Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ddbb8798-3423-4d98-a384-58621b010556.roa
File:                     ddbb8798-3423-4d98-a384-58621b010556.roa (raw, json)
Hash identifier:          elRmKsLsvo5xuPidJ6Ideps+/dg1KPWLwNRBw8shDa4=
Subject key identifier:   9B:01:E4:80:DB:9E:47:37:7A:08:0C:0A:04:CF:F7:62:3D:C6:78:E2
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       13A3F461FF8BEC1FAB63E3839B81C9CDA38026C3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ddbb8798-3423-4d98-a384-58621b010556.roa
Signing time:             Mon 31 Mar 2025 21:11:21 +0000
ROA not before:           Mon 31 Mar 2025 21:11:21 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d019:c00::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:a3:f4:61:ff:8b:ec:1f:ab:63:e3:83:9b:81:c9:cd:a3:80:26:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:11:21 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:73:75:e2:74:fa:ec:f1:8e:9f:7a:f1:46:90:
                    dc:fc:10:b1:2d:5c:05:5b:80:14:76:52:19:40:c1:
                    5e:94:87:16:74:08:4c:7d:63:ee:c5:e1:6c:09:2b:
                    af:6c:40:f9:53:01:ff:a1:af:af:1f:51:ad:fc:23:
                    9a:53:13:29:83:83:7d:c2:26:5a:bc:d8:a7:71:8d:
                    7e:b2:1c:22:f3:eb:13:aa:73:78:b6:5d:b7:a1:46:
                    2c:08:8e:fd:a7:70:a2:ee:a3:03:30:71:a2:0b:56:
                    49:8f:32:70:77:40:4d:9c:e6:2b:aa:b9:8b:a6:f4:
                    cc:da:25:f5:71:73:a8:76:d7:19:76:1b:95:20:55:
                    04:c3:eb:b4:27:f8:86:bb:5a:09:cc:76:bf:cb:d2:
                    a2:30:f0:19:6f:c6:fe:b3:b4:ff:03:6e:f4:ed:b9:
                    4b:c1:17:c4:c1:20:08:f8:c2:b1:c6:75:3f:9d:eb:
                    cf:d2:4a:f2:67:f0:25:99:a4:cc:61:e1:15:2d:25:
                    dd:a0:ea:3c:28:ca:26:88:d1:25:ea:13:79:d1:3e:
                    69:24:14:d2:3c:49:6a:0e:cc:4e:c4:46:f2:87:ac:
                    e4:03:3b:88:d9:90:3a:05:91:b4:6e:4e:d8:6b:17:
                    76:41:4f:ea:3f:55:56:e8:df:48:34:dc:93:00:83:
                    47:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:01:E4:80:DB:9E:47:37:7A:08:0C:0A:04:CF:F7:62:3D:C6:78:E2
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ddbb8798-3423-4d98-a384-58621b010556.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d019:c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         bc:4f:60:d1:2e:0f:b2:25:db:85:9d:49:c9:7e:e8:cf:0f:b7:
         b3:37:f9:b2:0d:eb:38:3b:85:d9:99:cf:e8:34:c5:4c:f3:5a:
         05:fb:91:0f:9c:ee:44:6c:0b:a0:ed:6c:a8:e5:35:62:c3:70:
         1b:f4:8d:db:98:7b:36:3a:28:8c:02:f2:6e:4e:27:91:3a:d8:
         ab:b2:dc:9b:de:1d:2d:78:84:6b:07:9f:ca:78:a3:92:a4:b4:
         52:a5:c5:16:cd:88:ea:93:5a:a4:a8:fd:f3:c4:6b:4e:21:1f:
         55:68:f1:6d:5a:20:cd:93:15:88:95:ee:dd:44:89:c1:b9:d4:
         49:b7:39:58:b0:05:16:3a:dd:80:c7:db:b5:c6:f5:43:57:ef:
         8c:85:1b:67:aa:aa:0a:fa:3d:fe:ad:47:97:5b:9d:55:f4:ec:
         7e:d6:c5:5d:27:f4:30:e6:7c:4c:25:21:d4:6a:cc:b6:3a:cc:
         ea:df:a8:0e:cb:76:f6:65:1b:ee:f1:c1:f7:26:ea:df:0b:68:
         dd:4b:3b:e3:87:1b:bb:11:df:3e:00:3b:ff:54:c0:01:f7:63:
         99:5c:da:e2:0e:d8:2e:79:e0:ae:e2:22:1a:99:5f:66:56:c0:
         e8:96:0a:2f:ce:3f:b6:74:8c:5c:ec:74:4b:96:68:e4:b8:f9:
         21:e0:ab:f0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUE6P0Yf+L7B+rY+ODm4HJzaOAJsMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTExMjFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGE4NzczZDMxYzZkN2JiNjRhY2IwNmUyYTBmNzYyZGMxMWM5ODg2MTdjYjJj
OTQ5M2FhMzJlYWJmNjhhYjdjZmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALFzdeJ0+uzxjp968UaQ3PwQsS1cBVuAFHZSGUDBXpSHFnQITH1j7sXhbAkr
r2xA+VMB/6Gvrx9RrfwjmlMTKYODfcImWrzYp3GNfrIcIvPrE6pzeLZdt6FGLAiO
/adwou6jAzBxogtWSY8ycHdATZzmK6q5i6b0zNol9XFzqHbXGXYblSBVBMPrtCf4
hrtaCcx2v8vSojDwGW/G/rO0/wNu9O25S8EXxMEgCPjCscZ1P53rz9JK8mfwJZmk
zGHhFS0l3aDqPCjKJojRJeoTedE+aSQU0jxJag7MTsRG8oes5AM7iNmQOgWRtG5O
2GsXdkFP6j9VVujfSDTckwCDR8ECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSbAeSA
255HN3oIDAoEz/diPcZ44jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGRiYjg3OTgtMzQyMy00ZDk4LWEzODQtNTg2MjFiMDEwNTU2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BkM
MA0GCSqGSIb3DQEBCwUAA4IBAQC8T2DRLg+yJduFnUnJfujPD7ezN/myDes4O4XZ
mc/oNMVM81oF+5EPnO5EbAug7Wyo5TViw3Ab9I3bmHs2OiiMAvJuTieROtirstyb
3h0teIRrB5/KeKOSpLRSpcUWzYjqk1qkqP3zxGtOIR9VaPFtWiDNkxWIle7dRInB
udRJtzlYsAUWOt2Ax9u1xvVDV++MhRtnqqoK+j3+rUeXW51V9Ox+1sVdJ/Qw5nxM
JSHUasy2Oszq36gOy3b2ZRvu8cH3JurfC2jdSzvjhxu7Ed8+ADv/VMAB92OZXNri
DtgueeCu4iIamV9mVsDolgovzj+2dIxc7HRLlmjkuPkh4Kvw
-----END CERTIFICATE-----