Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2331f846-3447-4dea-ac7a-63323853ebb9.roa
File:                     2331f846-3447-4dea-ac7a-63323853ebb9.roa (raw, json)
Hash identifier:          Ab2gmb+u/bMH47Ut9tx/almZpXyfSohQT4ohINCA1iQ=
Subject key identifier:   8D:8E:C0:67:AB:F6:2E:1E:9C:31:73:1B:FA:AB:1D:29:74:BB:87:D1
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       47DD6BCFA3F90C6C79CC411C5D1DDFFC1BD73267
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2331f846-3447-4dea-ac7a-63323853ebb9.roa
Signing time:             Wed 02 Apr 2025 00:30:42 +0000
ROA not before:           Wed 02 Apr 2025 00:30:42 +0000
ROA not after:            Wed 07 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d06f:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:dd:6b:cf:a3:f9:0c:6c:79:cc:41:1c:5d:1d:df:fc:1b:d7:32:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Apr  2 00:30:42 2025 GMT
            Not After : May  7 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:df:9a:3e:d2:d2:7d:29:b5:20:5a:83:5a:c8:
                    30:2b:42:5b:97:27:9c:80:87:1e:c2:b2:0d:c2:c2:
                    fe:0b:77:e1:13:aa:9b:44:a9:7b:9f:9a:c6:b4:2e:
                    eb:10:03:82:60:05:3a:43:30:b8:f2:9a:6f:0d:d1:
                    57:a2:69:52:b2:fe:03:fe:67:da:38:b9:74:cb:8e:
                    b5:f3:4b:83:1e:1d:17:8d:04:c9:16:44:8d:23:1d:
                    e6:63:a4:1e:9a:d1:27:31:e4:f8:0d:9c:0b:e1:4d:
                    f8:52:3a:dd:c1:f5:17:e8:a0:c3:69:1b:cc:97:38:
                    40:d1:2b:48:6a:50:63:b6:fd:20:4a:2b:6e:a5:9c:
                    24:58:35:90:44:af:f6:3c:d2:3f:9b:6b:b3:54:64:
                    b5:a7:3d:41:46:58:fa:63:d1:71:28:d1:1a:72:ed:
                    b9:82:13:79:ff:c1:eb:5e:66:11:d1:2d:ef:ee:fc:
                    60:0d:6b:5c:fe:d3:98:b2:d7:e3:1e:a3:64:40:fd:
                    5b:6a:aa:17:32:49:9c:3b:0a:fb:16:f3:77:d1:bc:
                    25:3d:f8:92:6b:1f:2a:c3:e4:2c:37:6c:55:5c:27:
                    96:7a:96:9e:f0:0e:cf:0b:88:2d:24:33:19:90:f0:
                    f9:5a:88:52:a4:c3:2b:22:82:b6:d0:56:32:0d:2f:
                    61:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:8E:C0:67:AB:F6:2E:1E:9C:31:73:1B:FA:AB:1D:29:74:BB:87:D1
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2331f846-3447-4dea-ac7a-63323853ebb9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d06f:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         02:0c:ec:08:07:5b:7d:81:2e:d0:f1:18:cb:5e:96:bf:0e:ac:
         ae:22:68:83:ae:ff:95:e2:ff:1d:46:b8:3a:ae:6c:41:b0:ff:
         8c:e3:62:73:a6:37:ae:bd:33:e7:7d:dc:5c:1f:72:ef:09:8c:
         07:f0:28:12:f4:be:db:05:e5:99:8e:b2:6e:3b:25:d8:c8:73:
         45:92:12:35:08:c6:d8:6b:ed:c1:cb:82:dd:21:53:4e:62:c6:
         30:11:68:cd:fc:6d:e9:6b:49:3a:ac:a7:88:91:27:f1:b2:ce:
         ff:51:12:6b:8d:74:31:7a:e6:61:f8:bc:2e:ec:04:cb:bd:e2:
         e4:53:c8:6f:aa:d4:1a:e3:36:22:d5:c0:70:f6:19:5a:82:00:
         0a:ca:d8:6e:df:43:78:2f:d1:3e:2e:56:b0:ae:7b:ba:cb:bc:
         b1:e3:ee:0f:86:2e:93:31:ce:cc:6e:95:04:a7:f8:1c:0a:54:
         48:b7:83:3f:4a:94:01:ff:dd:47:02:0f:59:7b:4d:32:54:76:
         fa:4f:ed:ad:75:5b:84:fa:01:4d:57:c8:a1:2e:7f:6a:48:47:
         52:68:2e:04:e7:6d:8f:b4:9b:00:f8:6d:54:39:72:c9:c9:f4:
         0d:1d:7c:c4:87:cc:e2:54:dc:35:63:1e:6d:64:37:1b:af:23:
         f2:e8:e0:cb
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUR91rz6P5DGx5zEEcXR3f/BvXMmcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA0MDIwMDMwNDJaFw0yNTA1MDcyMzU5NTlaMHoxSTBHBgNV
BAUTQGUwNTk4NmYzYjUyNjBjOWJjNzA5Y2JiOGMwNmRlY2E0ODNmMTA4NDgzZWIx
MzRlODk3ODY2OWIzMWRlNGU3MDcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALrfmj7S0n0ptSBag1rIMCtCW5cnnICHHsKyDcLC/gt34ROqm0Spe5+axrQu
6xADgmAFOkMwuPKabw3RV6JpUrL+A/5n2ji5dMuOtfNLgx4dF40EyRZEjSMd5mOk
HprRJzHk+A2cC+FN+FI63cH1F+igw2kbzJc4QNErSGpQY7b9IEorbqWcJFg1kESv
9jzSP5trs1Rktac9QUZY+mPRcSjRGnLtuYITef/B615mEdEt7+78YA1rXP7TmLLX
4x6jZED9W2qqFzJJnDsK+xbzd9G8JT34kmsfKsPkLDdsVVwnlnqWnvAOzwuILSQz
GZDw+VqIUqTDKyKCttBWMg0vYQ0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSNjsBn
q/YuHpwxcxv6qx0pdLuH0TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjMzMWY4NDYtMzQ0Ny00ZGVhLWFjN2EtNjMzMjM4NTNlYmI5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G8g
MA0GCSqGSIb3DQEBCwUAA4IBAQACDOwIB1t9gS7Q8RjLXpa/DqyuImiDrv+V4v8d
Rrg6rmxBsP+M42JzpjeuvTPnfdxcH3LvCYwH8CgS9L7bBeWZjrJuOyXYyHNFkhI1
CMbYa+3By4LdIVNOYsYwEWjN/G3pa0k6rKeIkSfxss7/URJrjXQxeuZh+Lwu7ATL
veLkU8hvqtQa4zYi1cBw9hlaggAKythu30N4L9E+Llawrnu6y7yx4+4Phi6TMc7M
bpUEp/gcClRIt4M/SpQB/91HAg9Ze00yVHb6T+2tdVuE+gFNV8ihLn9qSEdSaC4E
522PtJsA+G1UOXLJyfQNHXzEh8ziVNw1Yx5tZDcbryPy6ODL
-----END CERTIFICATE-----