Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa
File:                     33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa (raw, json)
Hash identifier:          GF5y/NqzBRdzz63xttpMvZwWQIcOdb8BMhvXMJ7G3UU=
Subject key identifier:   3C:C0:37:5C:CB:51:34:0E:E7:D0:2C:3C:78:67:E0:CE:03:F4:0A:76
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0EF44A915CAFFF5C3FA7F3DC46A21FE854111519
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa
Signing time:             Wed 05 Mar 2025 17:30:28 +0000
ROA not before:           Wed 05 Mar 2025 17:30:28 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d078:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:f4:4a:91:5c:af:ff:5c:3f:a7:f3:dc:46:a2:1f:e8:54:11:15:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 17:30:28 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:3e:9b:50:7e:8a:e0:ad:b0:98:62:40:60:a9:
                    0c:4f:61:11:61:28:a9:12:63:10:09:73:3d:56:8a:
                    f2:9a:b4:b6:5c:95:6d:18:31:66:a1:91:9c:5d:c4:
                    c8:00:fd:c1:7f:37:9d:b1:ed:b8:a6:da:f8:84:1d:
                    aa:e9:bc:d4:b0:60:69:8c:11:7b:29:d0:1d:7f:60:
                    23:ba:07:5f:eb:b9:c6:29:fc:bf:9c:fc:b9:f3:3a:
                    79:83:08:20:26:a7:20:b8:4c:12:a0:59:44:5b:42:
                    70:da:21:f5:63:d3:36:51:4d:3d:4f:34:22:a6:c9:
                    35:24:a5:14:eb:ee:6f:7f:09:2e:5d:fc:c3:1b:17:
                    aa:51:6c:f4:59:80:a6:12:0c:f0:4b:5d:dc:50:74:
                    89:76:58:ad:d7:8b:cf:0b:41:d0:33:6a:83:21:01:
                    84:76:7f:cf:35:aa:5a:cf:6a:01:6d:04:2b:e1:24:
                    2e:e6:a0:8f:fa:77:20:05:b7:cc:9a:47:41:9f:29:
                    17:a6:15:fd:2f:e1:14:ef:47:a7:b7:08:b0:d9:d7:
                    8e:6b:61:04:58:1a:de:41:f2:cd:cc:a6:d1:7d:32:
                    1e:b7:6f:86:45:d0:7b:c8:e3:b2:57:60:88:9e:04:
                    93:aa:e2:d8:dc:6d:d4:d1:25:81:68:0e:37:3b:77:
                    b9:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:C0:37:5C:CB:51:34:0E:E7:D0:2C:3C:78:67:E0:CE:03:F4:0A:76
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d078:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1c:a9:d9:e6:94:bd:3f:9a:87:a3:27:c5:ed:89:c4:f7:fd:f8:
         39:a3:1a:ff:aa:44:b0:ab:f4:1b:3f:70:94:45:5d:c2:95:28:
         d8:e1:ef:77:dc:93:f3:81:f3:73:4a:2d:15:b4:d7:2a:a0:23:
         af:ed:de:06:25:8e:ae:0e:a4:01:9a:58:b9:59:06:7d:29:ec:
         55:09:4c:f7:8d:d6:ad:f9:aa:84:73:ce:cc:c8:08:5e:ad:b3:
         78:e0:17:36:f4:79:72:e4:98:0f:a9:c2:65:31:1a:3a:c8:7b:
         a0:ef:1b:55:35:82:02:7f:87:94:2e:21:71:b1:ae:ea:71:e3:
         1b:65:73:bd:75:c6:60:1a:e6:22:ab:22:15:41:77:c5:5c:45:
         b9:ac:b7:12:73:eb:fb:c0:69:b1:23:d4:ba:87:51:9e:cf:7b:
         42:3f:66:69:11:31:92:73:8c:0e:50:91:09:a4:90:6d:a1:a0:
         23:94:ac:bf:23:d1:d7:c2:77:ed:13:53:df:43:c4:fe:2a:24:
         8f:e3:1a:89:fa:c6:43:0a:47:bd:c8:26:ef:dd:47:fa:bc:9a:
         26:87:d9:44:7b:13:fb:64:35:08:30:1c:b5:e6:86:2b:d7:ea:
         ec:ee:85:5f:6a:ec:61:e3:cc:9f:e5:8e:37:19:5a:0b:90:09:
         91:26:15:50
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDvRKkVyv/1w/p/PcRqIf6FQRFRkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDUxNzMwMjhaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDkxZmUzOGEwNTQ3NTAxMTZiNzAxOWM5YTdiNzJhMDQ1M2UyMWZlMjlhMTQ4
NTAzOTliNGIxMTkwMjIxZjQzOGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKg+m1B+iuCtsJhiQGCpDE9hEWEoqRJjEAlzPVaK8pq0tlyVbRgxZqGRnF3E
yAD9wX83nbHtuKba+IQdqum81LBgaYwReynQHX9gI7oHX+u5xin8v5z8ufM6eYMI
ICanILhMEqBZRFtCcNoh9WPTNlFNPU80IqbJNSSlFOvub38JLl38wxsXqlFs9FmA
phIM8Etd3FB0iXZYrdeLzwtB0DNqgyEBhHZ/zzWqWs9qAW0EK+EkLuagj/p3IAW3
zJpHQZ8pF6YV/S/hFO9Hp7cIsNnXjmthBFga3kHyzcym0X0yHrdvhkXQe8jjsldg
iJ4Ek6ri2Nxt1NElgWgONzt3uQMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ8wDdc
y1E0DufQLDx4Z+DOA/QKdjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzNmNDQyZTEtNzY2ZS00NjFkLWEzYjktMmIwZmQwMWIwOGNjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hhg
MA0GCSqGSIb3DQEBCwUAA4IBAQAcqdnmlL0/moejJ8XticT3/fg5oxr/qkSwq/Qb
P3CURV3ClSjY4e933JPzgfNzSi0VtNcqoCOv7d4GJY6uDqQBmli5WQZ9KexVCUz3
jdat+aqEc87MyAherbN44Bc29Hly5JgPqcJlMRo6yHug7xtVNYICf4eULiFxsa7q
ceMbZXO9dcZgGuYiqyIVQXfFXEW5rLcSc+v7wGmxI9S6h1Gez3tCP2ZpETGSc4wO
UJEJpJBtoaAjlKy/I9HXwnftE1PfQ8T+KiSP4xqJ+sZDCke9yCbv3Uf6vJomh9lE
exP7ZDUIMBy15oYr1+rs7oVfauxh48yf5Y43GVoLkAmRJhVQ
-----END CERTIFICATE-----