Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ca77909e-ece6-472f-a76c-55402dbb33ad.roa
File:                     ca77909e-ece6-472f-a76c-55402dbb33ad.roa (raw, json)
Hash identifier:          LaHUPUtFWYZOcE8P8YUhSkQjmFRmfh6J0dfP0DiYJ2o=
Subject key identifier:   26:62:AA:14:3C:5F:A9:57:23:86:22:C3:BF:44:9B:98:28:4C:AF:EB
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6C10C1E9EBF903F033E5F6E68D9CC38F4F80082A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ca77909e-ece6-472f-a76c-55402dbb33ad.roa
Signing time:             Mon 31 Mar 2025 20:00:53 +0000
ROA not before:           Mon 31 Mar 2025 20:00:53 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:c0c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:10:c1:e9:eb:f9:03:f0:33:e5:f6:e6:8d:9c:c3:8f:4f:80:08:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:00:53 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:b1:7b:18:36:72:87:d1:7d:4c:89:3e:15:85:
                    1d:13:02:39:3b:0a:7c:b7:2b:fc:a1:0f:4b:cb:39:
                    ac:72:7c:d6:59:9e:a1:26:cc:91:bb:9b:bb:a4:05:
                    14:ff:9e:9d:34:e1:50:ca:f0:2c:c6:cc:9d:bf:64:
                    8b:6b:b6:33:a1:48:cc:24:e9:84:60:60:f1:0c:92:
                    c9:47:5f:30:cc:34:58:89:9e:d9:8a:f0:cb:70:ff:
                    eb:92:4d:02:89:57:df:7a:19:f0:4c:6d:70:a7:c5:
                    06:5b:fc:af:9f:7e:20:87:5b:6b:99:8f:25:bf:ab:
                    da:2f:25:e3:57:97:4b:cb:2d:11:34:fb:14:41:93:
                    32:3f:be:a4:e5:fb:53:8a:fd:2c:16:db:ad:00:28:
                    8e:a7:4a:fc:d0:80:49:00:61:3c:c7:14:df:4a:98:
                    94:46:86:4b:40:f7:bd:f1:24:3b:8d:63:21:49:89:
                    5a:7e:9d:5b:ff:4c:31:99:e7:81:44:88:9b:db:14:
                    76:75:82:37:65:46:90:cb:fe:c1:ae:28:6e:60:36:
                    f6:4c:12:0c:e6:7e:f6:d3:45:96:48:bb:5b:24:a8:
                    c4:6e:8d:ba:6c:54:2b:9b:a3:24:8e:ce:ae:ec:95:
                    bd:c1:29:4f:73:fa:4d:db:38:4c:54:2c:1f:af:3c:
                    ef:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:62:AA:14:3C:5F:A9:57:23:86:22:C3:BF:44:9B:98:28:4C:AF:EB
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ca77909e-ece6-472f-a76c-55402dbb33ad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:c0c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         62:b6:f1:6a:77:5c:9f:ee:37:00:ed:31:4a:7c:fe:00:3d:b6:
         fd:55:9c:cc:fc:45:ff:1b:92:c9:1a:e4:99:00:9f:3b:36:81:
         7a:0f:18:d8:1d:a1:3d:3a:da:db:40:11:f0:f5:68:1c:03:9a:
         c1:67:c5:e9:06:be:d2:93:bd:29:fc:27:ba:a4:1b:da:8a:e4:
         fa:29:a6:ff:6a:23:5e:81:70:a8:99:82:e0:bc:73:4a:a7:24:
         1c:58:ea:0a:09:38:3e:c3:34:e6:f1:2f:30:e4:37:d4:30:4c:
         80:4b:34:4c:f3:4a:7e:7b:6f:58:e3:bc:e5:c6:df:e4:9f:3a:
         2f:cd:02:2b:6c:4d:5f:19:44:12:6e:f4:67:01:f6:14:c2:fa:
         0a:ac:f5:fc:c3:81:6a:72:3c:93:ea:21:47:2a:ca:a1:6b:37:
         c2:37:7c:22:c8:cd:f2:66:26:a5:11:2b:07:82:a4:81:90:ef:
         0b:4c:3e:39:2e:05:ab:83:4f:b8:c1:fd:36:8d:67:95:dc:01:
         e3:34:c1:00:75:3a:ee:a1:f2:c4:29:14:9c:5b:00:2e:78:f4:
         9d:fd:e3:43:a1:1d:75:d0:80:73:8e:62:a6:87:17:b3:79:62:
         56:74:b0:34:b7:81:b6:9f:82:d0:51:20:e1:8d:b2:bb:af:ec:
         e4:a7:5b:3b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUbBDB6ev5A/Az5fbmjZzDj0+ACCowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDAwNTNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGFkOTIwZTExZTlmNTU4MzA2NzcyYWFjOTkyMzVlOTNmZGFmNTAxZDRlMTE1
ZDdmN2VkOTlkOGFkMzQyMDY1NGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM2xexg2cofRfUyJPhWFHRMCOTsKfLcr/KEPS8s5rHJ81lmeoSbMkbubu6QF
FP+enTThUMrwLMbMnb9ki2u2M6FIzCTphGBg8QySyUdfMMw0WIme2Yrwy3D/65JN
AolX33oZ8ExtcKfFBlv8r59+IIdba5mPJb+r2i8l41eXS8stETT7FEGTMj++pOX7
U4r9LBbbrQAojqdK/NCASQBhPMcU30qYlEaGS0D3vfEkO41jIUmJWn6dW/9MMZnn
gUSIm9sUdnWCN2VGkMv+wa4obmA29kwSDOZ+9tNFlki7WySoxG6NumxUK5ujJI7O
ruyVvcEpT3P6Tds4TFQsH6887yUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQmYqoU
PF+pVyOGIsO/RJuYKEyv6zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2E3NzkwOWUtZWNlNi00NzJmLWE3NmMtNTU0MDJkYmIzM2FkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HfA
wDANBgkqhkiG9w0BAQsFAAOCAQEAYrbxandcn+43AO0xSnz+AD22/VWczPxF/xuS
yRrkmQCfOzaBeg8Y2B2hPTra20AR8PVoHAOawWfF6Qa+0pO9KfwnuqQb2ork+imm
/2ojXoFwqJmC4LxzSqckHFjqCgk4PsM05vEvMOQ31DBMgEs0TPNKfntvWOO85cbf
5J86L80CK2xNXxlEEm70ZwH2FML6Cqz1/MOBanI8k+ohRyrKoWs3wjd8IsjN8mYm
pRErB4KkgZDvC0w+OS4Fq4NPuMH9No1nldwB4zTBAHU67qHyxCkUnFsALnj0nf3j
Q6EdddCAc45ipocXs3liVnSwNLeBtp+C0FEg4Y2yu6/s5KdbOw==
-----END CERTIFICATE-----