Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa
File:                     33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa (raw, json)
Hash identifier:          lu9cswHhVPu4DjyWnL2/waRt5b8dNGcCZJkTq3z/Cm8=
Subject key identifier:   37:74:EF:B9:2A:74:C1:73:1B:99:CB:9E:46:C8:82:15:77:06:4B:1E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2B0A34779145170B487C799B27CA3A39EC487573
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d078:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:0a:34:77:91:45:17:0b:48:7c:79:9b:27:ca:3a:39:ec:48:75:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:a7:50:08:59:c2:7c:39:3c:29:d2:2a:f3:de:
                    67:18:ee:0d:9d:2d:ae:b1:82:47:bf:a6:7f:96:8d:
                    61:89:04:af:fd:d8:2c:68:4b:51:9d:58:0a:58:98:
                    a6:5f:2d:16:31:d2:75:f0:32:02:41:40:fb:9a:c7:
                    0d:bc:48:38:54:3e:03:f5:d6:d7:c3:00:44:01:e1:
                    f3:77:7e:e3:f3:b2:e5:4a:8e:96:fe:ec:39:d3:22:
                    b3:1d:51:73:c2:07:9a:78:cb:74:97:0e:6d:97:6e:
                    75:c2:e5:a2:d0:4e:de:0f:e0:b5:72:3f:43:6a:10:
                    c1:49:a9:d0:8b:d1:fc:a7:96:14:f0:4e:2f:b6:0d:
                    9c:24:1e:f4:37:0a:94:fe:f1:56:77:00:1d:2c:1e:
                    fc:36:47:2a:4b:2b:2f:cf:7b:86:ec:3f:0e:7b:17:
                    ec:a1:98:aa:c3:e4:7b:5c:8a:54:c2:dd:95:f4:1b:
                    f7:95:fc:a8:cb:d1:60:d7:da:ac:94:b3:31:9e:82:
                    66:aa:4e:8c:dd:fe:13:d2:23:96:53:2a:fe:7b:e7:
                    9b:14:cb:d7:92:fa:28:3e:67:db:40:fa:54:85:74:
                    0a:4c:88:2b:a2:db:dd:e2:e0:11:f8:d9:b3:e8:6d:
                    c7:08:6d:68:0f:01:32:a0:5f:5c:76:f0:88:53:04:
                    85:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:74:EF:B9:2A:74:C1:73:1B:99:CB:9E:46:C8:82:15:77:06:4B:1E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d078:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         15:75:3d:bd:db:e5:51:64:a8:10:f5:ea:f2:15:9d:94:78:d8:
         0f:0a:90:f9:17:12:85:4f:3e:7a:1a:54:5a:7d:c8:5a:86:5b:
         b4:24:05:f4:27:d4:ca:42:a7:9f:30:bf:cf:86:37:c0:92:3e:
         27:7a:9a:8e:de:93:90:0e:2c:b4:9f:76:4d:aa:2d:2b:59:a6:
         75:cf:81:3f:d2:11:b2:38:cb:fe:05:2a:46:cf:10:f8:fb:d4:
         d0:4c:c3:88:33:2c:f2:f4:63:d3:75:dc:4a:f5:30:7e:22:ea:
         49:f3:d0:65:e3:7d:a8:6e:33:e2:82:5f:65:58:d7:f6:dd:47:
         85:8b:a1:79:52:68:10:64:0e:3e:99:83:3c:fe:90:97:ec:2b:
         4e:fc:fc:bb:fb:62:32:54:84:5c:14:55:03:69:f3:7f:f7:cb:
         7a:94:4e:88:90:8e:39:e7:d2:e6:07:e4:bf:d3:34:d1:c8:92:
         8b:fa:2b:07:f3:2e:b8:b2:fd:34:c7:5d:26:1b:1c:b6:f2:22:
         88:e2:4a:1a:63:7f:06:d4:0f:2b:6f:8d:26:d6:cb:88:db:6f:
         b3:c4:c8:c4:57:fd:84:2e:24:97:31:36:2f:d7:bf:d0:87:29:
         d1:ca:ee:e8:c3:e7:d4:86:cd:8f:8b:70:58:9c:7d:2e:8d:1a:
         75:19:13:bd
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUKwo0d5FFFwtIfHmbJ8o6OexIdXMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAyMDUwMDAwMDBaFw0yNTAzMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGYwODA5MzBkOTVhOGJjZjllM2MyZDk3MzA5OGJkNGRiMTI0YjkyNDI3MGU5
MTg3NjJjYjk3MTVkYjNiMmFkNzMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANunUAhZwnw5PCnSKvPeZxjuDZ0trrGCR7+mf5aNYYkEr/3YLGhLUZ1YCliY
pl8tFjHSdfAyAkFA+5rHDbxIOFQ+A/XW18MARAHh83d+4/Oy5UqOlv7sOdMisx1R
c8IHmnjLdJcObZdudcLlotBO3g/gtXI/Q2oQwUmp0IvR/KeWFPBOL7YNnCQe9DcK
lP7xVncAHSwe/DZHKksrL897huw/DnsX7KGYqsPke1yKVMLdlfQb95X8qMvRYNfa
rJSzMZ6CZqpOjN3+E9IjllMq/nvnmxTL15L6KD5n20D6VIV0CkyIK6Lb3eLgEfjZ
s+htxwhtaA8BMqBfXHbwiFMEhVcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ3dO+5
KnTBcxuZy55GyIIVdwZLHjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzNmNDQyZTEtNzY2ZS00NjFkLWEzYjktMmIwZmQwMWIwOGNjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hhg
MA0GCSqGSIb3DQEBCwUAA4IBAQAVdT292+VRZKgQ9eryFZ2UeNgPCpD5FxKFTz56
GlRafchahlu0JAX0J9TKQqefML/PhjfAkj4nepqO3pOQDiy0n3ZNqi0rWaZ1z4E/
0hGyOMv+BSpGzxD4+9TQTMOIMyzy9GPTddxK9TB+IupJ89Bl432objPigl9lWNf2
3UeFi6F5UmgQZA4+mYM8/pCX7CtO/Py7+2IyVIRcFFUDafN/98t6lE6IkI4559Lm
B+S/0zTRyJKL+isH8y64sv00x10mGxy28iKI4koaY38G1A8rb40m1suI22+zxMjE
V/2ELiSXMTYv17/QhynRyu7ow+fUhs2Pi3BYnH0ujRp1GRO9
-----END CERTIFICATE-----