Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/acd7954f-99ee-4af0-9763-11271381925f.roa
File:                     acd7954f-99ee-4af0-9763-11271381925f.roa (raw, json)
Hash identifier:          ezh4b5sYIQWogDaa1mTyLzleuMxwq6ZovOA+3l4mMTU=
Subject key identifier:   BD:66:76:6D:E3:AD:C9:70:AB:40:D1:66:C6:52:79:CE:1D:D6:EC:11
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       39CDAF466DD14918F01DE2651DFAA48FFA9E394F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/acd7954f-99ee-4af0-9763-11271381925f.roa
Signing time:             Mon 31 Mar 2025 20:11:11 +0000
ROA not before:           Mon 31 Mar 2025 20:11:11 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07b:5080::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:cd:af:46:6d:d1:49:18:f0:1d:e2:65:1d:fa:a4:8f:fa:9e:39:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:11:11 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:fc:ab:6e:e6:a5:6b:90:16:ef:5c:7a:72:47:
                    02:34:1e:67:3a:2f:8f:be:8a:af:5d:dc:da:6d:ad:
                    49:e2:9f:08:db:86:3a:d6:f1:6e:fb:18:ae:a6:3c:
                    b2:c4:53:70:bc:52:0f:96:d3:04:43:24:9e:ec:7c:
                    6f:be:ea:da:ff:f5:8c:a9:f6:ea:d4:e6:00:3a:8b:
                    13:b4:07:6f:82:d7:ec:1c:34:36:f3:38:e8:76:d7:
                    b5:9e:57:5b:6b:d0:17:42:cd:af:b7:d2:c9:51:fd:
                    bc:6a:b2:91:a9:9a:19:96:04:15:87:a1:4e:83:97:
                    f1:1b:e7:cc:9a:95:df:d2:83:02:81:fd:ed:20:26:
                    db:1d:62:c9:c5:ca:b3:c2:6b:16:70:ba:e9:1f:b4:
                    73:a2:66:e3:cb:f5:cb:f2:bf:78:f1:4d:40:a8:d1:
                    0d:31:50:81:ca:4b:07:00:d3:22:20:82:71:27:76:
                    09:68:c3:67:ec:5d:a4:6e:66:f4:af:b4:a0:44:9e:
                    3b:23:35:85:2e:a1:4b:61:7c:39:35:90:2c:a0:52:
                    0d:17:ec:1d:86:4f:11:8f:2f:6a:a6:53:cd:ee:0f:
                    ff:67:e2:22:d8:40:26:94:34:cc:e1:c1:b2:61:2b:
                    23:42:ed:c8:c6:1c:66:84:69:db:9b:cd:17:e2:ab:
                    43:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:66:76:6D:E3:AD:C9:70:AB:40:D1:66:C6:52:79:CE:1D:D6:EC:11
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/acd7954f-99ee-4af0-9763-11271381925f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07b:5080::/46

    Signature Algorithm: sha256WithRSAEncryption
         53:0d:02:e6:6c:ae:41:82:1a:91:28:8d:b9:a6:5b:5e:a1:ac:
         78:c8:f8:fc:ec:ce:9f:0f:7d:4f:c1:14:5a:bf:9f:ce:83:0a:
         e3:67:3d:07:41:1e:e8:2a:77:f0:c0:f1:24:54:3b:6b:cf:38:
         b4:f3:17:e0:5f:d2:ed:e8:cc:38:d3:0e:92:b3:74:22:37:b9:
         7c:99:aa:83:f6:11:da:b4:0b:00:06:78:60:81:39:dd:e4:72:
         e0:cf:ff:b9:78:71:2f:43:0d:9d:73:ef:7b:5e:c7:7f:e2:62:
         c6:bf:a8:19:1d:45:77:4b:46:a0:37:c6:05:16:6a:99:11:48:
         9f:84:35:b2:43:44:da:97:f4:b8:12:63:5f:62:5e:82:d1:f1:
         66:77:0a:e1:b0:ac:96:69:82:29:8e:ab:86:5c:4e:49:da:c9:
         01:a1:4c:46:2a:d0:de:b6:16:22:c1:7c:c3:63:12:da:1c:23:
         c1:92:71:65:34:3c:0d:59:0c:6c:c0:f5:ba:65:b3:3d:fb:b0:
         4e:4d:da:bd:6b:7a:e9:19:b7:af:b5:68:28:0c:6b:6a:f1:56:
         a5:0b:02:d1:4e:3d:c8:be:44:71:5b:90:fe:87:94:d6:8c:6d:
         13:3e:56:99:c4:17:bc:3f:3c:6b:cd:7c:cb:92:00:de:de:bf:
         db:22:08:03
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUOc2vRm3RSRjwHeJlHfqkj/qeOU8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDExMTFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGZlMDkxMGZlYjNkOGVjN2MwODQ3MTk4MTBmYTc1NzgzZmMyNjUzYmQxZGMw
YTU1MTNhM2E3NjM2NjAxYjRiZTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMf8q27mpWuQFu9cenJHAjQeZzovj76Kr13c2m2tSeKfCNuGOtbxbvsYrqY8
ssRTcLxSD5bTBEMknux8b77q2v/1jKn26tTmADqLE7QHb4LX7Bw0NvM46HbXtZ5X
W2vQF0LNr7fSyVH9vGqykamaGZYEFYehToOX8RvnzJqV39KDAoH97SAm2x1iycXK
s8JrFnC66R+0c6Jm48v1y/K/ePFNQKjRDTFQgcpLBwDTIiCCcSd2CWjDZ+xdpG5m
9K+0oESeOyM1hS6hS2F8OTWQLKBSDRfsHYZPEY8vaqZTze4P/2fiIthAJpQ0zOHB
smErI0LtyMYcZoRp25vNF+KrQ/MCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS9ZnZt
463JcKtA0WbGUnnOHdbsETAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWNkNzk1NGYtOTllZS00YWYwLTk3NjMtMTEyNzEzODE5MjVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HtQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAUw0C5myuQYIakSiNuaZbXqGseMj4/OzOnw99
T8EUWr+fzoMK42c9B0Ee6Cp38MDxJFQ7a884tPMX4F/S7ejMONMOkrN0Ije5fJmq
g/YR2rQLAAZ4YIE53eRy4M//uXhxL0MNnXPve17Hf+Jixr+oGR1Fd0tGoDfGBRZq
mRFIn4Q1skNE2pf0uBJjX2JegtHxZncK4bCslmmCKY6rhlxOSdrJAaFMRirQ3rYW
IsF8w2MS2hwjwZJxZTQ8DVkMbMD1umWzPfuwTk3avWt66Rm3r7VoKAxravFWpQsC
0U49yL5EcVuQ/oeU1oxtEz5WmcQXvD88a818y5IA3t6/2yIIAw==
-----END CERTIFICATE-----