Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ea271f77-763d-42f8-a315-60081847d059.roa
File:                     ea271f77-763d-42f8-a315-60081847d059.roa (raw, json)
Hash identifier:          dH7SCMtqSQ4knAbObeCTvjjWdQaufmFb9CWg7NRdv6s=
Subject key identifier:   8F:77:77:89:6D:13:1C:BF:22:2F:88:AE:57:73:AE:17:27:BC:EF:6C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       26D71A1AF7C11D50C44B948AB466C66AA8EE3AA8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ea271f77-763d-42f8-a315-60081847d059.roa
Signing time:             Mon 31 Mar 2025 19:00:22 +0000
ROA not before:           Mon 31 Mar 2025 19:00:22 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d031:e040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:d7:1a:1a:f7:c1:1d:50:c4:4b:94:8a:b4:66:c6:6a:a8:ee:3a:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:00:22 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:22:50:a0:63:25:b8:2b:cf:ef:a8:85:8d:e9:
                    81:00:73:04:9d:5b:14:19:8f:6a:99:94:1a:93:f9:
                    7a:25:dd:3c:4a:55:ff:48:01:01:d6:e6:a1:2f:d5:
                    73:79:90:99:6b:57:eb:22:4d:e0:2e:89:b3:49:f2:
                    35:2d:b6:52:25:fc:ad:b3:88:eb:34:0d:7b:0e:b0:
                    85:03:2f:39:56:1e:2c:a8:49:98:76:53:40:d9:7d:
                    b3:84:3a:64:c0:d8:a0:ae:f8:fb:d0:88:24:44:20:
                    19:0f:87:ee:46:1a:09:0e:84:d3:34:89:a8:59:78:
                    5c:46:fd:5e:25:5b:51:1a:6f:af:1d:8b:ed:e4:7f:
                    ed:bb:d6:49:b7:bd:86:4a:89:ac:fe:8f:68:7e:48:
                    4a:10:4f:77:75:ef:90:64:8d:e6:e0:4f:45:e9:19:
                    55:00:79:c9:f5:82:97:47:4d:81:96:7d:f4:cf:d1:
                    49:c4:72:44:f5:d4:e1:6a:ae:30:f5:aa:2d:1b:65:
                    3d:e9:2a:f8:54:aa:f9:de:48:07:8b:fd:bb:3e:68:
                    2d:d8:6c:2d:af:d9:63:83:dc:c5:4c:b3:8a:ca:f5:
                    f6:bc:3a:f6:eb:99:a1:2c:8d:e2:c8:cb:2c:c8:7d:
                    b3:a9:b2:24:fb:85:fd:39:ff:e6:ba:2f:6e:7a:81:
                    7d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:77:77:89:6D:13:1C:BF:22:2F:88:AE:57:73:AE:17:27:BC:EF:6C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ea271f77-763d-42f8-a315-60081847d059.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d031:e040::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:c8:51:5b:5f:10:de:da:85:22:4b:5f:2a:9c:b4:bd:78:77:
         b7:22:1d:6f:8e:c3:9e:a6:c4:cf:fb:d4:d3:ad:80:dd:7e:b5:
         ed:9e:94:a1:52:ed:81:93:21:ef:0b:de:55:58:37:4c:29:ee:
         40:9c:08:aa:09:a1:4d:b5:f5:85:f4:dd:bb:22:4f:b5:97:6b:
         6a:91:56:4a:de:ce:4e:73:58:8a:7d:a9:c0:67:86:55:f8:26:
         c8:ce:f8:f8:58:b4:01:b3:f2:92:0d:b7:7e:c4:fa:f9:8f:22:
         0b:fa:22:d9:61:fc:2f:f3:ed:9e:17:61:99:65:14:f6:9a:b7:
         93:7a:4c:20:71:34:21:64:eb:55:f2:d3:e2:51:09:4d:ab:af:
         22:d5:7a:dd:cd:f0:41:fe:83:c1:44:2b:39:de:f4:fa:b9:49:
         4a:0d:86:08:29:f7:7a:bd:16:03:1f:3d:25:ba:e9:b4:65:1f:
         7e:f2:76:f3:0e:ae:e0:2c:ac:dc:f9:f1:e4:b8:34:5e:f5:52:
         bd:71:a8:3c:53:d7:25:34:c5:4b:4f:ec:95:00:e8:4c:12:be:
         05:56:dd:20:36:f8:26:c0:9c:5d:c5:7c:d7:c7:30:4d:6e:a3:
         9f:55:af:e8:78:39:e5:c9:96:6d:ce:d0:2a:8f:ac:70:17:c9:
         24:63:6f:00
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUJtcaGvfBHVDES5SKtGbGaqjuOqgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTAwMjJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ0MDE3YmExY2FjNDcyN2ZlMGY1ODNkMWUyOTE0OWE2MDU2YmFiOGI4MTBl
N2VkNzEyMmNiNTZhMzE1NmNiNTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL8iUKBjJbgrz++ohY3pgQBzBJ1bFBmPapmUGpP5eiXdPEpV/0gBAdbmoS/V
c3mQmWtX6yJN4C6Js0nyNS22UiX8rbOI6zQNew6whQMvOVYeLKhJmHZTQNl9s4Q6
ZMDYoK74+9CIJEQgGQ+H7kYaCQ6E0zSJqFl4XEb9XiVbURpvrx2L7eR/7bvWSbe9
hkqJrP6PaH5IShBPd3XvkGSN5uBPRekZVQB5yfWCl0dNgZZ99M/RScRyRPXU4Wqu
MPWqLRtlPekq+FSq+d5IB4v9uz5oLdhsLa/ZY4PcxUyzisr19rw69uuZoSyN4sjL
LMh9s6myJPuF/Tn/5rovbnqBfUMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSPd3eJ
bRMcvyIviK5Xc64XJ7zvbDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZWEyNzFmNzctNzYzZC00MmY4LWEzMTUtNjAwODE4NDdkMDU5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DHg
QDANBgkqhkiG9w0BAQsFAAOCAQEAGshRW18Q3tqFIktfKpy0vXh3tyIdb47DnqbE
z/vU062A3X617Z6UoVLtgZMh7wveVVg3TCnuQJwIqgmhTbX1hfTduyJPtZdrapFW
St7OTnNYin2pwGeGVfgmyM74+Fi0AbPykg23fsT6+Y8iC/oi2WH8L/PtnhdhmWUU
9pq3k3pMIHE0IWTrVfLT4lEJTauvItV63c3wQf6DwUQrOd70+rlJSg2GCCn3er0W
Ax89JbrptGUffvJ28w6u4Cys3Pnx5Lg0XvVSvXGoPFPXJTTFS0/slQDoTBK+BVbd
IDb4JsCcXcV818cwTW6jn1Wv6Hg55cmWbc7QKo+scBfJJGNvAA==
-----END CERTIFICATE-----