Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b72a9540-51ef-4dcc-a5e2-2417249a1af3.roa
File:                     b72a9540-51ef-4dcc-a5e2-2417249a1af3.roa (raw, json)
Hash identifier:          6fPIL3FzRAO4xG8aPXoAPvejgtMExopU/fnskeA9/8w=
Subject key identifier:   DF:FF:A4:8A:24:F2:2A:DF:B2:BA:37:7F:E3:7E:66:1C:12:18:BD:CC
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7BF3F5C6395ED8AE655BEB895A1E07E72471F2EA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b72a9540-51ef-4dcc-a5e2-2417249a1af3.roa
Signing time:             Mon 31 Mar 2025 21:10:39 +0000
ROA not before:           Mon 31 Mar 2025 21:10:39 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d012:400::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:f3:f5:c6:39:5e:d8:ae:65:5b:eb:89:5a:1e:07:e7:24:71:f2:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:10:39 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ef:7f:3d:29:8f:71:79:ed:a3:7f:da:02:10:
                    d4:2b:31:14:90:ef:f1:22:93:ea:93:36:19:07:c2:
                    f2:10:5a:f7:5b:20:6e:3e:3c:a3:12:b0:47:03:26:
                    07:47:16:1a:07:8f:d7:bb:c9:37:58:7c:3a:6f:5b:
                    c0:f1:97:a1:15:c4:8d:ae:79:b2:9e:f9:6c:de:05:
                    e5:0e:c8:18:7e:95:34:51:40:4b:c4:bd:f9:b1:5b:
                    05:3b:11:ca:3c:17:14:63:f2:0f:e0:e2:93:0f:36:
                    3a:37:2f:98:f6:a9:9d:27:4f:62:8a:9c:3b:f9:00:
                    0e:bf:f7:67:f1:13:55:36:54:f4:25:00:7c:26:2c:
                    c7:e3:e5:35:30:70:90:07:da:c3:01:a2:ff:58:5c:
                    56:f0:5e:25:8d:bc:c0:7d:7e:97:b5:4c:3f:5c:9e:
                    af:69:ce:04:5c:c8:d3:50:93:17:73:d3:3d:40:8c:
                    39:05:a4:23:88:18:2a:08:23:d5:37:c4:4a:25:50:
                    35:92:b2:7f:a0:31:d8:b4:9f:9c:1f:48:e0:09:c7:
                    11:12:f2:41:52:71:c5:fe:04:8a:06:09:fb:e7:c6:
                    5f:40:30:d4:9f:d4:a9:e2:b7:80:14:03:45:ba:11:
                    fd:63:fa:81:02:94:da:1c:fe:e3:18:b0:0f:c1:e1:
                    1a:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:FF:A4:8A:24:F2:2A:DF:B2:BA:37:7F:E3:7E:66:1C:12:18:BD:CC
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b72a9540-51ef-4dcc-a5e2-2417249a1af3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d012:400::/38

    Signature Algorithm: sha256WithRSAEncryption
         20:94:b6:57:ee:c0:ba:d9:b6:9a:ba:87:de:35:21:6d:36:8f:
         bc:db:34:d0:69:9a:86:1d:13:2c:fe:03:d1:f4:92:10:0c:6c:
         2a:6f:bd:72:65:d1:4f:35:f5:b6:70:eb:61:d0:9c:e8:b9:b6:
         eb:12:86:e9:a3:37:85:f8:1f:35:44:9f:ef:5f:6e:63:12:9a:
         83:ab:db:60:46:98:ae:5f:98:95:44:23:1b:72:df:2e:cd:5d:
         88:ff:ae:be:20:be:1e:6c:2d:53:16:77:aa:29:b3:8b:6a:ff:
         ce:a4:e3:40:a0:93:c0:21:94:16:12:c6:e6:16:4a:49:2d:d9:
         4e:7f:cc:b7:c0:64:03:94:10:3f:c2:b1:ce:67:8d:29:25:84:
         e5:9b:88:5e:1c:3e:39:34:c6:00:2c:c3:b6:de:b5:de:27:09:
         8a:42:e6:1d:38:01:e0:e6:97:5b:b0:4d:7b:f2:39:31:03:64:
         e9:1d:a9:bc:cd:bf:68:b1:4a:8f:85:32:53:1f:5a:e4:ea:b1:
         4b:84:10:65:21:9d:10:f7:09:6e:10:0a:98:85:7f:49:d0:dd:
         1c:70:90:57:ac:88:5b:3f:43:1d:12:82:f9:4b:50:82:10:29:
         05:2d:61:3f:bc:1c:4e:a5:da:ab:ed:b5:0b:6f:24:5d:02:1c:
         3d:1d:7a:dc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUe/P1xjle2K5lW+uJWh4H5yRx8uowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTEwMzlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDA1MzRiMDQ5MTVlNDgyODc5YmNhM2U2MWEyYTJhYjkwOTEzYWZjOTE3Zjk3
N2ZhYTdlOTQ0YTFjNmQwNzEzZDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMDvfz0pj3F57aN/2gIQ1CsxFJDv8SKT6pM2GQfC8hBa91sgbj48oxKwRwMm
B0cWGgeP17vJN1h8Om9bwPGXoRXEja55sp75bN4F5Q7IGH6VNFFAS8S9+bFbBTsR
yjwXFGPyD+Dikw82OjcvmPapnSdPYoqcO/kADr/3Z/ETVTZU9CUAfCYsx+PlNTBw
kAfawwGi/1hcVvBeJY28wH1+l7VMP1yer2nOBFzI01CTF3PTPUCMOQWkI4gYKggj
1TfESiVQNZKyf6Ax2LSfnB9I4AnHERLyQVJxxf4EigYJ++fGX0Aw1J/UqeK3gBQD
RboR/WP6gQKU2hz+4xiwD8HhGukCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTf/6SK
JPIq37K6N3/jfmYcEhi9zDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjcyYTk1NDAtNTFlZi00ZGNjLWE1ZTItMjQxNzI0OWExYWYzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BIE
MA0GCSqGSIb3DQEBCwUAA4IBAQAglLZX7sC62baauofeNSFtNo+82zTQaZqGHRMs
/gPR9JIQDGwqb71yZdFPNfW2cOth0JzoubbrEobpozeF+B81RJ/vX25jEpqDq9tg
RpiuX5iVRCMbct8uzV2I/66+IL4ebC1TFneqKbOLav/OpONAoJPAIZQWEsbmFkpJ
LdlOf8y3wGQDlBA/wrHOZ40pJYTlm4heHD45NMYALMO23rXeJwmKQuYdOAHg5pdb
sE178jkxA2TpHam8zb9osUqPhTJTH1rk6rFLhBBlIZ0Q9wluEAqYhX9J0N0ccJBX
rIhbP0MdEoL5S1CCECkFLWE/vBxOpdqr7bULbyRdAhw9HXrc
-----END CERTIFICATE-----