Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/144286ab-f239-401f-a4ef-706749b0d570.roa
File:                     144286ab-f239-401f-a4ef-706749b0d570.roa (raw, json)
Hash identifier:          WDgaNykIt2TGDadG8ngJ549XUCw2WaUZ9soYcZYeSP8=
Subject key identifier:   C6:E5:D9:4B:D7:5A:5D:89:9A:93:18:0A:41:2E:57:5C:47:05:89:A7
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1C704EF3D8A433EF48A8501A7237FF333C671D12
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/144286ab-f239-401f-a4ef-706749b0d570.roa
Signing time:             Mon 31 Mar 2025 19:10:02 +0000
ROA not before:           Mon 31 Mar 2025 19:10:02 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d038:80c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:70:4e:f3:d8:a4:33:ef:48:a8:50:1a:72:37:ff:33:3c:67:1d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:10:02 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:9b:d5:ab:4a:0b:06:20:3a:44:1e:19:a7:6b:
                    10:5a:b5:26:b7:dd:66:d5:95:cb:d0:ef:b2:92:1e:
                    fa:a6:67:a3:d1:f4:48:f6:e6:81:7e:a7:67:d0:f4:
                    60:14:63:65:62:fc:3a:f6:c2:06:78:8b:84:9f:e9:
                    a5:00:15:d7:79:16:ab:15:5a:9f:f1:e9:74:5a:39:
                    2d:a9:12:11:33:91:a2:bc:8a:e2:ab:b1:1f:5b:93:
                    f9:1c:c2:63:d1:dc:18:24:3d:f3:c2:cd:9b:b3:7a:
                    a6:1e:e8:e3:1a:24:4a:51:8c:ee:2d:46:2e:e2:2c:
                    af:69:44:9a:62:6a:c3:6f:00:8d:cf:8c:c1:05:02:
                    8c:bb:eb:b3:c9:51:1e:ce:cc:8a:f2:dc:81:c6:50:
                    b8:dd:93:13:cd:38:18:a5:9f:a0:d1:88:dd:ab:a3:
                    36:c9:89:83:ce:e2:fe:32:ea:c8:0a:3d:c1:a6:40:
                    34:12:34:8e:ed:d3:fe:bd:77:f9:66:db:c3:93:6c:
                    47:ae:94:80:82:66:66:b2:92:fe:4d:f1:66:5e:3a:
                    df:fb:d9:de:29:e6:3b:6d:22:89:36:5a:46:5d:0c:
                    0e:f6:33:16:65:bd:47:60:95:35:4d:30:c9:b3:d2:
                    57:bf:46:f9:c5:77:e5:57:d0:1b:61:62:24:45:81:
                    1c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:E5:D9:4B:D7:5A:5D:89:9A:93:18:0A:41:2E:57:5C:47:05:89:A7
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/144286ab-f239-401f-a4ef-706749b0d570.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d038:80c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         b9:d2:b7:00:b3:c3:7f:76:b1:10:5c:d3:47:6d:5b:f5:e8:9d:
         0e:91:62:b9:7e:54:ed:90:30:26:b3:20:ea:69:e1:ce:0a:8b:
         4f:e4:69:c9:7d:f4:d1:5f:a9:ec:86:7c:aa:e1:8b:d9:8f:59:
         62:98:cc:65:63:e1:ab:76:f9:4d:d3:65:59:9d:c3:8f:26:74:
         5a:fd:b0:0e:04:26:46:46:f1:f4:01:8f:1a:d7:1d:2a:68:05:
         31:55:bd:d8:08:a0:04:3a:6a:0e:8c:78:bc:59:1b:2f:32:31:
         f9:4f:5f:cc:3d:d8:c6:00:51:f5:01:22:3e:2f:43:ca:0d:30:
         68:80:34:5c:3f:ae:88:51:cd:94:b5:f4:63:95:74:c2:05:d9:
         35:f5:77:b9:d6:6c:4c:ee:0b:d7:69:72:96:78:17:9f:d4:65:
         1c:c3:19:e3:7b:48:49:8b:c3:dc:20:e1:65:de:e3:81:ca:db:
         4d:48:15:98:3f:c7:44:50:e3:c2:41:9d:47:c5:a7:22:c0:cb:
         6a:ee:7a:ce:7c:be:ba:fa:68:77:06:b8:5d:63:be:9c:49:62:
         47:89:6b:10:0c:c1:95:5d:3c:35:ad:68:ad:e9:85:31:6b:71:
         b8:b6:ae:9d:61:fe:a1:4d:fd:e6:ae:d7:dc:85:73:01:9c:68:
         ac:f1:50:83
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUHHBO89ikM+9IqFAacjf/MzxnHRIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTEwMDJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDM4YjQ5YjNmMzNjYmM4MWI1Y2ZlY2VkNjYxMTExZWMyY2VkNjE2MjFjOGMw
NDBjMzgzMGYwYjE0MWZlYjgwZjExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOKb1atKCwYgOkQeGadrEFq1JrfdZtWVy9DvspIe+qZno9H0SPbmgX6nZ9D0
YBRjZWL8OvbCBniLhJ/ppQAV13kWqxVan/HpdFo5LakSETORoryK4quxH1uT+RzC
Y9HcGCQ988LNm7N6ph7o4xokSlGM7i1GLuIsr2lEmmJqw28Ajc+MwQUCjLvrs8lR
Hs7MivLcgcZQuN2TE804GKWfoNGI3aujNsmJg87i/jLqyAo9waZANBI0ju3T/r13
+Wbbw5NsR66UgIJmZrKS/k3xZl463/vZ3inmO20iiTZaRl0MDvYzFmW9R2CVNU0w
ybPSV79G+cV35VfQG2FiJEWBHH8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTG5dlL
11pdiZqTGApBLldcRwWJpzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTQ0Mjg2YWItZjIzOS00MDFmLWE0ZWYtNzA2NzQ5YjBkNTcwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DiA
wDANBgkqhkiG9w0BAQsFAAOCAQEAudK3ALPDf3axEFzTR21b9eidDpFiuX5U7ZAw
JrMg6mnhzgqLT+RpyX300V+p7IZ8quGL2Y9ZYpjMZWPhq3b5TdNlWZ3DjyZ0Wv2w
DgQmRkbx9AGPGtcdKmgFMVW92AigBDpqDox4vFkbLzIx+U9fzD3YxgBR9QEiPi9D
yg0waIA0XD+uiFHNlLX0Y5V0wgXZNfV3udZsTO4L12lylngXn9RlHMMZ43tISYvD
3CDhZd7jgcrbTUgVmD/HRFDjwkGdR8WnIsDLau56zny+uvpodwa4XWO+nEliR4lr
EAzBlV08Na1oremFMWtxuLaunWH+oU395q7X3IVzAZxorPFQgw==
-----END CERTIFICATE-----