Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a7e40fe2-fa32-4cf9-8684-8c3556570b30.roa
File:                     a7e40fe2-fa32-4cf9-8684-8c3556570b30.roa (raw, json)
Hash identifier:          2CQbrmyuheaWfvBFQOzF7Oho+zAMZoysdP9LlCdimnI=
Subject key identifier:   01:81:5B:F9:E0:48:1E:56:3F:7D:C6:64:6F:92:47:18:31:35:88:FE
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       329A396B3CC719F1A7FA08667100199E0C76F6D4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a7e40fe2-fa32-4cf9-8684-8c3556570b30.roa
Signing time:             Tue 01 Apr 2025 15:01:18 +0000
ROA not before:           Tue 01 Apr 2025 15:01:18 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d059:9000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:9a:39:6b:3c:c7:19:f1:a7:fa:08:66:71:00:19:9e:0c:76:f6:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  1 15:01:18 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:95:4b:03:5a:fc:68:fc:c5:5f:d3:f1:0c:fd:
                    4a:66:f0:4f:4d:2a:94:31:aa:bf:b8:7a:61:6c:2c:
                    80:fe:13:5f:97:e5:70:86:3e:cd:65:13:72:e7:34:
                    a1:86:fb:99:8b:c0:49:45:8e:b2:9a:2f:a6:fb:95:
                    54:81:54:5b:9d:55:ac:ff:c5:c4:dc:2c:fe:13:49:
                    52:da:06:14:c2:d4:c8:4e:4e:92:6b:16:13:3c:0b:
                    64:fd:4d:ff:2d:d2:86:41:ac:bb:ef:c7:5e:1b:87:
                    69:a8:34:31:0c:a5:73:4d:c6:2f:d9:79:98:06:0b:
                    15:16:8a:d7:ba:1a:d9:c7:da:1e:b6:9d:6e:f6:64:
                    b4:c2:65:8b:b2:ed:cf:98:22:14:27:ac:36:e9:e3:
                    8f:f4:3a:0c:09:23:33:23:21:97:a6:14:36:22:0b:
                    36:ed:3e:c5:6a:21:21:b3:70:f5:6c:bd:ea:e8:a3:
                    6a:5b:8c:70:23:04:12:69:6e:66:cd:c7:08:c3:15:
                    28:63:5f:48:a8:54:58:78:07:5e:ae:fd:7f:08:97:
                    73:35:64:09:e0:d8:db:02:37:53:e8:36:54:65:a8:
                    e0:17:80:ce:aa:84:e7:80:f4:40:c8:29:eb:2f:ad:
                    f5:0e:1f:a1:92:c7:b2:a6:71:cc:ca:33:8e:75:ab:
                    18:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:81:5B:F9:E0:48:1E:56:3F:7D:C6:64:6F:92:47:18:31:35:88:FE
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a7e40fe2-fa32-4cf9-8684-8c3556570b30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d059:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         27:60:ed:f5:3a:c5:f8:a6:4e:86:1f:1e:33:98:2c:e8:16:1f:
         82:66:38:9a:20:ef:10:5b:76:41:a3:8a:bd:ef:7a:b4:18:8d:
         39:3f:50:65:bc:7a:92:f7:55:8a:82:45:ba:a4:52:2d:d6:00:
         43:b3:be:32:48:a5:70:1e:18:06:a8:96:eb:ba:6b:19:fd:ee:
         95:ed:b7:67:eb:b9:5d:5a:43:99:4e:ae:2c:4a:51:81:ab:f5:
         73:4c:b0:eb:96:1f:b1:4e:19:e8:1f:d0:3c:b0:76:33:8f:c4:
         97:2e:a0:47:af:a9:23:a6:b8:78:4a:dd:0b:ab:43:1b:3b:06:
         42:e9:dd:8b:a4:c0:9a:e4:9b:ce:65:b1:c8:f4:0c:0b:6f:0d:
         fb:2b:b9:cf:3e:6c:41:8c:69:19:47:12:6a:64:f2:0c:e5:bd:
         65:41:2a:ac:cc:9a:99:bc:54:8d:69:de:1a:0a:43:61:f1:1d:
         ac:05:4e:02:c5:38:6d:6d:ab:34:63:0f:2d:bc:fa:91:9c:8b:
         6c:01:35:30:6c:67:56:16:75:a1:33:67:ec:52:07:23:38:42:
         24:48:38:bc:57:ea:88:13:a5:25:56:9c:98:e0:da:bb:b6:07:
         47:e1:5b:4f:a5:09:2e:c8:6a:b8:95:ac:87:c8:1f:7f:90:4f:
         aa:23:2a:7b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMpo5azzHGfGn+ghmcQAZngx29tQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDExNTAxMThaFw0yNTA1MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDdkNjIyNjFlMDI1MWQzMmMzYjhhZDk5NDRjNzk3NThiNzllZTMwYzkzYzM3
NzVkMTJkYzYyZTFhMDU2NTNlYTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALSVSwNa/Gj8xV/T8Qz9SmbwT00qlDGqv7h6YWwsgP4TX5flcIY+zWUTcuc0
oYb7mYvASUWOspovpvuVVIFUW51VrP/FxNws/hNJUtoGFMLUyE5OkmsWEzwLZP1N
/y3ShkGsu+/HXhuHaag0MQylc03GL9l5mAYLFRaK17oa2cfaHradbvZktMJli7Lt
z5giFCesNunjj/Q6DAkjMyMhl6YUNiILNu0+xWohIbNw9Wy96uijaluMcCMEEmlu
Zs3HCMMVKGNfSKhUWHgHXq79fwiXczVkCeDY2wI3U+g2VGWo4BeAzqqE54D0QMgp
6y+t9Q4foZLHsqZxzMozjnWrGOkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQBgVv5
4EgeVj99xmRvkkcYMTWI/jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTdlNDBmZTItZmEzMi00Y2Y5LTg2ODQtOGMzNTU2NTcwYjMwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FmQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAnYO31OsX4pk6GHx4zmCzoFh+CZjiaIO8QW3ZB
o4q973q0GI05P1BlvHqS91WKgkW6pFIt1gBDs74ySKVwHhgGqJbrumsZ/e6V7bdn
67ldWkOZTq4sSlGBq/VzTLDrlh+xThnoH9A8sHYzj8SXLqBHr6kjprh4St0Lq0Mb
OwZC6d2LpMCa5JvOZbHI9AwLbw37K7nPPmxBjGkZRxJqZPIM5b1lQSqszJqZvFSN
ad4aCkNh8R2sBU4CxThtbas0Yw8tvPqRnItsATUwbGdWFnWhM2fsUgcjOEIkSDi8
V+qIE6UlVpyY4Nq7tgdH4VtPpQkuyGq4layHyB9/kE+qIyp7
-----END CERTIFICATE-----