Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/11f67075-d744-49be-809b-fca0d72c41e0.roa
File:                     11f67075-d744-49be-809b-fca0d72c41e0.roa (raw, json)
Hash identifier:          kIJOUPAfoz9pfxofUIuzsUKzU8Nm3A7HwQG59mu3JsQ=
Subject key identifier:   10:47:1B:47:75:E2:BF:A5:C8:B2:2B:13:BE:47:2A:70:43:25:C5:D8
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       48B7479917C308815BA9EF2BEF31A21DB7012CB7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/11f67075-d744-49be-809b-fca0d72c41e0.roa
Signing time:             Mon 31 Mar 2025 20:40:42 +0000
ROA not before:           Mon 31 Mar 2025 20:40:42 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d078:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:b7:47:99:17:c3:08:81:5b:a9:ef:2b:ef:31:a2:1d:b7:01:2c:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:40:42 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:23:74:76:b3:13:6c:81:70:89:a9:e2:ba:9e:
                    db:2d:66:e4:0d:0f:64:be:bb:88:95:05:8f:72:00:
                    e5:f9:35:0d:16:7a:b0:9b:58:ef:97:03:de:33:9b:
                    d3:d0:5c:d6:8d:db:68:be:a7:e5:07:7b:40:ba:b6:
                    26:1a:fd:f9:41:11:96:98:05:f4:35:5c:f2:d5:54:
                    ae:71:16:7f:f3:a8:d1:c0:81:cb:55:ee:08:5b:4f:
                    29:da:86:3a:bb:4b:46:98:0a:da:54:b7:df:9b:41:
                    18:06:d3:b4:72:47:7a:c4:9e:ed:12:e2:d6:98:29:
                    7d:ef:5b:e7:25:39:c7:03:d9:85:fb:10:b4:17:6c:
                    43:c8:a0:1b:34:cf:20:c1:4e:f8:08:c6:29:6c:0d:
                    04:2a:21:51:bd:e1:36:c7:77:2e:ef:21:c9:e8:4b:
                    7b:77:1a:f0:df:58:b3:e3:08:c8:f1:dd:89:26:6d:
                    0a:21:8e:07:2f:5a:86:3d:5d:a7:43:88:67:55:83:
                    3d:9e:ee:05:4d:aa:9a:14:e5:8a:d6:a6:4b:8c:8d:
                    68:8c:8a:29:44:8c:60:b5:fe:de:26:8f:13:da:ab:
                    1f:39:d8:26:1d:e6:e1:10:eb:bc:bc:09:32:27:2e:
                    ab:15:34:6b:55:b0:44:0c:12:bb:79:41:90:00:35:
                    ab:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:47:1B:47:75:E2:BF:A5:C8:B2:2B:13:BE:47:2A:70:43:25:C5:D8
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/11f67075-d744-49be-809b-fca0d72c41e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d078:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         81:33:8c:db:f1:6d:c7:19:0f:75:17:f5:1d:3f:8d:ac:5c:38:
         68:b5:32:7b:69:3c:a1:66:34:93:aa:00:16:c6:c7:3b:c7:b0:
         6d:d4:42:65:8d:e3:aa:a7:30:02:ef:bc:53:47:35:43:be:39:
         ee:8c:71:77:00:e0:30:e5:80:ef:6c:b2:eb:fa:bc:8b:1f:eb:
         ea:7a:d1:4a:c4:6a:77:7f:55:ad:65:a1:c3:7d:72:88:f1:64:
         69:d7:28:9b:b6:c2:56:2b:bf:40:af:3d:d2:72:88:cf:21:35:
         52:36:c7:25:e7:8e:e9:25:c3:d7:38:56:7f:48:d7:d1:b7:81:
         c5:d9:3b:5f:07:c5:e7:d0:8a:62:ba:77:78:28:2f:f4:1c:d7:
         80:a6:e9:43:b7:8f:ae:48:b6:0b:c2:47:7a:33:aa:ba:d0:48:
         49:db:9a:09:27:80:f7:9c:84:37:f3:bb:fc:96:dd:81:d4:6a:
         4f:a6:03:89:0e:56:b3:4f:81:21:8e:20:4c:4a:74:d6:3f:76:
         84:ec:8c:ed:8d:e5:85:f3:91:4e:0f:cd:57:cd:83:aa:75:86:
         5c:2c:b4:ab:bf:86:32:0c:9a:e3:08:58:59:b6:1f:52:78:a8:
         96:ed:e5:f5:14:a3:3d:10:9f:5f:d8:d8:c3:c4:b8:5c:e1:af:
         cc:a3:37:5b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUSLdHmRfDCIFbqe8r7zGiHbcBLLcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDQwNDJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDY4ZTI1NzhmMTJlMjM4YWJmZDkwNTlmMDlkM2I2NjViN2Y4NTgzYWE4YjAx
MTNlZTdkNGE1M2Y5NzY2ODRlNmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ4jdHazE2yBcImp4rqe2y1m5A0PZL67iJUFj3IA5fk1DRZ6sJtY75cD3jOb
09Bc1o3baL6n5Qd7QLq2Jhr9+UERlpgF9DVc8tVUrnEWf/Oo0cCBy1XuCFtPKdqG
OrtLRpgK2lS335tBGAbTtHJHesSe7RLi1pgpfe9b5yU5xwPZhfsQtBdsQ8igGzTP
IMFO+AjGKWwNBCohUb3hNsd3Lu8hyehLe3ca8N9Ys+MIyPHdiSZtCiGOBy9ahj1d
p0OIZ1WDPZ7uBU2qmhTlitamS4yNaIyKKUSMYLX+3iaPE9qrHznYJh3m4RDrvLwJ
MicuqxU0a1WwRAwSu3lBkAA1q30CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQQRxtH
deK/pciyKxO+RypwQyXF2DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTFmNjcwNzUtZDc0NC00OWJlLTgwOWItZmNhMGQ3MmM0MWUwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hgg
MA0GCSqGSIb3DQEBCwUAA4IBAQCBM4zb8W3HGQ91F/UdP42sXDhotTJ7aTyhZjST
qgAWxsc7x7Bt1EJljeOqpzAC77xTRzVDvjnujHF3AOAw5YDvbLLr+ryLH+vqetFK
xGp3f1WtZaHDfXKI8WRp1yibtsJWK79Arz3ScojPITVSNscl547pJcPXOFZ/SNfR
t4HF2TtfB8Xn0Ipiund4KC/0HNeApulDt4+uSLYLwkd6M6q60EhJ25oJJ4D3nIQ3
87v8lt2B1GpPpgOJDlazT4EhjiBMSnTWP3aE7IztjeWF85FOD81XzYOqdYZcLLSr
v4YyDJrjCFhZth9SeKiW7eX1FKM9EJ9f2NjDxLhc4a/Mozdb
-----END CERTIFICATE-----