Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/21e2f5c8-e012-44d0-a6f2-c4a065b3b954.roa
File:                     21e2f5c8-e012-44d0-a6f2-c4a065b3b954.roa (raw, json)
Hash identifier:          6nYTTmb1/ZtX2Iw9zp6Y54TYnrMDJNgbJmyb6pIwu8w=
Subject key identifier:   44:AA:3C:EA:E4:F8:1B:39:41:C7:AE:29:90:77:91:CA:D0:D7:6A:57
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3423B79FFD27CE312A2E89B8531D73DCA40659FD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/21e2f5c8-e012-44d0-a6f2-c4a065b3b954.roa
Signing time:             Mon 31 Mar 2025 20:51:12 +0000
ROA not before:           Mon 31 Mar 2025 20:51:12 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d034:4000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:23:b7:9f:fd:27:ce:31:2a:2e:89:b8:53:1d:73:dc:a4:06:59:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:51:12 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:ca:5b:2f:e3:ff:e3:22:90:03:03:28:37:c0:
                    a0:96:6d:62:25:42:8b:05:d0:c3:39:7b:86:79:5f:
                    c4:91:d7:37:82:43:87:6c:7d:7b:1e:69:16:c8:86:
                    b9:b8:92:b9:94:f7:4c:8f:80:27:a2:be:2a:22:43:
                    30:91:83:7b:37:3d:f1:20:0a:db:fa:5a:13:ec:fa:
                    64:19:48:5d:17:08:38:d8:41:ce:7f:f5:6b:f3:6d:
                    7d:ab:b5:cd:1b:ce:2c:09:45:26:79:52:98:19:02:
                    f1:16:30:c0:1d:aa:ac:12:fc:eb:0d:d5:d8:27:60:
                    14:72:70:a0:b6:65:bd:f6:b5:15:36:d9:77:72:c7:
                    5f:b1:1c:d3:e4:4e:f9:3a:65:02:ce:df:9f:04:2f:
                    ad:9a:92:d7:4b:5d:02:8a:a5:b0:bb:e5:a1:24:59:
                    03:4c:c2:94:b0:bd:61:83:63:a1:69:f3:85:fd:26:
                    d6:ab:c7:bf:59:44:7d:e5:39:fc:e4:0f:77:81:51:
                    81:a5:1c:e9:c2:14:fa:91:6a:80:bf:aa:25:a4:ef:
                    e1:a7:de:a7:30:1e:63:0a:b0:53:16:b4:36:ab:f2:
                    e8:cb:3a:54:74:d2:1d:4a:34:f5:64:79:64:45:dc:
                    ce:d9:af:2b:fd:df:3b:bc:85:75:6f:72:ff:de:cd:
                    ca:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:AA:3C:EA:E4:F8:1B:39:41:C7:AE:29:90:77:91:CA:D0:D7:6A:57
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/21e2f5c8-e012-44d0-a6f2-c4a065b3b954.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d034:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         81:1f:41:10:ea:82:f8:7b:8d:3f:a1:d9:6e:7c:55:89:96:1f:
         2c:b6:40:4e:cf:44:45:df:9b:1a:4c:9e:35:bb:49:01:55:81:
         f3:a6:05:ae:4b:3a:59:6f:30:db:17:c0:58:d1:53:d9:86:b5:
         19:82:b4:e9:48:a2:dd:3c:d9:db:04:91:aa:88:ef:f7:8b:39:
         a8:6d:e4:91:5a:cd:59:75:96:43:84:1c:41:17:cc:10:8a:22:
         e7:c7:79:b9:5b:1d:09:15:45:6d:d9:fd:a2:c4:60:02:89:b7:
         e0:1e:a4:5d:cf:44:f3:9b:ed:5d:77:3b:8d:4f:9b:41:4f:75:
         b0:eb:96:fd:60:38:18:7c:80:dd:8d:b5:7b:0a:41:04:fc:15:
         96:33:ca:83:92:4d:63:7f:5a:0a:9f:7e:9f:de:70:fd:2f:02:
         56:13:74:5c:54:02:da:7a:45:f1:81:ac:62:2e:22:36:91:0b:
         7f:b2:be:f4:9d:a3:83:82:f6:0b:09:b4:a7:e4:94:0c:32:b0:
         4c:e2:dc:52:5f:6c:c8:fd:6d:1e:56:bd:6d:3f:ca:b3:7d:4b:
         d5:6b:77:63:58:8a:a9:9b:8d:68:ab:1a:f8:9d:ee:20:ca:4e:
         b5:1c:dc:ab:e9:b6:6c:b9:46:31:13:40:a3:63:aa:21:f4:73:
         d3:23:ac:bc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNCO3n/0nzjEqLom4Ux1z3KQGWf0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDUxMTJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDFiZTEyZGM3NTI1MTQyM2FmMjA5MjUzODUyMGRmZWM4OGRkY2JmNDE0NWVi
ZGZmNjIwZjU2OWRhNTk0NGNjMGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANDKWy/j/+MikAMDKDfAoJZtYiVCiwXQwzl7hnlfxJHXN4JDh2x9ex5pFsiG
ubiSuZT3TI+AJ6K+KiJDMJGDezc98SAK2/paE+z6ZBlIXRcIONhBzn/1a/Ntfau1
zRvOLAlFJnlSmBkC8RYwwB2qrBL86w3V2CdgFHJwoLZlvfa1FTbZd3LHX7Ec0+RO
+TplAs7fnwQvrZqS10tdAoqlsLvloSRZA0zClLC9YYNjoWnzhf0m1qvHv1lEfeU5
/OQPd4FRgaUc6cIU+pFqgL+qJaTv4afepzAeYwqwUxa0Nqvy6Ms6VHTSHUo09WR5
ZEXcztmvK/3fO7yFdW9y/97NykECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBREqjzq
5PgbOUHHrimQd5HK0NdqVzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjFlMmY1YzgtZTAxMi00NGQwLWE2ZjItYzRhMDY1YjNiOTU0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DRA
MA0GCSqGSIb3DQEBCwUAA4IBAQCBH0EQ6oL4e40/odlufFWJlh8stkBOz0RF35sa
TJ41u0kBVYHzpgWuSzpZbzDbF8BY0VPZhrUZgrTpSKLdPNnbBJGqiO/3izmobeSR
Ws1ZdZZDhBxBF8wQiiLnx3m5Wx0JFUVt2f2ixGACibfgHqRdz0Tzm+1ddzuNT5tB
T3Ww65b9YDgYfIDdjbV7CkEE/BWWM8qDkk1jf1oKn36f3nD9LwJWE3RcVALaekXx
gaxiLiI2kQt/sr70naODgvYLCbSn5JQMMrBM4txSX2zI/W0eVr1tP8qzfUvVa3dj
WIqpm41oqxr4ne4gyk61HNyr6bZsuUYxE0CjY6oh9HPTI6y8
-----END CERTIFICATE-----