Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1cce4de7-2873-45f2-8bca-ceae18748090.roa
File:                     1cce4de7-2873-45f2-8bca-ceae18748090.roa (raw, json)
Hash identifier:          STZGz4W4HhlopJSkns3BGD48eH2eWePVWrfA/hx4B8w=
Subject key identifier:   A6:7C:8B:0D:02:79:43:FF:46:5A:5D:1C:4E:1C:8E:09:19:46:EB:E2
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       44438ABAB86AE7683B1CE7DE63D360F66522216B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1cce4de7-2873-45f2-8bca-ceae18748090.roa
Signing time:             Mon 31 Mar 2025 20:20:02 +0000
ROA not before:           Mon 31 Mar 2025 20:20:02 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07b:2040::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:43:8a:ba:b8:6a:e7:68:3b:1c:e7:de:63:d3:60:f6:65:22:21:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:20:02 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c1:a9:e4:79:c1:83:e6:a0:7e:81:f8:3d:73:
                    7e:25:cd:a8:55:11:13:d6:34:bf:ce:37:52:2b:15:
                    c0:b4:a4:dc:9e:b4:da:8c:a5:84:14:1b:ce:f4:49:
                    7b:f5:00:02:56:6c:9b:9d:32:99:04:d4:be:de:39:
                    ac:ee:c3:9d:56:b7:9c:93:fa:88:64:11:8b:d1:f4:
                    22:97:6a:e1:b5:85:bb:32:9f:ac:31:cf:a3:2d:48:
                    82:76:a3:b2:5f:99:16:1c:df:25:82:28:ad:65:7b:
                    f4:50:ef:e6:60:26:69:1d:2e:ce:20:e4:14:ee:3b:
                    e9:80:73:b3:e7:f7:89:3c:6f:29:d3:83:9a:e9:6c:
                    ae:4e:e6:3d:9f:e4:76:77:17:61:39:73:36:4e:1a:
                    a1:7f:9a:66:06:33:9a:c5:50:e7:ab:ef:ec:33:f5:
                    aa:73:64:f3:a1:38:bd:2e:19:a3:30:51:8e:64:55:
                    fb:52:4f:0c:c5:5e:14:ca:fb:6e:3b:71:e3:5c:84:
                    91:73:5d:de:4a:32:2a:f9:d0:cf:30:9b:fc:ee:58:
                    40:f2:ea:d9:0a:cc:23:7b:ac:24:0a:ad:9a:88:72:
                    83:48:3d:5c:cd:a8:40:ff:d2:54:4f:c7:49:e5:5d:
                    f7:9d:da:27:86:20:cf:1e:1a:45:03:46:3f:70:0a:
                    15:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:7C:8B:0D:02:79:43:FF:46:5A:5D:1C:4E:1C:8E:09:19:46:EB:E2
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1cce4de7-2873-45f2-8bca-ceae18748090.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07b:2040::/46

    Signature Algorithm: sha256WithRSAEncryption
         30:69:a2:2f:7b:2c:89:dc:be:61:61:1a:83:5f:f3:3d:02:25:
         42:3b:40:14:9c:eb:75:54:2d:44:9c:a3:1e:d9:16:cd:91:2d:
         70:0f:e8:3c:b2:af:cd:04:a7:f0:5e:9b:f7:10:2d:7c:58:20:
         af:42:eb:65:5f:3d:d6:35:2e:f6:09:ad:6d:8f:b4:97:c6:75:
         11:80:2c:a4:2c:d6:df:a5:d5:57:9f:60:1f:f9:5a:c4:1c:31:
         10:0d:a9:51:41:16:95:a5:4b:82:6f:07:d2:21:b0:ad:93:b8:
         b6:82:b1:42:b5:a9:b4:9c:52:21:98:6c:1f:48:44:22:7d:50:
         a1:74:98:1a:db:30:52:b3:98:89:4b:92:04:69:cb:c8:69:f4:
         0d:6e:49:4d:81:67:1e:bb:02:b2:b8:ee:06:20:ca:5f:ab:8c:
         d1:3f:9f:c8:0b:dc:29:54:18:4b:41:c3:7b:60:29:32:47:2c:
         3a:85:88:d0:93:d3:d1:c0:de:79:09:39:1b:99:d5:da:c8:0d:
         ab:9b:c3:78:4a:5f:7b:73:93:76:4d:54:27:0c:ab:6d:d8:39:
         92:68:7d:68:ff:15:3b:f4:ea:e5:38:f5:66:77:40:52:23:bd:
         f5:54:ce:3c:ab:e5:4b:76:a5:b9:a1:27:c8:98:b1:8c:dd:18:
         82:f6:24:d4
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUREOKurhq52g7HOfeY9Ng9mUiIWswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDIwMDJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGM4MjIxZTE0MjU5YTYwMDVmZmVjYTNkYzQzYjEyMWI1NmQwZWEwOTc4MWY0
MmQ4YzBhYmUxYmIwMDhlYjdkMTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ3BqeR5wYPmoH6B+D1zfiXNqFURE9Y0v843UisVwLSk3J602oylhBQbzvRJ
e/UAAlZsm50ymQTUvt45rO7DnVa3nJP6iGQRi9H0Ipdq4bWFuzKfrDHPoy1Ignaj
sl+ZFhzfJYIorWV79FDv5mAmaR0uziDkFO476YBzs+f3iTxvKdODmulsrk7mPZ/k
dncXYTlzNk4aoX+aZgYzmsVQ56vv7DP1qnNk86E4vS4ZozBRjmRV+1JPDMVeFMr7
bjtx41yEkXNd3koyKvnQzzCb/O5YQPLq2QrMI3usJAqtmohyg0g9XM2oQP/SVE/H
SeVd953aJ4Ygzx4aRQNGP3AKFd8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSmfIsN
AnlD/0ZaXRxOHI4JGUbr4jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWNjZTRkZTctMjg3My00NWYyLThiY2EtY2VhZTE4NzQ4MDkwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0Hsg
QDANBgkqhkiG9w0BAQsFAAOCAQEAMGmiL3ssidy+YWEag1/zPQIlQjtAFJzrdVQt
RJyjHtkWzZEtcA/oPLKvzQSn8F6b9xAtfFggr0LrZV891jUu9gmtbY+0l8Z1EYAs
pCzW36XVV59gH/laxBwxEA2pUUEWlaVLgm8H0iGwrZO4toKxQrWptJxSIZhsH0hE
In1QoXSYGtswUrOYiUuSBGnLyGn0DW5JTYFnHrsCsrjuBiDKX6uM0T+fyAvcKVQY
S0HDe2ApMkcsOoWI0JPT0cDeeQk5G5nV2sgNq5vDeEpfe3OTdk1UJwyrbdg5kmh9
aP8VO/Tq5Tj1ZndAUiO99VTOPKvlS3aluaEnyJixjN0YgvYk1A==
-----END CERTIFICATE-----