Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/19a27d9f-3cc9-4ac4-9afb-399f66bee60b.roa
File:                     19a27d9f-3cc9-4ac4-9afb-399f66bee60b.roa (raw, json)
Hash identifier:          qmFysAZADM9VankDNrgLfiQL/qoxx2ZLG+VNy1rXFl0=
Subject key identifier:   FE:48:C8:FF:69:D7:3B:FA:88:2A:42:CC:E7:E9:4E:27:C8:CF:AC:0F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       34058437B4952DEBA917C1894B65CA7DC6792663
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/19a27d9f-3cc9-4ac4-9afb-399f66bee60b.roa
Signing time:             Mon 31 Mar 2025 19:10:12 +0000
ROA not before:           Mon 31 Mar 2025 19:10:12 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:5080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:05:84:37:b4:95:2d:eb:a9:17:c1:89:4b:65:ca:7d:c6:79:26:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:10:12 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a0:65:e1:e7:c9:db:0d:5c:41:12:f7:4d:58:
                    45:30:d4:30:4d:42:30:ee:93:09:f2:da:60:63:30:
                    27:83:d2:1e:88:56:a2:0a:55:d6:24:15:6f:b5:03:
                    ff:df:b3:14:17:af:66:d7:72:00:9e:7d:c4:70:1b:
                    4d:cf:70:9f:16:1e:b3:ca:36:48:e1:c8:93:c3:e4:
                    97:be:0c:ee:48:29:e6:71:82:4c:07:e5:8a:de:cc:
                    bb:8c:99:f8:a7:ed:02:30:a8:5e:5d:9d:bd:8c:9c:
                    ff:2f:18:8c:8b:a3:82:ce:df:62:2b:22:4b:0f:57:
                    98:27:4b:36:06:21:2a:76:6a:4e:10:a7:70:15:cd:
                    6f:80:48:38:02:03:24:dc:d7:fb:5e:0f:4d:d5:ff:
                    f3:41:1c:46:82:cd:c6:d5:ff:a6:11:37:c8:c5:6e:
                    ac:23:b4:1d:9f:4a:33:db:33:8b:d9:9d:81:40:90:
                    c5:3a:77:4d:b1:85:85:8b:bc:88:54:32:36:8b:2a:
                    e1:63:ae:c6:ed:04:ec:8b:b2:bb:9e:ff:0a:db:e6:
                    0a:35:4f:0a:3d:a7:08:a4:ab:bc:b4:d0:79:88:f1:
                    81:49:55:c5:e4:0e:22:cc:70:a5:b8:ce:80:ca:0d:
                    bc:75:ef:7f:52:e3:3c:4b:0b:65:e5:5d:e5:a3:cd:
                    e3:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:48:C8:FF:69:D7:3B:FA:88:2A:42:CC:E7:E9:4E:27:C8:CF:AC:0F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/19a27d9f-3cc9-4ac4-9afb-399f66bee60b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:5080::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:b7:c6:d0:56:ed:06:b2:3a:89:93:b1:df:3a:cb:03:88:e6:
         be:b3:2c:db:05:d9:78:e9:bb:e5:66:50:89:1f:ce:98:e4:cc:
         6f:78:55:ad:c6:a4:6f:a7:7a:ff:b9:4b:b5:49:24:f6:45:46:
         db:39:73:9d:bb:09:d0:e6:2a:94:fd:72:ea:b2:24:2c:92:72:
         7a:e8:bd:b4:31:c4:6c:c9:13:85:71:e1:8a:93:2c:2a:5f:7b:
         4e:7a:f2:bf:c5:fe:59:f7:7e:7b:16:9c:64:b1:6f:ca:99:32:
         ad:f3:5c:47:02:e7:91:2a:6f:18:24:e2:de:3d:67:39:44:cd:
         3e:7d:88:c5:54:e8:c4:bf:f8:cf:5b:a2:23:3a:85:42:ee:d9:
         71:71:11:52:79:81:d8:eb:68:74:0b:79:df:98:47:73:05:96:
         c8:74:b5:61:c5:64:2a:8c:5a:75:a5:a1:2c:d3:a0:0d:d8:c0:
         da:b8:63:ab:4e:e9:9f:b4:9d:4c:40:26:71:8c:08:30:b5:29:
         95:b1:d3:87:b9:f4:85:1f:27:d1:dd:1b:b8:3d:cd:53:a5:88:
         5b:4a:cf:69:05:d0:eb:8f:a5:cb:64:f0:03:24:ad:67:d5:9f:
         23:72:f0:53:2a:5f:b2:33:9f:0e:dc:f2:28:8c:0c:fb:d9:3b:
         1e:dd:fb:92
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUNAWEN7SVLeupF8GJS2XKfcZ5JmMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTEwMTJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDhlZGFmOTg4NTI5ZjJlMzIzMTRkMTY0MTRiMTQ4ZmEzYWYyZWIzNDc1NDYw
M2Y4MmY1MmYyNGNiNGYxOThjZDIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALagZeHnydsNXEES901YRTDUME1CMO6TCfLaYGMwJ4PSHohWogpV1iQVb7UD
/9+zFBevZtdyAJ59xHAbTc9wnxYes8o2SOHIk8Pkl74M7kgp5nGCTAflit7Mu4yZ
+KftAjCoXl2dvYyc/y8YjIujgs7fYisiSw9XmCdLNgYhKnZqThCncBXNb4BIOAID
JNzX+14PTdX/80EcRoLNxtX/phE3yMVurCO0HZ9KM9szi9mdgUCQxTp3TbGFhYu8
iFQyNosq4WOuxu0E7Iuyu57/CtvmCjVPCj2nCKSrvLTQeYjxgUlVxeQOIsxwpbjO
gMoNvHXvf1LjPEsLZeVd5aPN498CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT+SMj/
adc7+ogqQszn6U4nyM+sDzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTlhMjdkOWYtM2NjOS00YWM0LTlhZmItMzk5ZjY2YmVlNjBiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H9Q
gDANBgkqhkiG9w0BAQsFAAOCAQEAJbfG0FbtBrI6iZOx3zrLA4jmvrMs2wXZeOm7
5WZQiR/OmOTMb3hVrcakb6d6/7lLtUkk9kVG2zlznbsJ0OYqlP1y6rIkLJJyeui9
tDHEbMkThXHhipMsKl97Tnryv8X+Wfd+exacZLFvypkyrfNcRwLnkSpvGCTi3j1n
OUTNPn2IxVToxL/4z1uiIzqFQu7ZcXERUnmB2OtodAt535hHcwWWyHS1YcVkKoxa
daWhLNOgDdjA2rhjq07pn7SdTEAmcYwIMLUplbHTh7n0hR8n0d0buD3NU6WIW0rP
aQXQ64+ly2TwAyStZ9WfI3LwUypfsjOfDtzyKIwM+9k7Ht37kg==
-----END CERTIFICATE-----