Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a40e2cf2-d6e4-4813-a5aa-623eda8926e6.roa
File:                     a40e2cf2-d6e4-4813-a5aa-623eda8926e6.roa (raw, json)
Hash identifier:          aCds+Avr+gUy7JA2POb+Js4RFTJIMZVqkOQSI/uYUZY=
Subject key identifier:   8B:5B:4C:1E:2E:54:DD:68:41:5F:9F:3C:DA:31:8E:3F:0C:2C:62:B1
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       74034F3BC809D867F12CB2F9349F8B22EEA3D804
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a40e2cf2-d6e4-4813-a5aa-623eda8926e6.roa
Signing time:             Mon 31 Mar 2025 19:50:01 +0000
ROA not before:           Mon 31 Mar 2025 19:50:01 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:6080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:03:4f:3b:c8:09:d8:67:f1:2c:b2:f9:34:9f:8b:22:ee:a3:d8:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:50:01 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:27:28:8e:f7:49:2e:ea:7b:2c:0b:87:ff:42:
                    81:df:92:07:77:96:af:86:d0:90:b9:9c:22:ba:5b:
                    64:84:48:89:dc:59:03:37:d0:2d:12:81:f6:8a:2a:
                    b6:69:b8:20:c1:fa:a8:ec:a1:90:69:30:53:2e:97:
                    fc:92:52:19:cc:d3:15:ee:57:24:de:47:bd:cc:9f:
                    9e:4f:5e:d0:d2:9f:61:05:83:e3:5f:f2:06:ae:9c:
                    32:bd:2d:c2:55:63:a6:b5:64:37:3d:9b:6f:fa:b7:
                    11:83:a5:32:45:7c:c9:d1:b3:16:b0:aa:8d:05:e8:
                    04:3c:95:18:eb:82:f7:c1:0b:8f:2b:25:c7:00:72:
                    21:56:60:b4:9a:96:c6:89:f0:62:b7:b4:70:e9:1a:
                    cf:de:de:55:0a:11:44:19:c4:a6:b6:83:b5:7e:b8:
                    27:35:38:8a:83:86:3f:a2:62:f2:91:ee:fe:a5:23:
                    fe:7e:d3:2e:0c:f2:dc:bb:ee:db:77:22:32:8e:e7:
                    78:ae:ea:7a:03:d6:10:8b:ee:5c:da:73:b6:fa:05:
                    cb:d6:a1:98:e4:92:4e:77:0d:d7:4b:96:bc:e4:2b:
                    ad:69:2c:01:16:aa:4b:bd:fd:a1:11:d2:03:70:d9:
                    f4:2f:bc:ad:2e:75:51:12:15:8e:66:94:e9:ec:78:
                    52:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:5B:4C:1E:2E:54:DD:68:41:5F:9F:3C:DA:31:8E:3F:0C:2C:62:B1
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a40e2cf2-d6e4-4813-a5aa-623eda8926e6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:6080::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:4d:06:ac:5d:af:e4:d1:bc:3f:a1:d5:bb:18:42:a9:b5:31:
         50:6f:b4:e8:ff:32:f9:e1:1f:0d:d7:d1:ff:31:56:7d:a9:7b:
         2e:1d:e7:97:b6:dc:a9:79:59:d9:18:ce:0e:42:43:9d:85:a9:
         06:cf:a3:f5:c1:d2:66:eb:dd:90:56:b8:92:bb:68:0e:fb:dc:
         a8:e9:6c:21:cf:b4:20:60:ec:80:89:9e:8f:9e:73:5f:fc:5a:
         02:00:25:9a:2d:4d:d6:68:63:2f:6f:dc:2d:ea:eb:22:eb:4b:
         d0:f9:5c:91:6d:32:56:3a:e3:07:ce:9e:33:25:01:38:ea:20:
         ba:57:30:2f:63:09:cc:ab:89:6b:17:ce:1d:3c:3c:5b:45:03:
         5d:bd:89:04:a3:7f:88:e3:84:56:14:91:69:33:c9:44:06:cc:
         17:63:fa:4c:43:c5:27:ae:5d:20:55:3c:64:72:f1:75:d2:21:
         2a:13:53:a1:ba:ac:74:64:7b:42:dc:08:0a:5e:53:0b:2d:ef:
         4b:7e:1c:97:04:e5:7e:06:e0:62:b2:7c:74:cc:b5:85:c7:96:
         d6:ff:9d:a6:ad:63:ca:fa:24:37:d9:32:9d:bd:9e:59:49:13:
         4c:1d:88:1d:d5:a4:d0:72:a0:de:7f:37:45:74:6a:16:7e:93:
         70:c7:ba:38
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUdANPO8gJ2GfxLLL5NJ+LIu6j2AQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTUwMDFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGJiMTcxMjhmMjM1YjYwYmIxMzk3MjdmNDlkMDFjZjdkOGZlYzhmZGJkNzQz
YjYwOTAxNmIxOGI1YzNmMDA0YzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALQnKI73SS7qeywLh/9Cgd+SB3eWr4bQkLmcIrpbZIRIidxZAzfQLRKB9ooq
tmm4IMH6qOyhkGkwUy6X/JJSGczTFe5XJN5Hvcyfnk9e0NKfYQWD41/yBq6cMr0t
wlVjprVkNz2bb/q3EYOlMkV8ydGzFrCqjQXoBDyVGOuC98ELjyslxwByIVZgtJqW
xonwYre0cOkaz97eVQoRRBnEpraDtX64JzU4ioOGP6Ji8pHu/qUj/n7TLgzy3Lvu
23ciMo7neK7qegPWEIvuXNpztvoFy9ahmOSSTncN10uWvOQrrWksARaqS739oRHS
A3DZ9C+8rS51URIVjmaU6ex4UgMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSLW0we
LlTdaEFfnzzaMY4/DCxisTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTQwZTJjZjItZDZlNC00ODEzLWE1YWEtNjIzZWRhODkyNmU2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DFg
gDANBgkqhkiG9w0BAQsFAAOCAQEAo00GrF2v5NG8P6HVuxhCqbUxUG+06P8y+eEf
DdfR/zFWfal7Lh3nl7bcqXlZ2RjODkJDnYWpBs+j9cHSZuvdkFa4krtoDvvcqOls
Ic+0IGDsgImej55zX/xaAgAlmi1N1mhjL2/cLerrIutL0PlckW0yVjrjB86eMyUB
OOogulcwL2MJzKuJaxfOHTw8W0UDXb2JBKN/iOOEVhSRaTPJRAbMF2P6TEPFJ65d
IFU8ZHLxddIhKhNTobqsdGR7QtwICl5TCy3vS34clwTlfgbgYrJ8dMy1hceW1v+d
pq1jyvokN9kynb2eWUkTTB2IHdWk0HKg3n83RXRqFn6TcMe6OA==
-----END CERTIFICATE-----