Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ce4b79c-26b8-4e2b-8de2-ef5254a2c33e.roa
File:                     1ce4b79c-26b8-4e2b-8de2-ef5254a2c33e.roa (raw, json)
Hash identifier:          A8OpLs8GqbrN9InkG+U8x/Yu4D1xUN/UeW10aRNeePY=
Subject key identifier:   5F:11:0C:35:7A:F8:E1:15:09:62:AD:62:CD:3E:C7:B9:E9:DE:7C:CF
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2A2D2890E76914B8F644382CD076EAFBD730C278
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ce4b79c-26b8-4e2b-8de2-ef5254a2c33e.roa
Signing time:             Mon 31 Mar 2025 19:50:59 +0000
ROA not before:           Mon 31 Mar 2025 19:50:59 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d074:6040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:2d:28:90:e7:69:14:b8:f6:44:38:2c:d0:76:ea:fb:d7:30:c2:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:50:59 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:2d:2c:dc:15:2d:27:e6:0c:fe:18:35:da:af:
                    72:e5:92:07:1e:12:30:de:95:c2:b3:57:90:9f:97:
                    01:19:64:ff:22:a7:3c:c2:25:f3:e5:fd:0b:30:7d:
                    1c:c0:3c:de:63:84:ac:c9:92:2b:ca:70:4c:bc:95:
                    fe:c7:2c:96:d6:5f:a7:82:d1:31:81:0c:b6:98:ba:
                    af:f6:a4:41:4f:1b:29:d3:b1:8d:33:eb:fc:a8:d4:
                    1e:27:63:6e:70:eb:d4:f9:39:db:ff:c7:23:31:f3:
                    70:7e:61:2f:5b:08:97:b5:7b:4c:29:fd:39:ba:c4:
                    bf:9e:7f:8a:d9:d5:34:33:16:83:21:79:e5:1a:cf:
                    52:16:84:0c:c5:d8:35:22:0c:01:02:1e:71:68:7e:
                    7a:6d:e5:5a:96:45:3b:62:8e:ab:45:7e:fa:a1:4f:
                    6b:37:75:ba:a7:52:7d:51:eb:28:f9:9a:f4:2b:63:
                    c2:ef:af:48:7e:3b:69:bb:50:5d:88:39:c8:6d:df:
                    15:7e:4c:75:4c:99:b5:fb:14:ca:b6:0e:bd:4e:72:
                    28:93:14:fb:f6:99:60:8c:c6:3f:d6:12:7b:c1:6d:
                    2d:49:a7:27:16:16:95:54:ec:2e:a6:e0:12:d2:60:
                    55:e3:47:aa:93:ec:02:5c:8a:15:88:c8:36:fe:59:
                    d8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:11:0C:35:7A:F8:E1:15:09:62:AD:62:CD:3E:C7:B9:E9:DE:7C:CF
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ce4b79c-26b8-4e2b-8de2-ef5254a2c33e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d074:6040::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:77:63:18:88:db:1a:85:c4:78:b5:5e:18:d4:36:29:da:50:
         ca:c8:cb:43:01:d2:68:77:bc:f1:ef:d8:3e:88:4e:6a:e0:b4:
         28:8a:ff:14:b5:27:a1:9d:01:70:28:99:e8:08:bb:b1:f6:a6:
         9c:8f:8c:a2:44:13:d9:a0:09:12:4a:72:f8:ed:da:66:6b:fb:
         8e:3d:44:cf:f1:72:24:9c:30:2f:e7:af:07:c6:76:62:b6:da:
         44:eb:35:de:37:ae:64:0f:d1:6a:50:71:bd:95:6c:a2:13:9a:
         e2:ce:80:5b:ac:68:6c:60:21:af:05:42:fa:8a:51:fd:5a:ca:
         98:3e:f9:fb:85:9f:50:3a:9b:df:46:d3:d2:e5:0d:13:0e:49:
         28:3e:86:ab:3f:d5:87:10:99:07:a2:f1:f6:c5:00:d3:64:bc:
         70:bd:04:9d:13:f4:fd:31:a0:a8:a6:0f:42:20:82:2b:43:75:
         f2:47:15:97:c6:70:98:5c:e5:48:36:9e:28:89:af:79:06:8f:
         29:1d:44:1d:dc:ae:0d:04:ed:2c:eb:23:fb:3a:73:13:ff:8b:
         f0:21:33:7f:ba:b3:c6:c9:6c:e3:10:6f:ed:2b:0e:fc:35:cb:
         57:65:46:b4:f8:0d:d4:ca:bb:76:68:87:44:a1:65:e1:87:63:
         4d:06:74:f2
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUKi0okOdpFLj2RDgs0Hbq+9cwwngwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTUwNTlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDg4ZjdmODc1Mzc0OThjNjg3N2NjYTcwMzk4ZWJkNmFjZDBkNTE4N2E5OGU1
NGE4MWQ5NGYxN2E1MWU3YjliMmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOEtLNwVLSfmDP4YNdqvcuWSBx4SMN6VwrNXkJ+XARlk/yKnPMIl8+X9CzB9
HMA83mOErMmSK8pwTLyV/scsltZfp4LRMYEMtpi6r/akQU8bKdOxjTPr/KjUHidj
bnDr1Pk52//HIzHzcH5hL1sIl7V7TCn9ObrEv55/itnVNDMWgyF55RrPUhaEDMXY
NSIMAQIecWh+em3lWpZFO2KOq0V++qFPazd1uqdSfVHrKPma9Ctjwu+vSH47abtQ
XYg5yG3fFX5MdUyZtfsUyrYOvU5yKJMU+/aZYIzGP9YSe8FtLUmnJxYWlVTsLqbg
EtJgVeNHqpPsAlyKFYjINv5Z2KECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRfEQw1
evjhFQlirWLNPse56d58zzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWNlNGI3OWMtMjZiOC00ZTJiLThkZTItZWY1MjU0YTJjMzNlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HRg
QDANBgkqhkiG9w0BAQsFAAOCAQEAIXdjGIjbGoXEeLVeGNQ2KdpQysjLQwHSaHe8
8e/YPohOauC0KIr/FLUnoZ0BcCiZ6Ai7sfamnI+MokQT2aAJEkpy+O3aZmv7jj1E
z/FyJJwwL+evB8Z2YrbaROs13jeuZA/RalBxvZVsohOa4s6AW6xobGAhrwVC+opR
/VrKmD75+4WfUDqb30bT0uUNEw5JKD6Gqz/VhxCZB6Lx9sUA02S8cL0EnRP0/TGg
qKYPQiCCK0N18kcVl8ZwmFzlSDaeKImveQaPKR1EHdyuDQTtLOsj+zpzE/+L8CEz
f7qzxsls4xBv7SsO/DXLV2VGtPgN1Mq7dmiHRKFl4YdjTQZ08g==
-----END CERTIFICATE-----