Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e05048c0-7751-4ec4-b891-a3583dbdc9fe.roa
File:                     e05048c0-7751-4ec4-b891-a3583dbdc9fe.roa (raw, json)
Hash identifier:          iiT8M13Ngbg2Uw1yj+Jx6Hp5HPEifGD7JO+S2AfBHqU=
Subject key identifier:   77:10:F0:99:27:F8:48:19:6B:CC:38:96:BD:6C:83:ED:1E:DA:D1:03
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6B355BBD0C4CDE52694F6D96E0A974A816C9400F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e05048c0-7751-4ec4-b891-a3583dbdc9fe.roa
Signing time:             Mon 31 Mar 2025 21:21:01 +0000
ROA not before:           Mon 31 Mar 2025 21:21:01 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d018::/35 maxlen: 35
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:35:5b:bd:0c:4c:de:52:69:4f:6d:96:e0:a9:74:a8:16:c9:40:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:21:01 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3e:00:a5:35:3a:e3:3e:20:c9:8c:4f:03:59:
                    86:0b:43:41:03:2e:0d:9e:56:a3:57:d6:ca:b4:6f:
                    45:f4:b5:e2:d1:0c:00:f0:97:ac:2e:53:1b:bb:7e:
                    0b:1f:31:5e:2b:cc:f3:79:e9:20:5a:ef:a4:f7:bc:
                    69:a9:81:21:6d:61:41:03:58:e2:dc:01:a0:ad:b3:
                    3b:ca:87:97:95:e1:7b:b8:a8:02:af:94:71:08:40:
                    a8:51:c9:f0:cd:ef:a0:e0:05:0a:f6:b9:94:cb:f6:
                    24:fb:c7:62:c6:41:b8:95:51:f5:06:06:a1:81:87:
                    02:e0:99:fb:2b:15:cf:85:03:1e:b3:9e:ed:27:c1:
                    c8:ec:ca:b4:25:fd:14:f0:f5:f6:de:ce:6c:fd:24:
                    3e:ce:26:9a:d7:b8:06:8b:3a:05:98:77:1e:55:78:
                    da:16:f1:ff:a3:ea:b2:9f:c2:b7:fd:a0:61:11:59:
                    aa:a6:ba:7f:79:1a:e7:0a:b3:bb:2c:e1:50:89:40:
                    70:39:81:4a:af:5b:d2:22:f1:9f:73:ca:b1:1a:6f:
                    a0:d5:d2:64:3f:ee:6c:a5:fd:6f:5d:c7:aa:1a:b2:
                    91:06:2e:05:11:28:05:12:aa:58:2f:c4:a8:6d:39:
                    b1:ba:88:67:f3:04:a4:f7:9b:48:50:51:4e:b3:e4:
                    b1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:10:F0:99:27:F8:48:19:6B:CC:38:96:BD:6C:83:ED:1E:DA:D1:03
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e05048c0-7751-4ec4-b891-a3583dbdc9fe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d018::/35

    Signature Algorithm: sha256WithRSAEncryption
         82:18:3c:40:7a:2e:33:2b:4e:ac:08:55:df:d9:27:96:72:96:
         4b:98:82:9f:35:ee:46:d0:f0:13:f1:c4:7e:1b:29:d4:a0:38:
         fd:67:3a:bf:c9:6c:f7:d0:ab:12:8b:28:db:ff:a8:0b:8f:58:
         c2:5b:5f:9f:2d:16:1f:32:39:2f:54:38:2f:d0:e6:06:4b:2b:
         8e:57:6a:b7:66:84:e0:7d:05:ff:58:d0:ab:7d:33:ff:69:ee:
         cb:ac:a8:b7:7f:c1:94:30:69:aa:09:93:da:20:77:2e:ad:be:
         7f:d3:14:6f:c8:2b:0e:be:88:4d:3f:6d:37:f5:3a:70:a4:36:
         a3:e0:b7:a2:fb:85:25:9c:de:29:09:1a:28:b7:66:fe:e1:d1:
         ef:df:2b:cc:55:9b:2d:ed:63:50:10:16:d0:6a:0b:27:c4:51:
         1c:60:36:b0:c4:c8:d7:2f:98:20:4b:c4:ab:a3:ed:4d:8b:6c:
         fc:ea:14:f5:cb:6f:81:9d:af:5f:ac:7a:ac:3c:a8:73:6f:9d:
         9c:9b:2a:e8:93:14:88:cb:2c:73:91:da:01:52:99:a1:db:f0:
         05:32:f8:b4:56:f7:17:ee:91:aa:a9:b0:c4:b8:53:5d:4c:af:
         9a:8c:88:6f:0d:71:9b:5f:aa:ef:20:53:a7:6a:8c:d8:b8:e8:
         21:7c:5a:f9
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUazVbvQxM3lJpT22W4Kl0qBbJQA8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTIxMDFaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGE3YzExYjJkOWFhOTMwYjRmNzUxZjc1OGUwOWVkOWZhMzczYzA4NTg2Yzc3
MGNlMTc1YjRkMjVmMjdmZWE4ODExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKU+AKU1OuM+IMmMTwNZhgtDQQMuDZ5Wo1fWyrRvRfS14tEMAPCXrC5TG7t+
Cx8xXivM83npIFrvpPe8aamBIW1hQQNY4twBoK2zO8qHl5Xhe7ioAq+UcQhAqFHJ
8M3voOAFCva5lMv2JPvHYsZBuJVR9QYGoYGHAuCZ+ysVz4UDHrOe7SfByOzKtCX9
FPD19t7ObP0kPs4mmte4Bos6BZh3HlV42hbx/6Pqsp/Ct/2gYRFZqqa6f3ka5wqz
uyzhUIlAcDmBSq9b0iLxn3PKsRpvoNXSZD/ubKX9b13HqhqykQYuBREoBRKqWC/E
qG05sbqIZ/MEpPebSFBRTrPksQkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR3EPCZ
J/hIGWvMOJa9bIPtHtrRAzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTA1MDQ4YzAtNzc1MS00ZWM0LWI4OTEtYTM1ODNkYmRjOWZlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBSoF0BgA
MA0GCSqGSIb3DQEBCwUAA4IBAQCCGDxAei4zK06sCFXf2SeWcpZLmIKfNe5G0PAT
8cR+GynUoDj9Zzq/yWz30KsSiyjb/6gLj1jCW1+fLRYfMjkvVDgv0OYGSyuOV2q3
ZoTgfQX/WNCrfTP/ae7LrKi3f8GUMGmqCZPaIHcurb5/0xRvyCsOvohNP2039Tpw
pDaj4Lei+4UlnN4pCRoot2b+4dHv3yvMVZst7WNQEBbQagsnxFEcYDawxMjXL5gg
S8Sro+1Ni2z86hT1y2+Bna9frHqsPKhzb52cmyrokxSIyyxzkdoBUpmh2/AFMvi0
VvcX7pGqqbDEuFNdTK+ajIhvDXGbX6rvIFOnaozYuOghfFr5
-----END CERTIFICATE-----