Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9ea62d6-dce3-4c74-b931-0cca87ccadea.roa
File:                     b9ea62d6-dce3-4c74-b931-0cca87ccadea.roa (raw, json)
Hash identifier:          MfTMCe4RXEncVcpbIcPDL5DnBImDaZTCz+NkbGIzJPc=
Subject key identifier:   96:EA:62:EA:7F:C2:F4:54:14:72:39:CD:82:F6:19:20:88:E9:19:4C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       7995B006DF9C3EDAFAE02B37CE34C8758E02CDA1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9ea62d6-dce3-4c74-b931-0cca87ccadea.roa
Signing time:             Mon 31 Mar 2025 19:40:03 +0000
ROA not before:           Mon 31 Mar 2025 19:40:03 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:c080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:95:b0:06:df:9c:3e:da:fa:e0:2b:37:ce:34:c8:75:8e:02:cd:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:40:03 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b4:e3:b8:2d:c4:3a:e0:cd:76:a9:83:97:7a:
                    db:2e:38:35:67:17:7b:c6:62:fb:5a:90:8e:a1:a9:
                    8d:24:79:e4:cf:91:33:ee:56:fc:54:99:8e:65:9d:
                    dd:0c:83:57:4e:02:95:57:ee:36:cf:7c:5e:47:d1:
                    77:22:30:0c:0a:d2:d1:43:16:45:d5:0e:07:e8:0c:
                    7e:91:48:8d:13:2c:1e:3c:41:b8:13:a6:62:43:9f:
                    b2:59:fb:32:5c:0a:58:d2:7b:0c:86:cd:1e:e4:be:
                    fd:ca:03:d2:84:56:c1:63:3a:a1:7f:4a:43:41:f4:
                    fc:b9:ea:92:36:2b:54:2c:ca:58:64:56:85:29:aa:
                    00:31:ff:87:c2:18:af:d7:68:6a:55:84:dd:df:ba:
                    7b:90:29:24:53:42:73:f8:7f:94:4a:48:29:96:79:
                    99:62:d2:17:c8:53:c1:fa:2c:bf:60:15:d5:9e:97:
                    47:2a:d4:25:f7:49:1b:35:4e:69:7e:42:29:64:ce:
                    45:b2:9c:a1:1f:5e:4d:41:0e:4f:94:a2:f0:6d:ee:
                    98:44:33:1c:d4:a6:9a:0f:74:8d:86:0f:f4:86:16:
                    68:2e:25:03:62:a0:d1:08:27:b7:bc:f6:e7:de:0a:
                    26:88:28:5c:aa:0c:80:13:a2:52:bc:6c:63:d8:76:
                    cf:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:EA:62:EA:7F:C2:F4:54:14:72:39:CD:82:F6:19:20:88:E9:19:4C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9ea62d6-dce3-4c74-b931-0cca87ccadea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:c080::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:76:03:f7:c2:8a:08:5a:8b:2d:88:1f:fb:a4:ca:eb:0d:f9:
         fa:3e:53:c9:da:2b:3b:47:97:77:f6:bd:61:10:58:fa:40:c2:
         17:ca:02:06:01:28:06:13:0f:39:35:5d:68:0d:5b:48:5f:dc:
         1a:9e:d3:99:d9:3a:db:70:42:2e:54:02:f8:7c:15:ce:af:1e:
         f6:b2:f2:ca:89:32:59:94:33:11:62:01:9d:c6:8a:22:dc:7d:
         e4:25:4e:58:70:2a:3a:03:41:68:83:47:45:5d:88:45:e2:4c:
         22:e0:d8:8e:2a:ae:96:62:38:f5:7a:0a:c7:e3:45:62:40:09:
         e1:ce:69:0b:2f:03:b3:b0:6d:2f:40:22:d2:eb:60:21:8c:0c:
         97:42:ab:35:7e:68:bb:c0:fb:5e:bf:83:a1:28:ad:8a:9b:4a:
         ff:f7:b9:bf:16:59:e4:64:2a:6f:34:11:dd:76:af:80:0a:c7:
         6c:1f:11:c4:1d:b8:62:5a:bc:22:6f:7f:fa:4d:ec:6a:ad:7a:
         7e:8d:ba:09:46:d5:fe:88:73:79:46:b8:07:a7:ec:50:2b:f3:
         dc:ce:25:fb:8e:1d:9b:4d:b9:04:3d:2f:36:c1:23:a3:78:b2:
         56:7d:cc:eb:7b:92:b9:b5:74:d5:06:17:88:0f:6c:df:23:e0:
         aa:68:29:98
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUeZWwBt+cPtr64Cs3zjTIdY4CzaEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTQwMDNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGU5N2QyMzQ3ZjNlYzk4ZDA0MWIxNGMzZmJjMWNkMjA4OGMzMDM2ODYyZmY5
N2U5MjY5ZjdhNThhOGYzZDg0M2QxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMm047gtxDrgzXapg5d62y44NWcXe8Zi+1qQjqGpjSR55M+RM+5W/FSZjmWd
3QyDV04ClVfuNs98XkfRdyIwDArS0UMWRdUOB+gMfpFIjRMsHjxBuBOmYkOfsln7
MlwKWNJ7DIbNHuS+/coD0oRWwWM6oX9KQ0H0/LnqkjYrVCzKWGRWhSmqADH/h8IY
r9doalWE3d+6e5ApJFNCc/h/lEpIKZZ5mWLSF8hTwfosv2AV1Z6XRyrUJfdJGzVO
aX5CKWTORbKcoR9eTUEOT5Si8G3umEQzHNSmmg90jYYP9IYWaC4lA2Kg0Qgnt7z2
594KJogoXKoMgBOiUrxsY9h2z2MCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSW6mLq
f8L0VBRyOc2C9hkgiOkZTDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjllYTYyZDYtZGNlMy00Yzc0LWI5MzEtMGNjYTg3Y2NhZGVhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DHA
gDANBgkqhkiG9w0BAQsFAAOCAQEAjXYD98KKCFqLLYgf+6TK6w35+j5TydorO0eX
d/a9YRBY+kDCF8oCBgEoBhMPOTVdaA1bSF/cGp7Tmdk623BCLlQC+HwVzq8e9rLy
yokyWZQzEWIBncaKItx95CVOWHAqOgNBaINHRV2IReJMIuDYjiqulmI49XoKx+NF
YkAJ4c5pCy8Ds7BtL0Ai0utgIYwMl0KrNX5ou8D7Xr+DoSitiptK//e5vxZZ5GQq
bzQR3XavgArHbB8RxB24Ylq8Im9/+k3saq16fo26CUbV/ohzeUa4B6fsUCvz3M4l
+44dm025BD0vNsEjo3iyVn3M63uSubV01QYXiA9s3yPgqmgpmA==
-----END CERTIFICATE-----