Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/117f6e2e-2cfa-4aaf-9a5c-97d19f1e24db.roa
File:                     117f6e2e-2cfa-4aaf-9a5c-97d19f1e24db.roa (raw, json)
Hash identifier:          QbX6/adwXROdlbMnp2Cd+XgqqL61r1SI4hyMsLnz8jU=
Subject key identifier:   F5:B9:53:05:8A:8A:36:51:56:D7:BF:12:E5:72:98:FB:CC:C9:F3:52
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       5F876DAD383234332ADD3EA3E39892C22D0FCDAD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/117f6e2e-2cfa-4aaf-9a5c-97d19f1e24db.roa
Signing time:             Mon 31 Mar 2025 20:21:00 +0000
ROA not before:           Mon 31 Mar 2025 20:21:00 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:a0c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:87:6d:ad:38:32:34:33:2a:dd:3e:a3:e3:98:92:c2:2d:0f:cd:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:21:00 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:79:91:ac:9d:77:9d:74:04:c5:9a:50:1c:41:
                    42:52:be:1a:68:5d:d5:05:62:ae:6b:4f:62:fa:a2:
                    96:97:09:ce:a0:14:58:a1:7c:55:ef:9f:94:03:79:
                    c1:2f:9a:38:87:a6:77:4d:c5:cc:09:ce:45:d3:c9:
                    87:59:39:e0:8b:0d:74:c5:c9:0d:79:53:4b:d9:b5:
                    23:01:80:69:ae:9b:1d:01:66:9e:c2:aa:cc:23:01:
                    93:0e:80:71:97:8b:94:be:3b:2e:76:3f:66:95:50:
                    d4:72:90:df:fc:eb:4a:26:35:3a:aa:5a:61:5b:dc:
                    3c:b5:79:e8:7e:49:b7:d9:c2:41:4a:97:84:ce:1a:
                    3b:0a:ea:cf:28:1d:cb:33:83:73:7f:78:d4:55:27:
                    fd:f1:aa:ff:2e:7f:d6:3d:9f:89:3f:bd:68:62:82:
                    c1:80:81:95:aa:9b:b3:a2:a1:9a:4b:89:96:8e:b9:
                    d4:02:59:8a:88:b8:ea:ba:d0:c6:ae:fa:ee:08:a7:
                    08:fd:67:bd:a3:25:4a:25:8d:a1:81:36:8d:2d:54:
                    8e:2b:7e:4e:bc:8a:ef:75:14:b3:df:bb:cf:16:4f:
                    e1:55:86:9f:56:29:6f:1a:15:ea:33:fe:99:68:30:
                    b9:89:f8:89:b4:6d:2d:51:bd:6b:12:1c:ee:e7:88:
                    e7:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:B9:53:05:8A:8A:36:51:56:D7:BF:12:E5:72:98:FB:CC:C9:F3:52
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/117f6e2e-2cfa-4aaf-9a5c-97d19f1e24db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:a0c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         90:52:1a:5f:00:fd:b7:d8:79:75:e8:88:bb:f6:62:a5:68:b4:
         e4:db:f5:02:33:cb:5d:bc:0a:28:03:e1:96:74:ba:cc:3e:1a:
         e5:16:3c:f1:0e:c5:a3:c5:e2:29:dd:09:05:54:49:ba:b8:c8:
         f5:00:fb:25:d7:30:73:10:ff:45:f2:43:ef:4e:87:bc:85:87:
         17:a8:9a:3b:e3:16:e4:80:95:b4:e5:5f:62:bd:c8:19:6f:bc:
         68:a3:23:a0:1e:0a:95:ab:43:69:b9:74:79:85:be:66:95:61:
         b0:ca:a1:eb:03:8a:cc:4c:db:c0:f4:07:d7:96:d7:73:d1:16:
         43:c6:c8:3b:ad:cf:2d:4d:84:55:19:de:49:cf:b0:0f:c5:4e:
         67:c6:0e:02:90:09:62:8c:29:3e:df:d7:2c:6b:3c:7d:9d:e4:
         df:92:2d:75:a0:1d:d2:bc:1a:46:c5:e7:41:d9:d9:a8:93:35:
         d3:cb:34:6c:04:c8:6e:2c:e0:82:0a:b5:74:ca:ec:ec:4e:66:
         56:c9:39:5d:37:7c:ed:4f:38:52:f0:9f:7a:44:60:ad:ed:22:
         d9:23:a1:5d:cb:33:be:e5:e1:54:31:72:c7:47:2c:37:65:13:
         2d:c6:30:04:ab:b8:1b:d4:ee:49:4b:db:77:3c:68:16:8c:15:
         8d:f0:36:52
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUX4dtrTgyNDMq3T6j45iSwi0Pza0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDIxMDBaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDczMGUyODg3YTQyNDQ1ZmIyMzY1YTAwYjFjNTVjYjVkYmQ3YThlNjU1MDgy
MTFhMDA3NDc1ZTAyNzU5ZWNjOTQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALR5kaydd510BMWaUBxBQlK+Gmhd1QVirmtPYvqilpcJzqAUWKF8Ve+flAN5
wS+aOIemd03FzAnORdPJh1k54IsNdMXJDXlTS9m1IwGAaa6bHQFmnsKqzCMBkw6A
cZeLlL47LnY/ZpVQ1HKQ3/zrSiY1OqpaYVvcPLV56H5Jt9nCQUqXhM4aOwrqzygd
yzODc3941FUn/fGq/y5/1j2fiT+9aGKCwYCBlaqbs6KhmkuJlo651AJZioi46rrQ
xq767ginCP1nvaMlSiWNoYE2jS1Ujit+TryK73UUs9+7zxZP4VWGn1YpbxoV6jP+
mWgwuYn4ibRtLVG9axIc7ueI590CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT1uVMF
ioo2UVbXvxLlcpj7zMnzUjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTE3ZjZlMmUtMmNmYS00YWFmLTlhNWMtOTdkMTlmMWUyNGRiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0Heg
wDANBgkqhkiG9w0BAQsFAAOCAQEAkFIaXwD9t9h5deiIu/ZipWi05Nv1AjPLXbwK
KAPhlnS6zD4a5RY88Q7Fo8XiKd0JBVRJurjI9QD7JdcwcxD/RfJD706HvIWHF6ia
O+MW5ICVtOVfYr3IGW+8aKMjoB4KlatDabl0eYW+ZpVhsMqh6wOKzEzbwPQH15bX
c9EWQ8bIO63PLU2EVRneSc+wD8VOZ8YOApAJYowpPt/XLGs8fZ3k35ItdaAd0rwa
RsXnQdnZqJM108s0bATIbizgggq1dMrs7E5mVsk5XTd87U84UvCfekRgre0i2SOh
XcszvuXhVDFyx0csN2UTLcYwBKu4G9TuSUvbdzxoFowVjfA2Ug==
-----END CERTIFICATE-----