Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1fb46240-1c3f-4b2f-9927-3470c9898890.roa
File:                     1fb46240-1c3f-4b2f-9927-3470c9898890.roa (raw, json)
Hash identifier:          2gbBc6Pr9ekrO66LNP4vgYvAUz7cj9bNHmUujWos6EE=
Subject key identifier:   62:2D:B4:4D:5E:52:B1:70:F9:67:DC:44:3A:60:F0:35:5A:C9:FA:7F
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       314735DF46471351BE7E3330F4D0A5365B72F075
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1fb46240-1c3f-4b2f-9927-3470c9898890.roa
Signing time:             Mon 31 Mar 2025 19:40:13 +0000
ROA not before:           Mon 31 Mar 2025 19:40:13 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:80a0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:47:35:df:46:47:13:51:be:7e:33:30:f4:d0:a5:36:5b:72:f0:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:40:13 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:30:49:6e:71:15:66:b1:59:45:10:4c:01:2a:
                    27:9d:6f:63:46:67:69:36:09:51:85:51:1d:9e:b3:
                    95:16:9f:6e:d7:60:83:f3:47:76:33:84:91:d0:0b:
                    11:4f:16:df:01:db:77:4c:0b:24:a2:be:7a:9f:71:
                    b2:9c:ff:a8:fe:de:19:0d:b4:f1:7e:26:e1:74:ee:
                    00:50:da:26:3a:96:35:bd:6d:f1:c2:5b:f2:28:16:
                    a9:a2:9c:7c:58:5a:a9:ac:d1:05:24:55:8e:5f:0b:
                    52:08:3a:18:99:42:08:5d:ff:83:0f:3d:01:46:7e:
                    69:05:db:18:f2:53:bf:d6:db:c1:d4:01:c0:15:61:
                    16:86:b6:14:3e:8e:04:fa:1a:27:b7:12:cf:8b:b3:
                    c2:65:4e:86:69:6b:11:61:2e:21:48:db:eb:11:ed:
                    21:4e:14:7c:39:03:23:55:91:69:b8:69:06:df:62:
                    02:63:8d:80:70:67:da:2d:8e:29:8b:3c:f7:39:ab:
                    08:3c:dd:b9:df:fe:d1:8e:71:29:50:7e:12:94:1c:
                    0f:ee:62:b7:02:b3:10:8c:e7:99:99:26:51:20:82:
                    23:93:2c:ae:ac:08:60:76:35:c9:be:32:b8:17:d9:
                    56:f0:80:e8:f9:98:71:6c:16:86:fe:03:7b:28:3b:
                    67:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:2D:B4:4D:5E:52:B1:70:F9:67:DC:44:3A:60:F0:35:5A:C9:FA:7F
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1fb46240-1c3f-4b2f-9927-3470c9898890.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:80a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:e8:96:bc:dd:04:b4:10:bc:50:50:64:c2:23:3e:0a:fd:fa:
         54:55:26:7e:00:86:f7:62:af:d6:73:60:fe:5c:ab:8d:a3:3d:
         c0:dd:15:dc:fe:21:d9:21:a6:71:17:c3:37:c2:de:1e:33:71:
         fc:2d:95:71:16:be:d4:48:af:be:63:7a:86:3f:7e:92:fa:6c:
         87:bf:e0:77:7d:37:eb:b7:f4:e7:40:c0:20:53:eb:0f:15:fa:
         75:b9:2b:0e:fc:72:eb:80:c6:ec:ce:b7:4e:ba:40:5e:0a:d9:
         80:e7:d6:45:80:d3:64:27:a1:a3:d8:2f:1a:74:5a:6c:b6:1f:
         5e:d8:61:36:70:14:43:87:5e:05:11:78:fd:d3:97:fd:0c:8e:
         53:29:12:02:81:2c:a5:db:1d:7f:94:03:8f:39:a2:ec:2e:61:
         af:43:2c:5a:7d:1a:3a:15:40:87:98:7c:45:1c:fc:31:57:fd:
         62:e9:28:a5:9b:7e:28:fb:b0:1b:1e:91:84:9c:a9:74:57:9a:
         33:4f:0c:7b:26:9a:51:b3:79:d0:43:08:79:6d:6a:1f:50:ea:
         dc:9d:b7:05:99:2d:4b:1a:9f:50:a8:ff:02:9f:95:bd:9c:ec:
         70:20:9b:74:e0:50:b1:9e:78:7a:ca:98:fd:3e:2f:29:2e:f6:
         8e:f0:cc:81
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUMUc130ZHE1G+fjMw9NClNlty8HUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTQwMTNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc0ODNiZmI3M2U2MWYyMjM5N2IwODRmNzM5MWI1NzI0Yzk0N2VlZjMyNGU2
MThmY2M4OTEyZmFjMDkzNTg5NWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI8wSW5xFWaxWUUQTAEqJ51vY0ZnaTYJUYVRHZ6zlRafbtdgg/NHdjOEkdAL
EU8W3wHbd0wLJKK+ep9xspz/qP7eGQ208X4m4XTuAFDaJjqWNb1t8cJb8igWqaKc
fFhaqazRBSRVjl8LUgg6GJlCCF3/gw89AUZ+aQXbGPJTv9bbwdQBwBVhFoa2FD6O
BPoaJ7cSz4uzwmVOhmlrEWEuIUjb6xHtIU4UfDkDI1WRabhpBt9iAmONgHBn2i2O
KYs89zmrCDzdud/+0Y5xKVB+EpQcD+5itwKzEIznmZkmUSCCI5MsrqwIYHY1yb4y
uBfZVvCA6PmYcWwWhv4Deyg7Zx8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRiLbRN
XlKxcPln3EQ6YPA1Wsn6fzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWZiNDYyNDAtMWMzZi00YjJmLTk5MjctMzQ3MGM5ODk4ODkwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
oDANBgkqhkiG9w0BAQsFAAOCAQEAouiWvN0EtBC8UFBkwiM+Cv36VFUmfgCG92Kv
1nNg/lyrjaM9wN0V3P4h2SGmcRfDN8LeHjNx/C2VcRa+1EivvmN6hj9+kvpsh7/g
d30367f050DAIFPrDxX6dbkrDvxy64DG7M63TrpAXgrZgOfWRYDTZCeho9gvGnRa
bLYfXthhNnAUQ4deBRF4/dOX/QyOUykSAoEspdsdf5QDjzmi7C5hr0MsWn0aOhVA
h5h8RRz8MVf9YukopZt+KPuwGx6RhJypdFeaM08MeyaaUbN50EMIeW1qH1Dq3J23
BZktSxqfUKj/Ap+VvZzscCCbdOBQsZ54esqY/T4vKS72jvDMgQ==
-----END CERTIFICATE-----