Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/06a4b0ee-b740-45a8-9574-79207837db5b.roa
File:                     06a4b0ee-b740-45a8-9574-79207837db5b.roa (raw, json)
Hash identifier:          r0WJWnntw4LF4dQ7Olcaxb/jidIpJ7hnJd3PNwVjKMg=
Subject key identifier:   63:1E:9A:41:79:6F:AB:70:4E:41:4C:C3:A6:53:7C:77:A0:CA:F7:8C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3AE897EFA28745A19417CD28B08B9FE9938C8543
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/06a4b0ee-b740-45a8-9574-79207837db5b.roa
Signing time:             Mon 31 Mar 2025 20:21:29 +0000
ROA not before:           Mon 31 Mar 2025 20:21:29 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:a0c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:e8:97:ef:a2:87:45:a1:94:17:cd:28:b0:8b:9f:e9:93:8c:85:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:21:29 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e7:6c:c9:92:9d:63:da:88:2c:b4:a6:78:f3:
                    c5:ef:b1:64:88:d9:76:86:85:2c:e6:20:db:a2:4a:
                    c5:55:9b:20:b6:56:45:5d:e7:f1:03:3a:4f:b8:c1:
                    7e:ec:99:f3:f2:2d:95:4c:08:22:4e:07:7d:e3:87:
                    f9:15:a7:af:aa:74:a7:f3:98:f9:60:5c:5b:35:ec:
                    33:17:63:4f:91:fc:17:30:06:a6:d7:8d:16:39:5c:
                    04:3e:5b:cc:bd:5f:b2:1f:38:bf:b8:79:c2:6c:ba:
                    9d:45:6f:4e:92:43:1f:41:b3:e2:fe:5b:ce:1e:86:
                    66:b0:e6:b9:e1:bb:14:02:e7:11:8b:ff:70:a3:83:
                    ff:1c:c9:0b:42:48:d7:1f:34:9d:4a:7e:c9:af:6b:
                    54:6c:f6:8c:e0:ff:c5:fe:0b:21:31:a7:be:b2:d2:
                    4d:53:61:56:64:35:b1:7f:1d:83:14:ff:ff:23:e1:
                    3c:61:65:21:cc:5e:39:19:9b:6f:ec:47:ea:fc:2c:
                    d3:08:8a:f5:8b:33:44:78:e4:c2:56:17:3b:c6:ab:
                    2e:fb:db:ba:a1:50:e0:0a:df:9c:44:75:39:a8:1c:
                    d9:5d:29:0a:4b:af:fb:e3:58:3c:d3:22:84:f6:a1:
                    f3:2f:b0:d4:86:1e:3d:8c:de:01:d8:88:0c:9a:8f:
                    75:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:1E:9A:41:79:6F:AB:70:4E:41:4C:C3:A6:53:7C:77:A0:CA:F7:8C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/06a4b0ee-b740-45a8-9574-79207837db5b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:a0c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         1e:94:f3:73:6b:60:30:e4:c5:af:8d:28:95:28:1a:12:8c:d5:
         86:b2:36:1f:e8:d2:dd:9a:ef:e0:38:21:6a:9d:86:51:ac:72:
         1f:22:67:12:d1:86:82:12:b0:c7:53:17:f8:98:42:af:e1:42:
         7c:db:a7:d3:73:02:53:33:26:33:4b:62:37:14:92:58:9e:a9:
         2b:7b:e2:ef:f9:b2:e1:e0:32:86:3f:77:f8:8c:81:b1:8f:43:
         e1:df:64:54:6e:2c:80:5d:d4:34:97:9e:02:97:e5:bb:ff:c8:
         32:09:2f:e6:ce:62:f3:fe:c3:25:f5:6a:41:48:07:72:e8:4a:
         c6:18:63:10:92:ae:08:46:6a:22:42:12:2a:a4:88:21:8d:ba:
         7e:d6:dc:eb:49:45:ad:a2:1c:c7:4f:e2:02:63:e7:29:f5:13:
         be:ee:a0:40:b3:5b:79:6f:76:68:5c:7d:b1:e0:ac:3a:b9:38:
         0e:b0:dc:dd:a5:a8:7e:d6:dc:34:79:c2:a1:97:fd:bb:e3:9f:
         82:e7:9d:e5:53:a7:b6:55:9e:92:8e:57:87:6f:ea:6d:58:d8:
         f6:7e:ac:8d:93:7e:99:3e:8e:a9:41:82:23:57:6c:a6:e1:6a:
         2b:f7:55:05:4b:55:a2:99:12:a4:02:7c:65:75:20:c5:46:93:
         d7:fe:87:6f
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUOuiX76KHRaGUF80osIuf6ZOMhUMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDIxMjlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDE2MzhkODEzZmJmMTI5MDNkNDQ0NGViNjBmYWE2NjI5Nzg1NGI2NjJiNzhi
OTM4MTBmOGQ5OGY1OTVmYjFlM2IxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMDnbMmSnWPaiCy0pnjzxe+xZIjZdoaFLOYg26JKxVWbILZWRV3n8QM6T7jB
fuyZ8/ItlUwIIk4HfeOH+RWnr6p0p/OY+WBcWzXsMxdjT5H8FzAGpteNFjlcBD5b
zL1fsh84v7h5wmy6nUVvTpJDH0Gz4v5bzh6GZrDmueG7FALnEYv/cKOD/xzJC0JI
1x80nUp+ya9rVGz2jOD/xf4LITGnvrLSTVNhVmQ1sX8dgxT//yPhPGFlIcxeORmb
b+xH6vws0wiK9YszRHjkwlYXO8arLvvbuqFQ4ArfnER1Oagc2V0pCkuv++NYPNMi
hPah8y+w1IYePYzeAdiIDJqPdaUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRjHppB
eW+rcE5BTMOmU3x3oMr3jDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDZhNGIwZWUtYjc0MC00NWE4LTk1NzQtNzkyMDc4MzdkYjViLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DWg
wDANBgkqhkiG9w0BAQsFAAOCAQEAHpTzc2tgMOTFr40olSgaEozVhrI2H+jS3Zrv
4Dghap2GUaxyHyJnEtGGghKwx1MX+JhCr+FCfNun03MCUzMmM0tiNxSSWJ6pK3vi
7/my4eAyhj93+IyBsY9D4d9kVG4sgF3UNJeeApflu//IMgkv5s5i8/7DJfVqQUgH
cuhKxhhjEJKuCEZqIkISKqSIIY26ftbc60lFraIcx0/iAmPnKfUTvu6gQLNbeW92
aFx9seCsOrk4DrDc3aWoftbcNHnCoZf9u+Ofgued5VOntlWeko5Xh2/qbVjY9n6s
jZN+mT6OqUGCI1dspuFqK/dVBUtVopkSpAJ8ZXUgxUaT1/6Hbw==
-----END CERTIFICATE-----