Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10ac5d21-ac79-460b-9e20-5ffa366ca0ed.roa
File:                     10ac5d21-ac79-460b-9e20-5ffa366ca0ed.roa (raw, json)
Hash identifier:          S/i+CA2oq4ed5ROQn28K9OfQEfipvj2o9lOQdTmMJhc=
Subject key identifier:   B1:80:B4:E2:89:8A:F1:1F:55:94:19:08:47:18:1D:74:79:63:97:D8
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       44A99586E56C98594EFBACAA77440F7980AD6EDB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10ac5d21-ac79-460b-9e20-5ffa366ca0ed.roa
Signing time:             Mon 31 Mar 2025 20:31:15 +0000
ROA not before:           Mon 31 Mar 2025 20:31:15 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:20c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:a9:95:86:e5:6c:98:59:4e:fb:ac:aa:77:44:0f:79:80:ad:6e:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:31:15 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:66:bd:2c:ae:fa:21:0a:70:55:da:a0:da:99:
                    0b:9a:01:c9:20:11:d2:dc:30:e1:67:ac:6b:ea:3b:
                    75:35:c6:a1:2b:93:30:2b:de:ff:dc:4c:da:98:b1:
                    22:92:83:3d:73:9d:b5:3c:8d:60:c1:d7:4a:0e:2e:
                    25:1d:31:fc:cf:83:73:d1:cc:3e:55:d8:02:bf:bb:
                    2f:46:7b:9b:32:38:5e:1a:73:f6:94:67:a6:34:5e:
                    44:29:4c:dd:46:6e:96:fb:01:e3:76:6d:ca:0c:d5:
                    17:b9:5b:03:c7:0c:fd:dd:79:ec:76:0e:dc:a8:be:
                    19:8c:d8:f3:1c:5e:61:bb:ea:08:6a:eb:75:b4:c9:
                    df:34:78:5c:cb:b7:b9:ab:ab:bd:5e:cb:9d:57:df:
                    12:ab:f2:9a:6f:6d:50:74:f4:34:bb:8a:24:76:eb:
                    52:1f:6b:a9:d3:4f:19:a7:0b:60:6f:ed:79:2e:27:
                    05:e0:a1:0b:06:f0:84:15:0a:df:ec:c6:bf:14:ce:
                    37:72:16:44:2d:1f:e0:4c:19:89:a0:27:e8:e5:e2:
                    27:28:14:bf:69:34:77:bd:8f:6a:6a:ed:ea:d4:b9:
                    d2:bc:c8:34:c4:40:31:fc:78:70:98:d7:09:96:56:
                    7d:54:ed:d6:b1:9b:25:31:35:7d:dd:76:3b:f4:c9:
                    79:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:80:B4:E2:89:8A:F1:1F:55:94:19:08:47:18:1D:74:79:63:97:D8
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10ac5d21-ac79-460b-9e20-5ffa366ca0ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:20c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         5d:96:50:82:ad:86:11:43:7b:33:d8:50:74:65:01:62:72:fb:
         8b:c8:66:e0:03:b8:58:b0:0e:11:56:f6:0d:49:79:65:12:f9:
         c0:aa:d9:49:74:cd:8d:c1:7c:73:f7:91:59:f5:74:5c:b3:ab:
         e6:83:f5:8d:03:19:d8:ea:e2:d6:2c:fc:25:7e:ad:86:00:d2:
         13:bb:62:bc:da:6c:77:62:a1:1d:81:81:a5:66:9a:d3:46:76:
         7f:a0:1c:94:3f:05:46:72:97:2e:1a:63:da:c9:84:3b:3c:98:
         7e:6c:86:1d:40:cb:a3:89:4d:25:50:ec:a1:6b:ca:01:58:1e:
         f1:fe:16:83:00:3e:47:22:eb:c1:2b:b5:fe:de:88:06:6c:25:
         3f:92:d4:c6:75:d3:5a:4c:bf:e0:58:52:ee:0c:55:3e:8d:09:
         c7:5c:f2:c2:47:90:97:4d:86:5f:79:c0:2c:72:43:05:ad:0c:
         03:e6:fd:df:01:cf:c8:59:c3:82:57:77:84:f2:85:32:1b:eb:
         88:f2:5f:44:48:5f:01:f6:af:fe:e3:47:58:4c:fc:d7:00:17:
         c2:2e:2e:04:da:15:08:c4:a7:6d:4d:39:60:fd:f3:8c:68:b5:
         88:b4:42:08:3d:75:1d:1f:96:a9:cf:79:3e:c6:94:f6:4f:a6:
         f9:2e:ed:78
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIURKmVhuVsmFlO+6yqd0QPeYCtbtswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMxMTVaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDVmYWUyMWQ0NjJiMjFlZDIyNGNlNGQ1ZjBiYmEwZGQxMTE3MmYxYzZkOThj
N2QzNjliYTgzMGU1MjFhYThmZWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPxmvSyu+iEKcFXaoNqZC5oBySAR0tww4Wesa+o7dTXGoSuTMCve/9xM2pix
IpKDPXOdtTyNYMHXSg4uJR0x/M+Dc9HMPlXYAr+7L0Z7mzI4Xhpz9pRnpjReRClM
3UZulvsB43ZtygzVF7lbA8cM/d157HYO3Ki+GYzY8xxeYbvqCGrrdbTJ3zR4XMu3
uaurvV7LnVffEqvymm9tUHT0NLuKJHbrUh9rqdNPGacLYG/teS4nBeChCwbwhBUK
3+zGvxTON3IWRC0f4EwZiaAn6OXiJygUv2k0d72Pamrt6tS50rzINMRAMfx4cJjX
CZZWfVTt1rGbJTE1fd12O/TJeRcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSxgLTi
iYrxH1WUGQhHGB10eWOX2DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTBhYzVkMjEtYWM3OS00NjBiLTllMjAtNWZmYTM2NmNhMGVkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DUg
wDANBgkqhkiG9w0BAQsFAAOCAQEAXZZQgq2GEUN7M9hQdGUBYnL7i8hm4AO4WLAO
EVb2DUl5ZRL5wKrZSXTNjcF8c/eRWfV0XLOr5oP1jQMZ2Ori1iz8JX6thgDSE7ti
vNpsd2KhHYGBpWaa00Z2f6AclD8FRnKXLhpj2smEOzyYfmyGHUDLo4lNJVDsoWvK
AVge8f4WgwA+RyLrwSu1/t6IBmwlP5LUxnXTWky/4FhS7gxVPo0Jx1zywkeQl02G
X3nALHJDBa0MA+b93wHPyFnDgld3hPKFMhvriPJfREhfAfav/uNHWEz81wAXwi4u
BNoVCMSnbU05YP3zjGi1iLRCCD11HR+Wqc95PsaU9k+m+S7teA==
-----END CERTIFICATE-----