Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f0b87948-0066-431b-b731-8030cc7f4eef.roa
File:                     f0b87948-0066-431b-b731-8030cc7f4eef.roa (raw, json)
Hash identifier:          BwzxTfo5lQCu2N7BKJrkQjl73QOuz9oRMSSovGU1hHc=
Subject key identifier:   13:AD:40:7C:DF:F2:48:6C:C3:65:36:6B:99:86:8D:7C:51:E3:46:D6
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4130F6D00896AA16279D47631D22D9D03991DD19
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f0b87948-0066-431b-b731-8030cc7f4eef.roa
Signing time:             Mon 31 Mar 2025 20:21:45 +0000
ROA not before:           Mon 31 Mar 2025 20:21:45 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:9000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:30:f6:d0:08:96:aa:16:27:9d:47:63:1d:22:d9:d0:39:91:dd:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:21:45 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7d:94:71:55:63:39:ef:4d:8e:d0:3b:37:7b:
                    72:fc:11:57:69:d0:be:26:30:d3:93:d1:59:66:7e:
                    3b:40:04:5e:ea:7b:5b:7a:ad:f1:82:f9:1e:aa:86:
                    d1:ee:57:fa:1e:64:e6:56:d1:d4:66:04:03:fc:94:
                    76:42:af:51:11:3e:8f:fc:67:45:09:6c:b7:c8:0f:
                    7a:cd:a8:51:11:b2:a1:be:3e:3d:04:da:c1:7c:51:
                    09:d4:dd:d1:d8:af:fb:3d:e8:4f:19:28:f0:8d:e7:
                    81:f1:1a:44:ba:63:71:85:b7:a2:a5:8b:45:0e:45:
                    cb:fc:ee:9f:af:9b:35:92:67:30:84:b1:be:34:c3:
                    89:9f:b1:45:ce:09:ed:7a:2a:55:89:88:60:73:a8:
                    87:38:65:99:9a:3d:17:c9:50:98:e1:8b:71:32:82:
                    6e:d7:3a:08:35:b0:09:44:a2:44:95:9f:b6:69:57:
                    e6:df:63:6d:56:1a:33:0d:29:1a:49:76:58:e6:bc:
                    74:b7:41:e7:22:fc:b8:2d:20:e7:c4:5f:f9:2c:17:
                    4c:04:e4:e1:7e:f7:0d:5f:89:7c:27:b0:47:04:57:
                    8e:75:75:c6:8d:36:02:97:34:82:e2:e5:49:52:f1:
                    3f:7b:af:25:e3:cd:15:48:c3:e0:af:af:8c:f9:41:
                    f2:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:AD:40:7C:DF:F2:48:6C:C3:65:36:6B:99:86:8D:7C:51:E3:46:D6
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f0b87948-0066-431b-b731-8030cc7f4eef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4a:9b:de:e3:53:dd:df:8e:47:da:3a:45:f2:07:78:61:d4:c8:
         66:53:20:de:28:ef:13:04:52:11:b5:ec:44:8f:ba:c7:e9:a1:
         f5:f9:f8:2d:74:1c:a3:2e:56:09:dc:b2:45:99:0c:c9:ed:93:
         c1:21:87:f9:5c:d0:7f:9e:92:8d:a9:5c:5b:b3:13:df:e1:28:
         26:57:19:69:76:25:72:9f:21:a2:dd:ca:3f:1a:f3:20:8f:83:
         53:0e:3c:12:a4:11:87:c9:e2:ab:18:35:97:7c:26:1c:d5:ca:
         f6:c6:7e:93:00:28:65:e5:ad:e5:b6:c4:55:ac:20:f2:eb:fa:
         15:fa:ea:f1:95:b7:ac:34:f3:95:4d:b5:9f:22:cb:00:f8:3f:
         d1:ae:20:56:af:53:7e:51:d9:c0:8a:f8:11:c6:bd:9d:4d:8e:
         e9:88:b3:d0:ff:6f:05:c5:41:ef:4e:bc:02:35:41:8d:02:e8:
         4f:77:66:15:8e:08:1c:11:66:eb:56:bd:0c:d1:04:63:af:a2:
         d3:fe:ac:2e:a0:22:23:70:eb:b8:f5:ba:82:d8:d6:05:06:f2:
         ab:ed:cc:80:8b:88:a9:b3:32:7f:a5:09:91:51:b9:a9:9b:a0:
         be:c6:b9:da:dc:a1:22:53:da:e7:cf:8a:41:c7:b7:23:73:f5:
         df:4c:36:76
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQTD20AiWqhYnnUdjHSLZ0DmR3RkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDIxNDVaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDMyMzg5Y2MzYWQyYjlhOTE0MTdlNGY3MWEyZmQ1MzczZDQ3ODhhNjFmOWFl
NTY4MGEyM2I2ZTNjODYyM2IxMDExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMB9lHFVYznvTY7QOzd7cvwRV2nQviYw05PRWWZ+O0AEXup7W3qt8YL5HqqG
0e5X+h5k5lbR1GYEA/yUdkKvURE+j/xnRQlst8gPes2oURGyob4+PQTawXxRCdTd
0div+z3oTxko8I3ngfEaRLpjcYW3oqWLRQ5Fy/zun6+bNZJnMISxvjTDiZ+xRc4J
7XoqVYmIYHOohzhlmZo9F8lQmOGLcTKCbtc6CDWwCUSiRJWftmlX5t9jbVYaMw0p
Gkl2WOa8dLdB5yL8uC0g58Rf+SwXTATk4X73DV+JfCewRwRXjnV1xo02Apc0guLl
SVLxP3uvJePNFUjD4K+vjPlB8hkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQTrUB8
3/JIbMNlNmuZho18UeNG1jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjBiODc5NDgtMDA2Ni00MzFiLWI3MzEtODAzMGNjN2Y0ZWVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HeQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBKm97jU93fjkfaOkXyB3hh1MhmUyDeKO8TBFIR
texEj7rH6aH1+fgtdByjLlYJ3LJFmQzJ7ZPBIYf5XNB/npKNqVxbsxPf4SgmVxlp
diVynyGi3co/GvMgj4NTDjwSpBGHyeKrGDWXfCYc1cr2xn6TAChl5a3ltsRVrCDy
6/oV+urxlbesNPOVTbWfIssA+D/RriBWr1N+UdnAivgRxr2dTY7piLPQ/28FxUHv
TrwCNUGNAuhPd2YVjggcEWbrVr0M0QRjr6LT/qwuoCIjcOu49bqC2NYFBvKr7cyA
i4ipszJ/pQmRUbmpm6C+xrna3KEiU9rnz4pBx7cjc/XfTDZ2
-----END CERTIFICATE-----