Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/70a2bc6f-ae0f-4f13-9499-78c505a5f7c9.roa
File:                     70a2bc6f-ae0f-4f13-9499-78c505a5f7c9.roa (raw, json)
Hash identifier:          mqMzJMijWzkxL/bZUd7l/L2a603Yfk1ikGtCjC3LnqI=
Subject key identifier:   86:68:94:58:DE:A5:5E:15:E9:DE:69:73:EB:8C:7A:CB:2C:9F:59:63
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       65994D0BA4BB5F7541638977EF13FCC3249E003E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/70a2bc6f-ae0f-4f13-9499-78c505a5f7c9.roa
Signing time:             Wed 05 Mar 2025 17:30:34 +0000
ROA not before:           Wed 05 Mar 2025 17:30:34 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d058:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:99:4d:0b:a4:bb:5f:75:41:63:89:77:ef:13:fc:c3:24:9e:00:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  5 17:30:34 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:26:e6:5b:60:1f:1f:45:9d:3b:81:43:ed:28:
                    4d:af:d3:0a:0d:43:35:3f:cd:2f:4b:6c:a4:12:14:
                    90:38:1a:d2:ef:94:72:ac:d4:b1:79:de:dd:0c:3e:
                    93:50:eb:ac:a0:de:60:41:c3:49:8d:3e:b4:7f:31:
                    e6:83:2f:2e:64:ca:c3:81:46:d0:7d:ce:37:cc:c4:
                    9d:07:f6:6f:25:f3:ac:6a:50:f0:4d:4e:ed:01:eb:
                    9a:6f:97:dc:ff:53:50:bc:cd:eb:fd:78:bd:1f:22:
                    47:f2:54:f5:96:d7:5b:60:91:85:fe:3a:08:89:db:
                    5a:7f:78:d2:ac:f7:8c:f9:1b:ff:55:8f:2a:96:59:
                    f1:dc:87:99:ad:b0:2c:99:c3:e4:0a:dd:dc:9b:11:
                    ab:81:a2:48:f8:eb:de:e7:93:8f:5a:86:e0:62:f5:
                    17:cc:e8:55:7b:13:9d:e2:36:85:96:45:b0:e8:bf:
                    51:bb:e3:26:f5:32:df:e3:6f:1a:a2:64:f4:e3:e5:
                    c6:83:e9:1f:84:07:27:61:8b:cd:51:09:64:42:67:
                    f3:c4:bf:c9:28:c4:5f:23:10:8b:1b:ee:72:69:e5:
                    42:78:fc:62:43:79:8c:2c:16:c1:69:1c:21:10:c2:
                    fb:30:68:6a:0a:4d:8a:db:eb:8a:c2:92:ca:85:e8:
                    f0:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:68:94:58:DE:A5:5E:15:E9:DE:69:73:EB:8C:7A:CB:2C:9F:59:63
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/70a2bc6f-ae0f-4f13-9499-78c505a5f7c9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d058:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1a:5b:96:e2:2d:67:d7:94:c9:91:59:53:a7:02:ae:99:3f:a7:
         d5:1f:f3:94:ef:ba:6a:72:17:f0:5f:f8:d7:bb:2e:f0:12:98:
         b4:30:c9:8e:ee:af:47:07:d7:0d:ce:1b:8c:08:7a:5e:ed:85:
         47:79:be:cd:ac:d6:8e:ec:5a:38:5b:d7:dc:52:e9:78:e9:c8:
         48:3f:76:78:61:ca:e9:12:8b:9e:4b:7c:5a:f8:3f:5f:0f:dd:
         67:0d:2c:36:96:0e:2a:44:1d:f2:61:e9:bc:10:40:23:ea:db:
         33:ef:b0:c2:c0:a8:5c:d5:54:33:81:4a:bc:71:12:38:d2:da:
         00:33:04:bf:3a:b4:2b:62:cc:6d:bd:e8:50:07:b5:1e:f3:53:
         64:61:8c:e3:10:df:1e:0d:f0:44:2b:ca:30:93:c3:3c:91:62:
         c4:44:c6:24:35:9f:c9:c3:40:41:e3:74:bc:e3:47:a8:88:9c:
         2b:68:5d:e9:e8:d1:1d:20:43:57:d7:f4:c6:d0:30:c9:68:e9:
         6a:fa:a9:c3:f4:47:c3:f7:97:42:c8:84:38:e4:fb:06:3e:30:
         3f:23:ec:1b:45:f1:f3:13:2a:6a:43:f8:9f:b3:5a:19:e9:f1:
         97:d5:9d:0f:f4:f6:07:df:3e:17:c2:dd:9e:94:a5:11:cd:39:
         2a:11:23:31
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZZlNC6S7X3VBY4l37xP8wySeAD4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDUxNzMwMzRaFw0yNTA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGU5NDZkNWYyYTlmNjI4NjUwMTMxOTYwZDgwNWFkNGM4MDVhNWE0N2U3OTlm
N2YwNWYwOTI3NzNkNWFiYjJhOWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALMm5ltgHx9FnTuBQ+0oTa/TCg1DNT/NL0tspBIUkDga0u+UcqzUsXne3Qw+
k1DrrKDeYEHDSY0+tH8x5oMvLmTKw4FG0H3ON8zEnQf2byXzrGpQ8E1O7QHrmm+X
3P9TULzN6/14vR8iR/JU9ZbXW2CRhf46CInbWn940qz3jPkb/1WPKpZZ8dyHma2w
LJnD5Ard3JsRq4GiSPjr3ueTj1qG4GL1F8zoVXsTneI2hZZFsOi/UbvjJvUy3+Nv
GqJk9OPlxoPpH4QHJ2GLzVEJZEJn88S/ySjEXyMQixvucmnlQnj8YkN5jCwWwWkc
IRDC+zBoagpNitvrisKSyoXo8C8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSGaJRY
3qVeFeneaXPrjHrLLJ9ZYzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzBhMmJjNmYtYWUwZi00ZjEzLTk0OTktNzhjNTA1YTVmN2M5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fjg
MA0GCSqGSIb3DQEBCwUAA4IBAQAaW5biLWfXlMmRWVOnAq6ZP6fVH/OU77pqchfw
X/jXuy7wEpi0MMmO7q9HB9cNzhuMCHpe7YVHeb7NrNaO7Fo4W9fcUul46chIP3Z4
YcrpEoueS3xa+D9fD91nDSw2lg4qRB3yYem8EEAj6tsz77DCwKhc1VQzgUq8cRI4
0toAMwS/OrQrYsxtvehQB7Ue81NkYYzjEN8eDfBEK8owk8M8kWLERMYkNZ/Jw0BB
43S840eoiJwraF3p6NEdIENX1/TG0DDJaOlq+qnD9EfD95dCyIQ45PsGPjA/I+wb
RfHzEypqQ/ifs1oZ6fGX1Z0P9PYH3z4Xwt2elKURzTkqESMx
-----END CERTIFICATE-----