Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c4acf4ba-05c5-4e0a-9dfd-70cf32218bb4.roa
File:                     c4acf4ba-05c5-4e0a-9dfd-70cf32218bb4.roa (raw, json)
Hash identifier:          81mWddzwp9DLbqph9NxNW3w24qeJi6zgVQo/rOYNsGw=
Subject key identifier:   04:07:67:21:3A:02:6B:5E:DE:29:AD:EE:FE:7D:AA:20:41:5F:AE:C1
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5278B67BE5215F6D822858962B33AAC883D09459
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c4acf4ba-05c5-4e0a-9dfd-70cf32218bb4.roa
Signing time:             Mon 31 Mar 2025 19:21:24 +0000
ROA not before:           Mon 31 Mar 2025 19:21:24 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:40e0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:78:b6:7b:e5:21:5f:6d:82:28:58:96:2b:33:aa:c8:83:d0:94:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:21:24 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2a:71:08:64:1f:52:10:fd:f2:e0:1c:1a:43:
                    78:f5:d4:1f:34:22:d0:fd:61:c7:87:63:ae:17:ad:
                    87:6a:cc:0e:8e:8f:08:b4:7a:d7:e0:ad:6a:d8:c5:
                    ab:03:22:44:e7:c2:68:30:10:b7:bf:2c:95:c2:79:
                    f9:a5:d3:ea:f1:73:3d:52:2d:34:fb:b0:f9:58:c5:
                    76:33:22:9c:74:25:a0:1d:e5:20:34:bf:5c:b7:c8:
                    a5:8e:3b:cf:57:da:3e:e9:46:a8:61:14:42:dd:37:
                    b3:34:9c:f9:7b:6d:85:86:c9:c3:d2:44:18:97:ed:
                    33:c6:62:17:6a:6c:d8:8a:ea:9c:28:db:8c:c7:26:
                    b2:91:8f:7e:32:3c:0c:9c:f4:0b:21:d9:6d:d9:8c:
                    1d:93:5d:d5:14:b7:88:8a:d5:9f:3a:0b:83:ee:b4:
                    b7:46:0f:69:d2:47:54:73:c7:83:9b:ac:a9:5c:12:
                    6f:63:a5:71:51:b2:b9:0e:43:d4:a0:7c:f0:ce:b3:
                    e2:8c:aa:da:71:97:42:69:5c:20:0d:06:21:4b:36:
                    b3:7b:e8:b0:a8:2e:35:ed:ab:0b:7f:50:e7:a7:b8:
                    2c:23:1b:d8:46:c8:06:c2:07:ee:49:30:21:40:7e:
                    80:61:0d:96:ad:d7:88:4a:08:2f:95:58:d4:73:66:
                    2d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:07:67:21:3A:02:6B:5E:DE:29:AD:EE:FE:7D:AA:20:41:5F:AE:C1
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c4acf4ba-05c5-4e0a-9dfd-70cf32218bb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:40e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:ce:48:28:64:34:e4:8b:fd:2a:dc:29:40:dc:77:00:f6:11:
         48:71:25:9d:71:65:87:d8:ca:74:63:59:a9:ca:85:5f:c9:de:
         b3:aa:e3:5a:67:5a:95:6d:f6:16:04:2a:ee:35:c0:fb:2b:e3:
         f7:e3:3d:2c:91:af:ea:bc:cb:88:a1:b1:e0:f0:08:f4:3b:9f:
         06:87:24:a8:7f:33:ee:34:a7:9c:32:dd:aa:b2:73:08:5d:3c:
         11:60:00:99:21:5f:9f:3d:8e:93:d6:89:06:f7:58:ba:b5:c9:
         fe:78:2f:b2:f1:5b:8b:c7:76:88:19:ba:c9:a2:a5:9a:32:fb:
         12:22:cb:71:6f:03:09:9c:10:28:9d:80:c7:5b:b5:e8:f6:ee:
         92:a6:40:93:ed:af:c9:20:95:12:56:07:61:5d:27:70:36:d9:
         65:c7:0c:39:25:7f:c8:58:12:c3:a3:40:7e:6a:c2:d6:a9:06:
         c1:3e:0f:69:77:06:75:31:d4:0a:5f:55:aa:8b:c5:01:f1:07:
         a5:dc:61:bb:f3:81:6b:c4:6a:d0:40:fd:a8:e6:4b:e7:6e:10:
         8f:1a:82:ce:f8:90:55:6b:5f:38:85:e3:b5:6d:f4:0e:d2:f8:
         e2:d2:30:9f:09:06:96:52:17:94:c7:88:63:61:6f:91:b0:78:
         91:b9:06:41
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUUni2e+UhX22CKFiWKzOqyIPQlFkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTIxMjRaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGRkZTFlZjYyOGMxYzU2MmIwZTFiMWFmZGI2Njk2ZTRlNWZjMzkyZDMxZmZj
ODIyY2VkYTI3ZmQ5NDQ1ZmE5OWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALsqcQhkH1IQ/fLgHBpDePXUHzQi0P1hx4djrheth2rMDo6PCLR61+CtatjF
qwMiROfCaDAQt78slcJ5+aXT6vFzPVItNPuw+VjFdjMinHQloB3lIDS/XLfIpY47
z1faPulGqGEUQt03szSc+XtthYbJw9JEGJftM8ZiF2ps2IrqnCjbjMcmspGPfjI8
DJz0CyHZbdmMHZNd1RS3iIrVnzoLg+60t0YPadJHVHPHg5usqVwSb2OlcVGyuQ5D
1KB88M6z4oyq2nGXQmlcIA0GIUs2s3vosKguNe2rC39Q56e4LCMb2EbIBsIH7kkw
IUB+gGENlq3XiEoIL5VY1HNmLRUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQEB2ch
OgJrXt4pre7+faogQV+uwTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzRhY2Y0YmEtMDVjNS00ZTBhLTlkZmQtNzBjZjMyMjE4YmI0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ABA
4DANBgkqhkiG9w0BAQsFAAOCAQEAtc5IKGQ05Iv9KtwpQNx3APYRSHElnXFlh9jK
dGNZqcqFX8nes6rjWmdalW32FgQq7jXA+yvj9+M9LJGv6rzLiKGx4PAI9DufBock
qH8z7jSnnDLdqrJzCF08EWAAmSFfnz2Ok9aJBvdYurXJ/ngvsvFbi8d2iBm6yaKl
mjL7EiLLcW8DCZwQKJ2Ax1u16PbukqZAk+2vySCVElYHYV0ncDbZZccMOSV/yFgS
w6NAfmrC1qkGwT4PaXcGdTHUCl9VqovFAfEHpdxhu/OBa8Rq0ED9qOZL524QjxqC
zviQVWtfOIXjtW30DtL44tIwnwkGllIXlMeIY2FvkbB4kbkGQQ==
-----END CERTIFICATE-----