Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c7743543-1a04-47c2-8128-1b90de9136a9.roa
File:                     c7743543-1a04-47c2-8128-1b90de9136a9.roa (raw, json)
Hash identifier:          BEXfDwMltNUjyw5t5C54BRAygEdII8hJLwPqVjzQdo4=
Subject key identifier:   70:74:69:EC:31:2B:C8:F1:58:23:3E:30:A4:BF:F5:1D:E3:74:FE:1F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       55CCC49172EE8A3D11208A7B84B51B968E33A26C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c7743543-1a04-47c2-8128-1b90de9136a9.roa
Signing time:             Mon 31 Mar 2025 19:31:14 +0000
ROA not before:           Mon 31 Mar 2025 19:31:14 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:8090::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:cc:c4:91:72:ee:8a:3d:11:20:8a:7b:84:b5:1b:96:8e:33:a2:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:31:14 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:87:d8:94:78:a5:da:ed:a4:7f:21:17:b1:1c:
                    f3:09:40:60:93:df:7d:37:e3:40:d4:be:c7:90:35:
                    1c:43:47:ad:ef:32:2b:66:03:02:7d:4d:96:d6:3a:
                    dc:25:d1:fc:fb:1c:b1:41:8e:22:65:5b:19:4f:ca:
                    96:49:50:35:2f:ba:85:88:f4:ec:02:fd:90:f0:4c:
                    ab:a0:18:d4:37:f5:f2:67:3a:43:1c:94:70:94:47:
                    6e:57:c9:4d:aa:a0:20:8a:7f:6a:43:ac:1a:5a:4c:
                    2f:ff:a8:8d:e4:f5:ad:40:43:60:5f:a0:86:f4:13:
                    b3:9b:7f:6a:e1:3c:1a:23:a8:81:08:7b:fd:1d:c7:
                    61:05:ab:43:ce:f6:16:a5:01:74:ac:0e:89:7f:cd:
                    40:35:33:1f:c7:62:95:c2:ef:ef:29:94:f6:3f:fd:
                    cf:f9:37:a8:91:d6:b5:d1:f9:b0:09:6a:b2:17:6e:
                    b5:9a:a8:2f:25:56:bb:fd:73:f0:72:f0:58:f1:29:
                    23:f9:63:38:2e:2d:fe:3e:db:59:d9:36:ae:df:b8:
                    ad:82:06:40:fe:33:0d:f6:50:d5:ae:fc:55:43:c5:
                    b3:d3:5a:00:6b:a6:78:0d:e7:4f:0c:92:f3:96:6f:
                    9a:b0:bb:fe:ee:1d:5b:27:aa:31:be:18:7c:16:c0:
                    ee:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:74:69:EC:31:2B:C8:F1:58:23:3E:30:A4:BF:F5:1D:E3:74:FE:1F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c7743543-1a04-47c2-8128-1b90de9136a9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:8090::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:cd:94:d8:38:2f:0b:ff:20:db:04:be:1d:cd:76:77:52:8e:
         bc:0f:47:9c:e1:fc:35:37:d1:76:4b:f1:ed:f1:da:76:19:25:
         be:35:46:6b:d8:30:d8:85:aa:23:be:bc:5b:a1:da:12:c0:8e:
         29:17:f4:1c:6b:c7:e1:65:d1:3c:c8:a1:2f:38:1f:d3:59:37:
         cd:e4:d9:6f:d9:35:f5:b5:86:c0:59:d6:aa:32:91:68:7f:52:
         86:f4:bb:6c:ee:c7:32:72:8b:5b:67:75:f2:1d:94:c2:85:84:
         0f:89:c7:27:32:40:ad:3d:d6:72:81:db:43:ba:f3:3e:92:9c:
         78:4d:00:0e:6d:19:85:3c:54:71:c4:37:02:f9:8e:b5:e1:4b:
         55:9a:aa:94:9c:0d:dc:b4:4b:99:78:44:4a:67:44:f8:75:ce:
         ed:8d:7a:03:ac:4c:ff:92:21:1c:8d:25:af:f7:13:89:35:4f:
         85:e5:34:3e:32:18:f9:76:17:ff:35:64:70:6e:99:99:f7:25:
         71:04:2d:9b:cc:62:fc:92:8b:3b:6c:28:17:85:53:7e:be:c7:
         a4:a8:07:0a:ce:d7:a2:cb:03:93:6d:44:6e:bf:63:8a:1a:c5:
         87:bd:18:b6:cb:77:36:4c:18:3a:18:72:af:d1:29:0e:a9:69:
         63:4a:6e:67
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUVczEkXLuij0RIIp7hLUblo4zomwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTMxMTRaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQxYjAyZTBhOTgxYzkyNmM1OTRjOTM4ZjMzMzFkNTI4NDVhNWExYWMzMWE4
OGYxODcxM2NiYzQxYjQ3NTIzNTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANGH2JR4pdrtpH8hF7Ec8wlAYJPffTfjQNS+x5A1HENHre8yK2YDAn1NltY6
3CXR/PscsUGOImVbGU/KlklQNS+6hYj07AL9kPBMq6AY1Df18mc6QxyUcJRHblfJ
TaqgIIp/akOsGlpML/+ojeT1rUBDYF+ghvQTs5t/auE8GiOogQh7/R3HYQWrQ872
FqUBdKwOiX/NQDUzH8dilcLv7ymU9j/9z/k3qJHWtdH5sAlqshdutZqoLyVWu/1z
8HLwWPEpI/ljOC4t/j7bWdk2rt+4rYIGQP4zDfZQ1a78VUPFs9NaAGumeA3nTwyS
85ZvmrC7/u4dWyeqMb4YfBbA7hsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRwdGns
MSvI8VgjPjCkv/Ud43T+HzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Yzc3NDM1NDMtMWEwNC00N2MyLTgxMjgtMWI5MGRlOTEzNmE5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
kDANBgkqhkiG9w0BAQsFAAOCAQEAOs2U2DgvC/8g2wS+Hc12d1KOvA9HnOH8NTfR
dkvx7fHadhklvjVGa9gw2IWqI768W6HaEsCOKRf0HGvH4WXRPMihLzgf01k3zeTZ
b9k19bWGwFnWqjKRaH9ShvS7bO7HMnKLW2d18h2UwoWED4nHJzJArT3WcoHbQ7rz
PpKceE0ADm0ZhTxUccQ3AvmOteFLVZqqlJwN3LRLmXhESmdE+HXO7Y16A6xM/5Ih
HI0lr/cTiTVPheU0PjIY+XYX/zVkcG6ZmfclcQQtm8xi/JKLO2woF4VTfr7HpKgH
Cs7XossDk21Ebr9jihrFh70Ytst3NkwYOhhyr9EpDqlpY0puZw==
-----END CERTIFICATE-----