Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c153f994-19fd-4682-b6f7-f4e92e6144ea.roa
File:                     c153f994-19fd-4682-b6f7-f4e92e6144ea.roa (raw, json)
Hash identifier:          xZvANszR/J8BIXvO3/rdGMCBeTrCB3eUeGv7IbG5DpE=
Subject key identifier:   48:70:2B:9D:A3:83:84:8A:64:92:6A:A2:B9:EE:02:8F:A2:6A:85:1E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       417B7DA37BF267CE7EFEE1A3ECEB91F601972F86
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c153f994-19fd-4682-b6f7-f4e92e6144ea.roa
Signing time:             Mon 31 Mar 2025 21:01:29 +0000
ROA not before:           Mon 31 Mar 2025 21:01:29 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d01c:c00::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:7b:7d:a3:7b:f2:67:ce:7e:fe:e1:a3:ec:eb:91:f6:01:97:2f:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:01:29 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3c:df:72:3a:bf:3f:50:d1:6a:2a:fd:fe:f9:
                    73:3e:fb:09:18:54:a9:93:cc:98:39:43:74:93:d5:
                    d3:c9:38:6f:6f:ae:95:a5:cb:61:7f:f2:a0:a8:80:
                    b0:5f:08:58:1e:57:1a:5d:71:0f:93:fa:60:30:95:
                    ee:97:b1:3f:6e:95:b6:95:b5:7c:36:db:10:1f:39:
                    48:a9:f4:a7:67:a4:66:2d:3d:43:7b:52:ef:d4:61:
                    66:6a:c2:d7:f2:da:6f:31:37:c8:5a:40:28:3e:d0:
                    7b:45:83:fd:11:92:f3:18:0b:9e:3a:81:d6:03:60:
                    1b:c8:1d:7e:f1:5b:f5:1d:cf:a8:d2:18:3b:1b:03:
                    78:b5:5e:39:e1:66:97:f5:ff:24:48:80:47:38:83:
                    60:f0:d9:ce:36:05:fa:06:0b:6a:32:dc:20:11:17:
                    59:82:79:09:5c:14:81:9a:77:b6:5d:1a:54:4d:e7:
                    29:e3:6e:74:94:86:01:81:d9:ee:2b:87:11:73:0e:
                    1b:62:c5:7b:59:2b:b6:18:e4:de:4f:ba:e7:2c:1b:
                    bd:f6:ad:09:c2:84:b3:d2:67:d9:ca:7f:43:28:ec:
                    32:b8:b9:4a:0d:e3:01:d7:9c:26:10:05:ed:8d:e9:
                    4a:af:62:25:1b:a2:64:b6:ea:9f:ed:9c:be:f1:b7:
                    04:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:70:2B:9D:A3:83:84:8A:64:92:6A:A2:B9:EE:02:8F:A2:6A:85:1E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c153f994-19fd-4682-b6f7-f4e92e6144ea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d01c:c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         7e:7e:56:f5:d8:a9:f3:0b:3a:29:24:01:04:83:20:86:91:32:
         f3:6c:c6:f9:5c:fe:08:42:67:e0:82:fe:62:e4:bc:8a:be:55:
         53:b2:b6:25:63:b9:29:33:1b:af:d1:21:40:ae:e5:3c:ec:35:
         64:8e:50:6b:69:7e:06:4e:95:de:4c:43:38:c4:3c:2c:f1:13:
         82:17:ac:50:ff:a6:73:13:c9:85:a0:25:9b:fa:19:d1:03:ff:
         0c:f7:80:0d:86:98:6f:8f:1d:68:be:5f:d7:21:ce:fd:6b:65:
         3a:6a:c0:ce:2b:0f:f0:37:91:5c:6a:87:64:46:b3:90:16:c5:
         7b:f9:d1:e5:79:1f:e7:9b:b6:79:59:da:a3:02:2f:28:fa:39:
         b1:06:f3:49:92:c3:9e:77:a7:16:5d:8e:d1:d5:a2:6b:83:84:
         bc:06:7d:a6:4d:45:73:1a:a4:6a:1d:83:85:60:36:ee:1f:6c:
         6a:69:2b:f7:30:36:e0:14:e5:4b:de:85:a1:e9:28:2f:a7:c4:
         e0:7d:48:6d:f6:ac:9d:d8:44:fd:14:54:4b:fa:cb:08:c3:4b:
         6b:02:c1:51:d1:29:3d:9a:c3:15:07:25:34:7e:99:10:82:f6:
         3a:fb:50:69:2e:db:2c:9f:e9:df:84:43:75:17:74:85:9b:0b:
         e7:33:dd:72
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQXt9o3vyZ85+/uGj7OuR9gGXL4YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTAxMjlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGYwNzVhNDM1NWM2NTEwNDRhZjVkNTNmMzIyNmY0MGZkMWY5OTliNjA0ZTA2
ZmI4M2UwY2Y3NDUzMTExOWI2NWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK8833I6vz9Q0Woq/f75cz77CRhUqZPMmDlDdJPV08k4b2+ulaXLYX/yoKiA
sF8IWB5XGl1xD5P6YDCV7pexP26VtpW1fDbbEB85SKn0p2ekZi09Q3tS79RhZmrC
1/LabzE3yFpAKD7Qe0WD/RGS8xgLnjqB1gNgG8gdfvFb9R3PqNIYOxsDeLVeOeFm
l/X/JEiARziDYPDZzjYF+gYLajLcIBEXWYJ5CVwUgZp3tl0aVE3nKeNudJSGAYHZ
7iuHEXMOG2LFe1krthjk3k+65ywbvfatCcKEs9Jn2cp/QyjsMri5Sg3jAdecJhAF
7Y3pSq9iJRuiZLbqn+2cvvG3BEkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRIcCud
o4OEimSSaqK57gKPomqFHjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzE1M2Y5OTQtMTlmZC00NjgyLWI2ZjctZjRlOTJlNjE0NGVhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BwM
MA0GCSqGSIb3DQEBCwUAA4IBAQB+flb12KnzCzopJAEEgyCGkTLzbMb5XP4IQmfg
gv5i5LyKvlVTsrYlY7kpMxuv0SFAruU87DVkjlBraX4GTpXeTEM4xDws8ROCF6xQ
/6ZzE8mFoCWb+hnRA/8M94ANhphvjx1ovl/XIc79a2U6asDOKw/wN5FcaodkRrOQ
FsV7+dHleR/nm7Z5WdqjAi8o+jmxBvNJksOed6cWXY7R1aJrg4S8Bn2mTUVzGqRq
HYOFYDbuH2xqaSv3MDbgFOVL3oWh6Sgvp8TgfUht9qyd2ET9FFRL+ssIw0trAsFR
0Sk9msMVByU0fpkQgvY6+1BpLtssn+nfhEN1F3SFmwvnM91y
-----END CERTIFICATE-----