Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/791beea0-a041-4e83-a3bb-074f4f65225c.roa
File:                     791beea0-a041-4e83-a3bb-074f4f65225c.roa (raw, json)
Hash identifier:          s0eR1J7UoTwMVAiRaRePi9JnQvGKBS8rUIcNY3KiB7g=
Subject key identifier:   89:2F:B0:57:0B:6F:DF:C0:13:03:2F:6D:FA:87:D8:9E:31:E9:38:8F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0AB7556FA6D41F9AA6C92E87207E59D45F388D18
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/791beea0-a041-4e83-a3bb-074f4f65225c.roa
Signing time:             Mon 31 Mar 2025 20:31:45 +0000
ROA not before:           Mon 31 Mar 2025 20:31:45 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:50c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:b7:55:6f:a6:d4:1f:9a:a6:c9:2e:87:20:7e:59:d4:5f:38:8d:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:31:45 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:96:27:44:d1:01:65:85:11:06:b8:e2:a5:ed:
                    9a:01:f8:95:70:0e:c4:76:14:66:0e:d1:9f:bb:df:
                    4b:1b:25:46:80:a3:47:09:e5:8d:6c:59:8b:01:ab:
                    c5:ac:18:dc:22:bd:a4:de:33:1e:31:d1:2d:36:74:
                    22:8e:d0:17:c6:0a:6b:69:ed:e1:e6:08:4e:dd:6c:
                    f9:35:31:1f:49:4f:bd:8d:25:4c:dc:c6:0e:21:d2:
                    30:f1:03:1d:c9:cd:10:81:d3:ec:c6:cf:36:ac:13:
                    fe:14:b1:1e:b8:42:fb:60:42:7d:d5:ee:2f:4d:e8:
                    81:51:d7:af:13:7e:9c:74:8c:e3:55:fa:91:6e:e7:
                    b5:27:93:b5:9f:fb:0d:1f:3e:a4:41:b8:3a:bf:18:
                    e4:ce:cc:7b:df:ac:30:ae:82:c2:d9:b1:f4:70:21:
                    3f:a5:f1:31:15:0d:2a:4f:d2:f4:f7:2b:f2:d4:cb:
                    71:64:f2:9a:19:f1:24:71:c5:39:26:9c:b9:ee:03:
                    55:e6:41:6e:ca:28:c0:0c:1b:d4:de:01:dd:96:e2:
                    a4:ab:3e:d9:93:37:48:4a:a7:84:a3:87:24:66:42:
                    76:6d:e8:1d:49:37:1d:76:0a:85:20:24:85:a8:4b:
                    18:f8:7d:ce:de:b8:37:ea:5a:e7:95:c4:c7:73:71:
                    b8:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:2F:B0:57:0B:6F:DF:C0:13:03:2F:6D:FA:87:D8:9E:31:E9:38:8F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/791beea0-a041-4e83-a3bb-074f4f65225c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:50c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         5f:5c:91:0e:d6:95:98:4d:2b:92:4b:f6:2b:99:0b:97:5e:c6:
         51:3c:e4:7d:21:5f:5d:f7:ba:15:85:a2:9c:67:e7:c8:2b:97:
         3c:70:2e:be:9b:33:aa:e8:1a:04:56:58:01:f9:aa:84:80:03:
         0e:9d:af:69:a7:2d:79:e0:cc:3e:d0:f5:57:34:6b:04:53:c2:
         74:ec:c1:66:0c:f8:be:16:17:ab:8e:9f:82:06:64:f9:e1:93:
         f5:50:4a:90:36:69:0b:e9:fb:29:ba:32:7f:39:08:4b:f8:22:
         96:cc:5e:6a:b5:0b:59:c5:25:dd:e3:9e:d4:1f:58:6a:79:50:
         7f:a9:9f:00:db:71:3f:21:ec:5f:b6:78:7a:6d:8f:55:58:4b:
         e9:fb:df:78:20:d0:a6:fa:df:c4:ba:97:a4:a4:a3:48:76:15:
         c3:44:bb:62:09:56:69:32:99:f1:ac:cf:94:13:44:94:ab:11:
         e5:cf:59:d9:f1:d2:bd:7d:5d:3e:f2:14:03:db:f5:60:81:99:
         a6:41:d9:7f:66:de:48:e5:4e:4e:ef:a1:ba:03:e1:c0:0c:bc:
         ad:61:f1:c9:68:fb:3f:e5:3a:6f:64:cd:99:d1:a2:69:31:43:
         14:f7:b5:36:70:db:ff:5e:61:cd:b1:69:34:bd:f2:53:8b:0a:
         d1:e7:9f:82
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUCrdVb6bUH5qmyS6HIH5Z1F84jRgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMxNDVaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDkyYzQ3OTEwZjlmMzk2Mzk2NDQ0MjlhOGUxZDhlMGY3ZGU1Y2JkM2ZmNTk2
ZjY2NDY2YjExN2JjY2FhOGQxNmUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMKWJ0TRAWWFEQa44qXtmgH4lXAOxHYUZg7Rn7vfSxslRoCjRwnljWxZiwGr
xawY3CK9pN4zHjHRLTZ0Io7QF8YKa2nt4eYITt1s+TUxH0lPvY0lTNzGDiHSMPED
HcnNEIHT7MbPNqwT/hSxHrhC+2BCfdXuL03ogVHXrxN+nHSM41X6kW7ntSeTtZ/7
DR8+pEG4Or8Y5M7Me9+sMK6Cwtmx9HAhP6XxMRUNKk/S9Pcr8tTLcWTymhnxJHHF
OSacue4DVeZBbsoowAwb1N4B3ZbipKs+2ZM3SEqnhKOHJGZCdm3oHUk3HXYKhSAk
hahLGPh9zt64N+pa55XEx3NxuGcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSJL7BX
C2/fwBMDL236h9ieMek4jzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzkxYmVlYTAtYTA0MS00ZTgzLWEzYmItMDc0ZjRmNjUyMjVjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HdQ
wDANBgkqhkiG9w0BAQsFAAOCAQEAX1yRDtaVmE0rkkv2K5kLl17GUTzkfSFfXfe6
FYWinGfnyCuXPHAuvpszqugaBFZYAfmqhIADDp2vaacteeDMPtD1VzRrBFPCdOzB
Zgz4vhYXq46fggZk+eGT9VBKkDZpC+n7KboyfzkIS/gilsxearULWcUl3eOe1B9Y
anlQf6mfANtxPyHsX7Z4em2PVVhL6fvfeCDQpvrfxLqXpKSjSHYVw0S7YglWaTKZ
8azPlBNElKsR5c9Z2fHSvX1dPvIUA9v1YIGZpkHZf2beSOVOTu+hugPhwAy8rWHx
yWj7P+U6b2TNmdGiaTFDFPe1NnDb/15hzbFpNL3yU4sK0eefgg==
-----END CERTIFICATE-----