Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ccfa364-07ab-4a5e-81a9-99f9d6b3a067.roa
File:                     1ccfa364-07ab-4a5e-81a9-99f9d6b3a067.roa (raw, json)
Hash identifier:          KPSrYIqbg1OQ5z9OeFAq/pVfwPdqYsTfA5c43YpJN8A=
Subject key identifier:   B8:8F:4A:EB:69:FC:2D:58:34:7E:CD:2B:A8:78:D6:A8:97:A5:52:1D
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2E2C2D4F1A628ED87D7E8526D560FB29C572AD8C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ccfa364-07ab-4a5e-81a9-99f9d6b3a067.roa
Signing time:             Wed 02 Apr 2025 00:30:29 +0000
ROA not before:           Wed 02 Apr 2025 00:30:29 +0000
ROA not after:            Wed 07 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d06f:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:2c:2d:4f:1a:62:8e:d8:7d:7e:85:26:d5:60:fb:29:c5:72:ad:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  2 00:30:29 2025 GMT
            Not After : May  7 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:73:48:fd:71:ef:01:40:ba:54:ad:35:13:0e:
                    42:0b:01:39:65:91:aa:4a:f1:a7:c9:b3:50:86:be:
                    a7:2f:32:bb:fa:51:10:ef:ef:44:6b:59:53:25:8b:
                    bc:e1:66:ae:8f:7e:52:0e:6a:a6:84:8f:5b:4d:01:
                    5d:0a:e5:8a:41:76:5a:61:28:99:16:04:1f:42:58:
                    01:a2:be:07:bd:94:3c:c3:d0:7c:76:28:f1:55:30:
                    1d:cb:91:1b:61:0d:76:02:08:63:e9:a2:be:ed:75:
                    63:c3:85:6f:c5:6f:ba:03:dd:9b:14:83:49:b4:17:
                    7e:0c:6b:57:29:02:32:37:63:b2:2e:8f:46:0c:46:
                    6e:de:7a:c3:63:08:41:11:be:80:80:2b:aa:c3:bf:
                    8c:76:5f:29:04:47:d2:2c:df:f9:95:cf:6c:cb:a9:
                    43:a4:b7:80:0b:35:bc:01:21:47:93:14:d4:86:bb:
                    08:1b:ba:80:fd:7b:cb:38:d3:05:0e:89:29:d3:b4:
                    25:c8:c7:60:d0:fd:19:4c:c5:15:93:1c:9a:72:fa:
                    1b:b6:0c:70:42:fe:03:44:57:53:f2:75:b8:3b:d0:
                    46:5f:91:bc:57:b6:10:5c:f3:27:65:29:6f:7a:97:
                    51:45:21:fb:3f:91:03:68:11:b1:c8:82:eb:6b:2c:
                    c9:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:8F:4A:EB:69:FC:2D:58:34:7E:CD:2B:A8:78:D6:A8:97:A5:52:1D
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ccfa364-07ab-4a5e-81a9-99f9d6b3a067.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d06f:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         96:fc:c3:1e:86:af:9c:28:1e:af:9f:6a:52:20:d3:a9:7b:87:
         06:74:13:30:69:5f:a3:ab:e5:27:ea:d5:01:52:24:b5:59:1d:
         1a:4f:47:89:40:1f:ca:5e:12:fc:7a:cb:b5:3b:32:7e:a3:06:
         bb:49:db:6a:d7:11:1f:5b:c5:49:b0:b4:09:44:e8:6d:3c:d1:
         a8:4d:01:fa:f3:d4:3d:5b:cd:48:44:8a:e8:45:44:d5:3b:33:
         e2:68:6a:bd:8d:46:a0:01:9c:79:59:97:11:0a:23:da:c5:88:
         31:48:71:09:b1:ff:95:72:7d:c0:82:e7:55:be:98:54:76:9c:
         17:0d:2f:02:6f:3e:b0:fc:76:49:88:59:09:8f:cc:58:af:cd:
         1b:42:8c:c6:0b:82:bb:12:fa:45:93:f3:74:4f:80:3c:0d:dc:
         3c:9d:81:a1:f1:a5:f2:b8:76:b7:b6:28:bb:85:0d:1d:a2:1d:
         98:71:d3:11:27:e9:a0:da:d7:70:ec:cf:0e:ac:2f:9e:a5:07:
         7f:05:6f:b6:5d:6a:f0:13:68:28:1b:f3:82:93:3c:3a:6a:49:
         fb:7c:b2:c9:2c:4d:9f:bb:65:4b:8b:23:a1:3b:04:08:5c:ee:
         d3:84:76:99:e3:77:ab:fe:54:2a:ab:bf:bc:f2:79:b0:46:6b:
         ee:24:f8:d7
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULiwtTxpijth9foUm1WD7KcVyrYwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDIwMDMwMjlaFw0yNTA1MDcyMzU5NTlaMHoxSTBHBgNV
BAUTQGRiNDMxNWE3ZTRkMmE0MmJjNGU3NTY5OTNjNmE3MmFiN2FiNzFjY2M5ODYz
ZDNiOWU5ZTc0YzQ2N2U4MjhkZGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMlzSP1x7wFAulStNRMOQgsBOWWRqkrxp8mzUIa+py8yu/pREO/vRGtZUyWL
vOFmro9+Ug5qpoSPW00BXQrlikF2WmEomRYEH0JYAaK+B72UPMPQfHYo8VUwHcuR
G2ENdgIIY+mivu11Y8OFb8VvugPdmxSDSbQXfgxrVykCMjdjsi6PRgxGbt56w2MI
QRG+gIArqsO/jHZfKQRH0izf+ZXPbMupQ6S3gAs1vAEhR5MU1Ia7CBu6gP17yzjT
BQ6JKdO0JcjHYND9GUzFFZMcmnL6G7YMcEL+A0RXU/J1uDvQRl+RvFe2EFzzJ2Up
b3qXUUUh+z+RA2gRsciC62ssyesCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS4j0rr
afwtWDR+zSuoeNaol6VSHTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWNjZmEzNjQtMDdhYi00YTVlLTgxYTktOTlmOWQ2YjNhMDY3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G/g
MA0GCSqGSIb3DQEBCwUAA4IBAQCW/MMehq+cKB6vn2pSINOpe4cGdBMwaV+jq+Un
6tUBUiS1WR0aT0eJQB/KXhL8esu1OzJ+owa7Sdtq1xEfW8VJsLQJROhtPNGoTQH6
89Q9W81IRIroRUTVOzPiaGq9jUagAZx5WZcRCiPaxYgxSHEJsf+Vcn3AgudVvphU
dpwXDS8Cbz6w/HZJiFkJj8xYr80bQozGC4K7EvpFk/N0T4A8Ddw8nYGh8aXyuHa3
tii7hQ0doh2YcdMRJ+mg2tdw7M8OrC+epQd/BW+2XWrwE2goG/OCkzw6akn7fLLJ
LE2fu2VLiyOhOwQIXO7ThHaZ43er/lQqq7+88nmwRmvuJPjX
-----END CERTIFICATE-----