Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e5179068-cbcf-4f9a-864d-3c97430c84f4.roa
File:                     e5179068-cbcf-4f9a-864d-3c97430c84f4.roa (raw, json)
Hash identifier:          vZM+pg20HoPD6wanPwZ64Yqz2vqRK2yLgcCQqMnCrFQ=
Subject key identifier:   DE:01:01:62:54:D7:5B:86:E3:8E:01:5A:30:70:FF:A7:A7:9F:2A:BD
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2CBFEBA2BC875C01AD123C9C1EC99CCDAEBDB328
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e5179068-cbcf-4f9a-864d-3c97430c84f4.roa
Signing time:             Mon 31 Mar 2025 21:11:28 +0000
ROA not before:           Mon 31 Mar 2025 21:11:28 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d015::/38 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:bf:eb:a2:bc:87:5c:01:ad:12:3c:9c:1e:c9:9c:cd:ae:bd:b3:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:11:28 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:12:89:1d:c2:6c:2d:13:12:15:af:03:cb:8b:
                    8f:93:ad:d7:62:84:df:83:20:c7:6e:c7:80:b1:cf:
                    53:77:e5:18:e1:eb:55:9c:13:a3:a7:4d:80:91:11:
                    c8:f3:4d:fa:42:44:bf:bb:6c:d7:fe:e7:a0:2e:d0:
                    cd:36:02:1d:63:9d:4c:17:21:66:7a:3d:52:e4:cf:
                    e0:16:e1:be:bc:69:99:c3:1e:89:3f:4d:67:14:5f:
                    0f:b8:55:20:8e:e2:ae:de:5f:63:00:a7:a4:fe:59:
                    d9:f6:50:67:32:9b:33:83:28:f5:41:ba:1d:52:36:
                    ff:97:fc:14:19:80:a4:45:d3:6a:44:45:07:b4:7c:
                    23:7a:32:7a:e0:b8:da:39:26:ee:84:53:21:ad:c2:
                    36:9d:8b:74:54:78:94:be:b4:ca:a8:28:ae:fb:d5:
                    1d:49:4b:f4:ea:6b:fb:dc:13:76:6f:ce:20:85:52:
                    eb:05:90:b8:b4:b5:6a:c1:8d:e8:6b:aa:9e:e5:ee:
                    c3:eb:e7:ac:18:59:9b:18:9b:ad:34:65:1b:a4:34:
                    50:6c:9e:1d:c3:b4:63:05:3e:d3:50:e3:dd:54:36:
                    28:5a:50:55:d0:b7:9e:27:e6:cc:48:38:bb:f4:ec:
                    c2:b7:2c:df:cd:77:d0:40:25:b6:37:13:e4:f0:a6:
                    e8:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:01:01:62:54:D7:5B:86:E3:8E:01:5A:30:70:FF:A7:A7:9F:2A:BD
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e5179068-cbcf-4f9a-864d-3c97430c84f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d015::/38

    Signature Algorithm: sha256WithRSAEncryption
         ab:cc:b1:86:d3:4e:f0:bc:d4:b8:41:24:cb:eb:11:e4:88:67:
         18:22:52:d8:dd:7d:8b:2d:3d:d2:8d:22:fc:51:a6:81:7a:0d:
         7c:4a:fd:ad:6f:10:b1:d1:4d:77:bb:d4:57:b5:6c:66:35:18:
         8a:92:02:88:80:e0:aa:71:f1:a2:34:aa:a9:56:9c:96:48:90:
         f9:67:25:3b:bb:fe:6e:55:e3:8c:70:a4:53:28:88:45:e9:e4:
         27:c2:35:c9:38:b5:c7:fd:be:86:50:32:cc:98:0c:a9:e6:84:
         82:d9:1a:63:99:8f:51:b1:43:55:64:61:3b:0a:b2:d7:70:c9:
         c1:ad:0b:ba:47:4a:ab:3c:9a:1b:fd:21:20:df:b0:18:93:38:
         33:8e:16:f8:e1:29:38:05:da:dd:67:be:73:82:33:fa:33:d9:
         15:b4:a7:a7:e0:48:c7:cd:f5:d2:8a:92:4c:05:9d:16:c7:e5:
         22:0d:ce:f2:98:13:7b:95:05:2a:29:40:12:af:9a:1e:6e:1c:
         72:10:cb:ab:3c:ce:c0:67:09:60:2a:19:8c:fa:1c:3b:d7:5a:
         9b:bc:2d:33:d9:6a:48:40:9e:00:1a:36:68:0f:3e:4e:e4:f4:
         13:b9:5c:38:e4:c3:e8:12:f0:b5:79:26:bd:04:41:b2:e7:dd:
         9a:2d:a2:f1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULL/roryHXAGtEjycHsmcza69sygwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTExMjhaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGEzM2Y4YWQzMjdjMDE0NDMxZDA2ZjI2ODk2MzFhZjhlODE5YzBiYjAwNzdj
ZTMzYTE0NzZkMjE0NDZlMDMzM2YxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKwSiR3CbC0TEhWvA8uLj5Ot12KE34Mgx27HgLHPU3flGOHrVZwTo6dNgJER
yPNN+kJEv7ts1/7noC7QzTYCHWOdTBchZno9UuTP4BbhvrxpmcMeiT9NZxRfD7hV
II7irt5fYwCnpP5Z2fZQZzKbM4Mo9UG6HVI2/5f8FBmApEXTakRFB7R8I3oyeuC4
2jkm7oRTIa3CNp2LdFR4lL60yqgorvvVHUlL9Opr+9wTdm/OIIVS6wWQuLS1asGN
6GuqnuXuw+vnrBhZmxibrTRlG6Q0UGyeHcO0YwU+01Dj3VQ2KFpQVdC3nifmzEg4
u/Tswrcs38130EAltjcT5PCm6G8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTeAQFi
VNdbhuOOAVowcP+np58qvTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTUxNzkwNjgtY2JjZi00ZjlhLTg2NGQtM2M5NzQzMGM4NGY0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BUA
MA0GCSqGSIb3DQEBCwUAA4IBAQCrzLGG007wvNS4QSTL6xHkiGcYIlLY3X2LLT3S
jSL8UaaBeg18Sv2tbxCx0U13u9RXtWxmNRiKkgKIgOCqcfGiNKqpVpyWSJD5ZyU7
u/5uVeOMcKRTKIhF6eQnwjXJOLXH/b6GUDLMmAyp5oSC2RpjmY9RsUNVZGE7CrLX
cMnBrQu6R0qrPJob/SEg37AYkzgzjhb44Sk4BdrdZ75zgjP6M9kVtKen4EjHzfXS
ipJMBZ0Wx+UiDc7ymBN7lQUqKUASr5oebhxyEMurPM7AZwlgKhmM+hw711qbvC0z
2WpIQJ4AGjZoDz5O5PQTuVw45MPoEvC1eSa9BEGy592aLaLx
-----END CERTIFICATE-----