Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/03416ce5-042a-4b8b-81dd-819c5e1cdf09.roa
File:                     03416ce5-042a-4b8b-81dd-819c5e1cdf09.roa (raw, json)
Hash identifier:          +MAguNlqdg1jDJq/g9u6ph5jWL4Ro69owJtUgOO5oOA=
Subject key identifier:   C8:F1:E4:EB:88:4A:2F:F1:6A:06:5E:01:3D:2C:22:AA:00:2B:4E:10
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3B3BE634ABF771A14D8E263706C6FEAED33E112B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/03416ce5-042a-4b8b-81dd-819c5e1cdf09.roa
Signing time:             Mon 31 Mar 2025 19:40:16 +0000
ROA not before:           Mon 31 Mar 2025 19:40:16 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:8040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:3b:e6:34:ab:f7:71:a1:4d:8e:26:37:06:c6:fe:ae:d3:3e:11:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:40:16 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b2:c5:d0:97:de:08:ff:c5:08:8a:e0:d4:3e:
                    b8:a6:5f:d2:b2:9a:92:ea:0c:dc:a0:54:6b:bc:57:
                    b7:91:55:0e:64:0d:19:fe:76:62:34:ae:f1:90:b0:
                    17:17:0b:df:87:59:fb:3d:2b:4b:1d:8f:15:d8:d1:
                    3f:2b:25:d7:87:bf:26:f4:b1:cb:8f:cf:a0:cc:18:
                    df:b9:5c:93:d1:40:46:34:e6:20:e0:3c:85:b6:a4:
                    c7:76:1a:71:bc:91:7e:37:30:90:55:96:ab:2c:c0:
                    30:a2:7b:de:d6:e4:c9:20:79:ce:5a:45:58:92:2b:
                    ec:5f:c0:f1:d5:d5:e6:fb:0f:2a:63:8d:a9:1d:74:
                    0f:1a:6a:10:6b:1d:82:58:70:65:74:eb:bb:75:04:
                    72:58:79:19:1a:3f:27:1f:89:84:54:15:60:93:ac:
                    eb:e2:88:48:1d:a0:09:a8:76:20:13:c3:4b:88:dd:
                    32:6a:96:88:1d:eb:26:07:27:c1:ec:a3:36:ad:71:
                    e4:e1:9d:b4:dc:05:17:39:30:93:22:92:1d:ba:36:
                    78:bf:ff:cb:0e:69:bf:8b:a2:1d:79:17:73:09:24:
                    62:ed:5c:2c:a0:29:7f:d0:58:08:ab:96:37:dc:85:
                    8a:5a:7f:3b:d8:1f:b2:89:02:1b:c6:85:b2:66:02:
                    df:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:F1:E4:EB:88:4A:2F:F1:6A:06:5E:01:3D:2C:22:AA:00:2B:4E:10
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/03416ce5-042a-4b8b-81dd-819c5e1cdf09.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:8040::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:36:95:9f:58:60:41:07:49:fa:d1:1f:93:fd:1a:91:ac:cd:
         7b:e4:a6:83:38:a9:a7:be:9f:9d:c5:12:af:6e:66:49:dd:13:
         15:c4:c7:de:24:51:52:fa:67:c8:25:f0:68:b6:97:6d:55:f7:
         a4:46:c6:55:ce:b7:c6:60:5d:46:c7:84:6e:2d:f2:79:9c:13:
         04:22:00:9f:a5:8c:75:6a:bb:e1:24:c1:b7:94:a8:08:60:c1:
         09:1f:0e:58:1d:f5:48:78:a6:5a:7b:76:be:99:93:25:c7:bc:
         96:0d:96:83:69:92:35:6e:f3:d6:d4:db:6a:d9:c3:af:5b:61:
         96:42:54:12:f6:2f:13:37:94:e5:ea:35:02:5a:d1:2b:68:5a:
         7e:18:64:48:59:77:58:ac:bf:46:b3:bd:69:e9:bb:f0:99:c7:
         88:c0:cb:b3:bf:c7:9a:30:cc:81:d9:ba:5d:53:8a:bb:d6:5f:
         c6:b4:8a:5a:36:be:a7:12:05:5b:9f:a6:c9:05:1f:07:9c:43:
         17:8a:9b:b9:2a:7c:5e:f0:db:04:ff:9f:a3:13:fe:9f:4d:f9:
         d3:df:a7:b2:94:14:b0:9f:04:b4:26:61:07:65:2a:f5:1e:b8:
         64:53:87:6b:7a:ad:8d:cf:75:63:e4:ad:2d:a4:d9:94:24:47:
         09:40:93:39
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUOzvmNKv3caFNjiY3Bsb+rtM+ESswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTQwMTZaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDE3NDY2YzJiNzc3YWM1ZGIwYmJiM2I2NmFjN2VjZDNmODIxZTI2ZjBhZDFj
MmU2ODg0ZGE5MDgwODE5ZGMxZmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMKyxdCX3gj/xQiK4NQ+uKZf0rKakuoM3KBUa7xXt5FVDmQNGf52YjSu8ZCw
FxcL34dZ+z0rSx2PFdjRPysl14e/JvSxy4/PoMwY37lck9FARjTmIOA8hbakx3Ya
cbyRfjcwkFWWqyzAMKJ73tbkySB5zlpFWJIr7F/A8dXV5vsPKmONqR10DxpqEGsd
glhwZXTru3UEclh5GRo/Jx+JhFQVYJOs6+KISB2gCah2IBPDS4jdMmqWiB3rJgcn
weyjNq1x5OGdtNwFFzkwkyKSHbo2eL//yw5pv4uiHXkXcwkkYu1cLKApf9BYCKuW
N9yFilp/O9gfsokCG8aFsmYC30cCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTI8eTr
iEov8WoGXgE9LCKqACtOEDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDM0MTZjZTUtMDQyYS00YjhiLTgxZGQtODE5YzVlMWNkZjA5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
QDANBgkqhkiG9w0BAQsFAAOCAQEAPzaVn1hgQQdJ+tEfk/0akazNe+Smgzipp76f
ncUSr25mSd0TFcTH3iRRUvpnyCXwaLaXbVX3pEbGVc63xmBdRseEbi3yeZwTBCIA
n6WMdWq74STBt5SoCGDBCR8OWB31SHimWnt2vpmTJce8lg2Wg2mSNW7z1tTbatnD
r1thlkJUEvYvEzeU5eo1AlrRK2hafhhkSFl3WKy/RrO9aem78JnHiMDLs7/HmjDM
gdm6XVOKu9ZfxrSKWja+pxIFW5+myQUfB5xDF4qbuSp8XvDbBP+foxP+n03509+n
spQUsJ8EtCZhB2Uq9R64ZFOHa3qtjc91Y+StLaTZlCRHCUCTOQ==
-----END CERTIFICATE-----