Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fad76837-d6e1-4885-9781-3088c0b0c06c.roa
File:                     fad76837-d6e1-4885-9781-3088c0b0c06c.roa (raw, json)
Hash identifier:          GD2R6NMGRvgHCK2Fg3nDgaGLKGCyo6h4gIfnjH+Yjg4=
Subject key identifier:   4A:34:03:AD:42:F5:A0:EC:BA:FB:8F:11:CB:11:1E:6B:F4:0E:B9:4A
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       57435254FBB42D9C3F71CD8C9952DE09D6E5CBBC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fad76837-d6e1-4885-9781-3088c0b0c06c.roa
Signing time:             Fri 07 Mar 2025 15:00:19 +0000
ROA not before:           Fri 07 Mar 2025 15:00:19 +0000
ROA not after:            Fri 11 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d038:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:43:52:54:fb:b4:2d:9c:3f:71:cd:8c:99:52:de:09:d6:e5:cb:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar  7 15:00:19 2025 GMT
            Not After : Apr 11 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:20:e4:05:14:ac:84:6e:94:c1:84:60:2a:33:
                    58:c2:c4:6f:ad:9c:05:34:16:fd:37:e0:2b:b0:7a:
                    50:6e:71:86:f3:67:b3:9c:00:32:b8:cb:6e:6c:b2:
                    49:73:09:8c:17:23:09:9a:78:04:dd:c7:77:f8:d0:
                    68:b2:22:53:e7:c1:2c:63:9c:eb:ee:1e:8b:ae:31:
                    de:25:42:3d:4e:df:24:91:77:3d:59:ff:94:e1:1a:
                    e1:99:be:14:18:b1:6e:cf:37:9b:e4:f3:e9:18:d7:
                    16:47:a0:46:04:ad:d2:32:0b:d8:2b:a7:2d:7f:ad:
                    50:d3:4e:0f:90:db:07:cf:6c:9f:21:62:65:93:73:
                    f4:5b:cf:c2:60:99:27:f0:19:3d:30:a9:b7:ad:46:
                    58:66:8b:42:5f:ec:5c:64:bc:55:0e:7c:bf:64:f8:
                    ed:b5:6d:32:d3:a7:83:86:62:c3:e9:10:bc:a5:2c:
                    35:79:8b:0e:2d:ca:85:4f:d2:86:17:85:a6:bc:fc:
                    91:62:99:67:fc:b9:91:26:79:f8:a3:e8:b6:62:ac:
                    48:13:de:c6:7e:93:05:b4:c9:bb:c2:d8:19:20:56:
                    2f:d1:0e:13:e2:4e:00:59:49:2e:de:7b:15:bc:47:
                    d5:1c:23:7c:d9:91:a4:2d:f8:26:0d:4a:4a:8f:70:
                    76:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:34:03:AD:42:F5:A0:EC:BA:FB:8F:11:CB:11:1E:6B:F4:0E:B9:4A
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fad76837-d6e1-4885-9781-3088c0b0c06c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d038:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1a:d1:84:90:5f:e6:60:0c:a8:c1:3b:6b:5b:d1:ce:f6:5c:a8:
         4d:c8:2a:af:af:af:22:4e:99:6f:50:93:7c:57:64:c0:5b:a7:
         0f:da:3c:ef:32:9a:20:3e:71:d7:4c:09:0f:21:2f:11:a7:b3:
         13:dd:ea:c6:ed:55:6d:98:fe:af:70:6c:d1:1d:72:3c:57:58:
         10:ca:5e:4c:49:25:b3:51:22:b6:18:fd:cd:5c:de:a8:2d:26:
         a4:0c:f1:51:25:79:ed:3a:77:03:20:2a:9c:44:9f:ea:21:00:
         bc:a4:2e:0a:85:d7:c8:00:6d:7d:46:3f:89:af:2f:e1:69:14:
         55:be:bf:2f:ed:88:ef:c7:cc:39:76:1c:73:3d:17:f8:dd:fd:
         31:d2:46:de:82:41:c7:36:8f:c9:23:f4:de:cf:69:32:45:a9:
         91:d6:33:89:85:c0:dd:13:99:af:bd:3f:c5:ad:e8:fd:ce:b6:
         bc:e5:61:8b:1e:c2:ea:8e:90:ea:81:d3:57:fc:ce:1e:07:79:
         14:c8:c8:d2:38:b3:58:5a:7b:f9:0f:56:85:22:85:d5:73:d2:
         e7:45:72:01:76:11:f8:04:1d:39:fd:76:79:8b:31:82:7c:b2:
         d8:28:54:ff:2e:c5:b4:46:cc:8d:6a:6d:63:8a:6d:f8:65:49:
         13:b9:af:03
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUV0NSVPu0LZw/cc2MmVLeCdbly7wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMDcxNTAwMTlaFw0yNTA0MTEyMzU5NTlaMHoxSTBHBgNV
BAUTQDg1M2QzMGY5MWIwZmRlMTQyM2YxZmY1MzdlOTcyYWRkNDhhNjhiMjQyYzgz
NmM0MmQ5MzZlODk5MzE4MmUyZjQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIUg5AUUrIRulMGEYCozWMLEb62cBTQW/TfgK7B6UG5xhvNns5wAMrjLbmyy
SXMJjBcjCZp4BN3Hd/jQaLIiU+fBLGOc6+4ei64x3iVCPU7fJJF3PVn/lOEa4Zm+
FBixbs83m+Tz6RjXFkegRgSt0jIL2CunLX+tUNNOD5DbB89snyFiZZNz9FvPwmCZ
J/AZPTCpt61GWGaLQl/sXGS8VQ58v2T47bVtMtOng4Ziw+kQvKUsNXmLDi3KhU/S
hheFprz8kWKZZ/y5kSZ5+KPotmKsSBPexn6TBbTJu8LYGSBWL9EOE+JOAFlJLt57
FbxH1RwjfNmRpC34Jg1KSo9wdqECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRKNAOt
QvWg7Lr7jxHLER5r9A65SjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmFkNzY4MzctZDZlMS00ODg1LTk3ODEtMzA4OGMwYjBjMDZjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dhg
MA0GCSqGSIb3DQEBCwUAA4IBAQAa0YSQX+ZgDKjBO2tb0c72XKhNyCqvr68iTplv
UJN8V2TAW6cP2jzvMpogPnHXTAkPIS8Rp7MT3erG7VVtmP6vcGzRHXI8V1gQyl5M
SSWzUSK2GP3NXN6oLSakDPFRJXntOncDICqcRJ/qIQC8pC4KhdfIAG19Rj+Jry/h
aRRVvr8v7Yjvx8w5dhxzPRf43f0x0kbegkHHNo/JI/Tez2kyRamR1jOJhcDdE5mv
vT/Frej9zra85WGLHsLqjpDqgdNX/M4eB3kUyMjSOLNYWnv5D1aFIoXVc9LnRXIB
dhH4BB05/XZ5izGCfLLYKFT/LsW0RsyNam1jim34ZUkTua8D
-----END CERTIFICATE-----