:a7:4c:67:e1:0f:5b:76:dc:85:27:68:5a:
                    ea:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:18:7A:D1:D2:AD:5F:7B:04:96:92:64:22:1E:4C:0A:A5:BE:A1:BA
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6b4f5b06-ebd9-4673-8db1-8e72df99c996.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:2080::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:4c:0b:72:0c:c3:4e:df:68:82:08:0b:21:7c:f2:82:3f:e1:
         2f:86:49:fe:a8:a1:62:c9:49:bf:c1:7e:c3:28:b0:17:22:bf:
         fe:ad:bf:1e:e6:45:10:32:90:b3:fc:2e:53:d1:57:0f:ef:4b:
         2c:aa:dd:96:96:8e:6c:e8:0d:a7:79:8f:03:d5:0d:13:d6:46:
         4e:0e:83:7d:6b:c7:fa:9a:6b:14:3d:8b:9a:29:30:28:13:df:
         23:b8:71:eb:f3:a4:52:55:12:8e:c8:3f:6d:20:8b:a7:14:bf:
         48:af:bd:81:a6:44:38:61:30:c1:c3:50:22:a2:8a:15:c0:f8:
         b4:67:b9:7b:50:53:f1:28:4a:64:2c:21:9c:52:2b:19:22:8a:
         c6:f7:50:89:6b:33:30:3b:34:a4:c9:df:97:50:00:fd:0b:41:
         32:6a:ef:37:6c:0c:dc:63:06:41:91:31:0e:0b:91:44:a1:23:
         a3:6d:04:23:3b:74:7a:ed:20:8a:f4:d1:03:b7:28:b9:52:c9:
         f9:23:de:a7:59:44:ca:a5:41:fa:c5:23:7e:3a:e4:90:ec:3c:
         60:40:ba:8a:9f:fc:8d:46:18:b1:eb:d9:cc:ca:80:dc:0f:cd:
         f8:bc:fd:59:a8:c5:fb:f7:2f:73:92:2c:8f:9a:a0:05:0e:40:
         8f:df:50:0f
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUFG/82ilWu3iHXWxxLtxOoXDE4kcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTMxMDFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGVkZWIzYWI4ZmY1YjhhZWRhOGFjMzZhZjVmYjIwNjBiYjQ1ZThlODk2NjI3
ZGM3ZGFhNTNjZjQ0MWExZTBmZGMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANOxxHcj0A4/H8jIYwcDqAyVqvx08X8a3fxpxQNAvYmCQ5D5iTujx9sxw2wv
jfTWR/aNOj8IAddnd1pGZp0xM071aoG5SFDVGayryRKLGamigu7HunE21ChSHMFz
7zNdkmnTLZlGC8XH+y+G+T6wWyQ1lkWkbix5GsQvSBmeUB8K50uokMeQhHIlN8b5
jqi54Wt2UvFVjCDG8MRjTwu2UUnS5WJ/7j9Qb5A2jpOUc/XKpiArSg83v34QRkBa
pagRq6QCcuD8qOXLBUoL0isQIJoW/ihLkDfsMzXiV485oaNYJyxqfiW/kj9Ey+hG
cnOmG2gqp0xn4Q9bdtyFJ2ha6v0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSlGHrR
0q1fewSWkmQiHkwKpb6hujAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NmI0ZjViMDYtZWJkOS00NjczLThkYjEtOGU3MmRmOTljOTk2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0AAg
gDANBgkqhkiG9w0BAQsFAAOCAQEAcUwLcgzDTt9ogggLIXzygj/hL4ZJ/qihYslJ
v8F+wyiwFyK//q2/HuZFEDKQs/wuU9FXD+9LLKrdlpaObOgNp3mPA9UNE9ZGTg6D
fWvH+pprFD2LmikwKBPfI7hx6/OkUlUSjsg/bSCLpxS/SK+9gaZEOGEwwcNQIqKK
FcD4tGe5e1BT8ShKZCwhnFIrGSKKxvdQiWszMDs0pMnfl1AA/QtBMmrvN2wM3GMG
QZExDguRRKEjo20EIzt0eu0givTRA7couVLJ+SPep1lEyqVB+sUjfjrkkOw8YEC6
ip/8jUYYsevZzMqA3A/N+Lz9WajF+/cvc5Isj5qgBQ5Aj99QDw==
-----END CERTIFICATE-----