Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25e5dc44-9b73-42f2-b6d1-c0f559b533bd.roa
File:                     25e5dc44-9b73-42f2-b6d1-c0f559b533bd.roa (raw, json)
Hash identifier:          5XJ2dsB+tvMp5fEBpgdz0g/dWvEQljziTo/Eus3nO00=
Subject key identifier:   73:29:61:E3:08:BF:FC:69:DF:74:07:79:9F:05:DC:FC:7F:8A:0B:A8
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       3C68145FDFE71FB90594665DB186F09A4CA8AF39
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25e5dc44-9b73-42f2-b6d1-c0f559b533bd.roa
Signing time:             Mon 31 Mar 2025 20:00:49 +0000
ROA not before:           Mon 31 Mar 2025 20:00:49 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:20c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:68:14:5f:df:e7:1f:b9:05:94:66:5d:b1:86:f0:9a:4c:a8:af:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:00:49 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b9:af:1f:fa:6e:4f:28:25:89:ff:55:62:47:
                    1b:5a:77:b3:0f:0b:ed:6c:51:93:1a:04:e7:a9:ba:
                    66:c4:7d:0f:8f:b4:8d:cb:ca:34:51:8a:47:d7:ff:
                    23:ca:28:b0:79:ef:89:d5:f0:45:f0:d5:c3:d8:46:
                    15:59:ae:ae:f1:82:95:71:95:d3:07:e6:50:c7:d9:
                    b0:29:3a:ea:1a:90:58:a9:cb:80:e3:51:47:30:c3:
                    37:1e:06:96:ba:88:d4:ba:75:a7:67:74:61:f1:83:
                    bc:4f:9d:c0:ee:5c:49:1f:72:67:ce:82:2c:51:cc:
                    68:48:ce:4f:13:65:73:3d:f6:d1:4a:d4:78:17:38:
                    61:c6:48:c4:3a:fd:a0:65:1d:35:c2:3e:28:69:c8:
                    58:3a:0b:e2:e5:63:80:c7:4c:03:a5:db:c5:5d:39:
                    00:b7:76:94:97:bd:72:95:35:98:06:17:32:27:21:
                    88:16:7b:e8:5e:36:79:01:1c:b5:0e:82:bc:61:71:
                    ef:73:b7:d5:3e:5f:6c:93:ad:56:eb:1b:98:20:cc:
                    5b:34:d7:e9:46:ce:d2:89:a6:d8:41:6c:5a:de:36:
                    8e:07:52:e1:23:41:35:d9:f6:d2:9a:69:d7:f9:7d:
                    d6:60:c9:00:3c:4b:b2:f2:84:0d:94:e8:b6:9e:e6:
                    61:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:29:61:E3:08:BF:FC:69:DF:74:07:79:9F:05:DC:FC:7F:8A:0B:A8
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25e5dc44-9b73-42f2-b6d1-c0f559b533bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:20c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         90:f4:7b:b5:5e:54:09:29:b6:07:8e:77:80:2c:16:55:4d:66:
         f1:40:4c:19:49:36:3e:ed:fa:d4:d6:40:3c:23:c3:8c:87:79:
         eb:e1:c8:7e:47:75:73:d4:1e:23:33:71:c1:02:5a:dc:04:9c:
         28:54:e5:a9:a6:82:55:d5:2d:93:ab:d0:e1:e3:8c:a5:32:2b:
         82:b3:3b:1e:74:ba:ba:f3:ee:30:4f:5c:9b:d2:0a:60:31:73:
         95:0b:13:35:53:01:85:71:9c:a7:87:8f:d2:2c:f9:6b:0c:b4:
         a5:4a:95:e3:bf:75:a6:63:9a:65:fd:f7:7e:9e:a1:4b:6e:a1:
         c8:24:b9:8d:72:f0:79:7b:12:a1:e0:39:2a:af:74:d2:1c:8e:
         68:e2:ad:0c:39:82:04:a5:6f:df:0e:fc:0e:a9:f8:ad:de:56:
         09:9d:6e:df:ab:71:99:e1:34:cc:5c:84:8f:d9:c4:fd:22:2b:
         b3:b0:e7:0d:f3:dc:a6:b9:0f:01:1b:99:13:da:fb:e5:96:5d:
         2f:78:92:88:5f:f7:a6:12:15:20:40:9e:03:46:a5:34:ac:92:
         04:f1:85:f3:bc:f7:cf:46:3b:7d:18:2d:d4:e6:10:a3:69:5e:
         d1:99:84:32:14:a0:c7:1c:45:58:39:29:b8:36:a9:44:cb:0c:
         7b:32:44:56
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUPGgUX9/nH7kFlGZdsYbwmkyorzkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDAwNDlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ2OWIwYmYwMjI1OWM5NDc4NGU2NzFkMjI1M2RkZDVlNTJmYTk4Mjk1NmZk
MDMxOWE0MTgyY2I3M2YxZDE2NzQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJS5rx/6bk8oJYn/VWJHG1p3sw8L7WxRkxoE56m6ZsR9D4+0jcvKNFGKR9f/
I8oosHnvidXwRfDVw9hGFVmurvGClXGV0wfmUMfZsCk66hqQWKnLgONRRzDDNx4G
lrqI1Lp1p2d0YfGDvE+dwO5cSR9yZ86CLFHMaEjOTxNlcz320UrUeBc4YcZIxDr9
oGUdNcI+KGnIWDoL4uVjgMdMA6XbxV05ALd2lJe9cpU1mAYXMichiBZ76F42eQEc
tQ6CvGFx73O31T5fbJOtVusbmCDMWzTX6UbO0omm2EFsWt42jgdS4SNBNdn20ppp
1/l91mDJADxLsvKEDZTotp7mYX0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRzKWHj
CL/8ad90B3mfBdz8f4oLqDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjVlNWRjNDQtOWI3My00MmYyLWI2ZDEtYzBmNTU5YjUzM2JkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0Hcg
wDANBgkqhkiG9w0BAQsFAAOCAQEAkPR7tV5UCSm2B453gCwWVU1m8UBMGUk2Pu36
1NZAPCPDjId56+HIfkd1c9QeIzNxwQJa3AScKFTlqaaCVdUtk6vQ4eOMpTIrgrM7
HnS6uvPuME9cm9IKYDFzlQsTNVMBhXGcp4eP0iz5awy0pUqV4791pmOaZf33fp6h
S26hyCS5jXLweXsSoeA5Kq900hyOaOKtDDmCBKVv3w78Dqn4rd5WCZ1u36txmeE0
zFyEj9nE/SIrs7DnDfPcprkPARuZE9r75ZZdL3iSiF/3phIVIECeA0alNKySBPGF
87z3z0Y7fRgt1OYQo2le0ZmEMhSgxxxFWDkpuDapRMsMezJEVg==
-----END CERTIFICATE-----