Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a8d9e14-cfa9-4400-afa8-b8c0d9eee4e4.roa
File:                     1a8d9e14-cfa9-4400-afa8-b8c0d9eee4e4.roa (raw, json)
Hash identifier:          VmVLMaaiVHDLVPwGH56Ay/p+N/2E/BsdWSCpLDr1FMA=
Subject key identifier:   7B:92:CB:DD:77:5C:2D:99:3B:48:D7:16:43:30:56:FD:51:42:3E:D9
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4949DB55026419515C8A4FDCF16785CDE4DAF4A7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a8d9e14-cfa9-4400-afa8-b8c0d9eee4e4.roa
Signing time:             Mon 31 Mar 2025 19:50:57 +0000
ROA not before:           Mon 31 Mar 2025 19:50:57 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d072:8080::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:49:db:55:02:64:19:51:5c:8a:4f:dc:f1:67:85:cd:e4:da:f4:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:50:57 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:89:e4:4f:3c:12:5a:d9:c5:13:3f:6e:73:f8:
                    2b:be:74:6b:ba:8d:4f:a4:ca:53:a8:04:ab:25:8a:
                    1a:80:8a:37:f6:db:85:1d:01:b9:37:0a:a0:75:24:
                    ce:c9:4e:9c:1f:aa:3c:80:3b:19:74:21:cb:a5:9b:
                    4d:08:e1:26:6a:b1:1f:79:72:7b:33:d0:7d:99:99:
                    39:52:48:ac:c2:97:9c:44:e8:f9:f1:5a:3f:1c:7b:
                    c3:5a:dd:95:c0:e5:30:90:cd:b6:8e:a3:b3:13:05:
                    01:c0:12:8d:a3:12:90:ca:66:7c:c0:9f:01:75:9c:
                    f6:f8:fe:6b:d0:6f:32:13:1e:89:3d:fd:1b:25:3e:
                    03:4b:0e:e3:a0:52:29:f4:fb:33:26:b1:7d:dc:c3:
                    35:f2:40:0b:d9:f2:7d:89:41:2b:91:ee:b3:e7:cb:
                    90:da:b0:e6:88:91:54:4f:4b:80:b4:8e:de:d7:44:
                    a0:1b:b7:b0:94:19:7d:7c:35:9c:23:cb:53:d8:bb:
                    04:60:40:7a:fc:c6:e0:6a:de:f2:3d:c9:69:73:00:
                    8e:0c:af:3c:af:20:e5:13:fb:dd:16:33:7c:1a:51:
                    a5:32:c7:96:7b:18:3b:92:88:fe:24:5f:a9:9a:64:
                    2d:9e:7a:c5:e8:81:fd:02:c6:bd:41:c7:f7:74:5b:
                    23:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:92:CB:DD:77:5C:2D:99:3B:48:D7:16:43:30:56:FD:51:42:3E:D9
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a8d9e14-cfa9-4400-afa8-b8c0d9eee4e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d072:8080::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:6c:26:bc:bd:e0:78:b1:81:69:7c:b4:17:d5:f8:41:83:12:
         4a:16:5f:fe:e0:7f:f2:26:44:30:fa:2d:d9:f2:6d:c8:c9:ae:
         62:64:a5:9d:bb:ba:56:f9:17:81:3c:6e:d5:23:b3:b1:fe:04:
         ee:b5:9e:b0:8b:57:29:e3:23:1d:64:52:6c:73:1a:d5:9b:32:
         7b:87:10:ea:47:a7:54:ec:c7:86:a1:a9:c0:2f:08:df:30:b7:
         e6:c2:50:68:2c:af:8c:f5:73:b8:c5:f4:79:42:b7:02:20:64:
         14:40:06:ce:61:67:f1:cc:60:f7:22:66:02:b3:c7:e1:61:70:
         0e:23:9e:3a:0d:3a:63:05:bd:29:08:1d:6a:91:34:6e:06:24:
         c3:c4:2b:cd:a0:d8:cf:61:50:24:13:b4:10:27:e6:d7:ae:fa:
         2f:c6:c4:1a:39:53:31:cc:84:a4:a2:89:fe:8f:1b:bb:4e:53:
         30:98:da:bb:60:96:41:00:c0:a5:31:fe:06:93:44:24:8a:25:
         e8:60:64:a9:21:83:ce:20:67:19:35:df:72:c6:3d:03:3e:cb:
         85:d3:3b:cd:9c:6d:ad:8c:c9:85:2c:bd:ca:97:50:c7:10:2c:
         94:4d:d0:f9:fe:0a:e5:b6:3e:f6:95:99:f5:70:22:74:69:fd:
         ca:e7:4e:66
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUSUnbVQJkGVFcik/c8WeFzeTa9KcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTUwNTdaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDE1Yjg1YWQyMTFiMjU2MzYzMjkxNzMxZTFmOTU3ZmFlZjkwZDExM2IyZTZj
OTE5MjVhMTAzMTM3NTY4Y2Y5MzYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIeJ5E88ElrZxRM/bnP4K750a7qNT6TKU6gEqyWKGoCKN/bbhR0BuTcKoHUk
zslOnB+qPIA7GXQhy6WbTQjhJmqxH3lyezPQfZmZOVJIrMKXnETo+fFaPxx7w1rd
lcDlMJDNto6jsxMFAcASjaMSkMpmfMCfAXWc9vj+a9BvMhMeiT39GyU+A0sO46BS
KfT7MyaxfdzDNfJAC9nyfYlBK5Hus+fLkNqw5oiRVE9LgLSO3tdEoBu3sJQZfXw1
nCPLU9i7BGBAevzG4Gre8j3JaXMAjgyvPK8g5RP73RYzfBpRpTLHlnsYO5KI/iRf
qZpkLZ56xeiB/QLGvUHH93RbI40CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBR7ksvd
d1wtmTtI1xZDMFb9UUI+2TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWE4ZDllMTQtY2ZhOS00NDAwLWFmYTgtYjhjMGQ5ZWVlNGU0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HKA
gDANBgkqhkiG9w0BAQsFAAOCAQEAVmwmvL3geLGBaXy0F9X4QYMSShZf/uB/8iZE
MPot2fJtyMmuYmSlnbu6VvkXgTxu1SOzsf4E7rWesItXKeMjHWRSbHMa1Zsye4cQ
6kenVOzHhqGpwC8I3zC35sJQaCyvjPVzuMX0eUK3AiBkFEAGzmFn8cxg9yJmArPH
4WFwDiOeOg06YwW9KQgdapE0bgYkw8QrzaDYz2FQJBO0ECfm1676L8bEGjlTMcyE
pKKJ/o8bu05TMJjau2CWQQDApTH+BpNEJIol6GBkqSGDziBnGTXfcsY9Az7LhdM7
zZxtrYzJhSy9ypdQxxAslE3Q+f4K5bY+9pWZ9XAidGn9yudOZg==
-----END CERTIFICATE-----