Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2dc7b564-c3e1-49ef-a78c-f36f4139b43f.roa
File:                     2dc7b564-c3e1-49ef-a78c-f36f4139b43f.roa (raw, json)
Hash identifier:          BXn0bKI6bEmu+6Hfhl/gW+oZ9UFtQ2MxRMKrWRiOD7A=
Subject key identifier:   66:03:AA:EA:A3:57:4F:0E:60:A1:A7:AD:56:67:18:3D:50:80:96:5E
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       0D8380CD59754E31997427F4BEA9671FE6474218
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2dc7b564-c3e1-49ef-a78c-f36f4139b43f.roa
Signing time:             Mon 31 Mar 2025 20:41:07 +0000
ROA not before:           Mon 31 Mar 2025 20:41:07 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d078:a000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:83:80:cd:59:75:4e:31:99:74:27:f4:be:a9:67:1f:e6:47:42:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:41:07 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:7b:e7:08:a2:99:f7:8c:78:24:4d:00:4a:69:
                    c2:ae:86:91:d8:50:bf:c4:27:99:7a:9b:d9:ca:ad:
                    6b:05:a3:8e:ec:7b:51:d0:89:3e:3b:6a:ee:80:54:
                    01:31:fa:23:da:b0:2f:88:3b:d9:42:71:0a:39:1e:
                    a4:70:ea:a9:cf:6b:d8:78:8f:42:b7:0a:fa:3a:6d:
                    06:bd:71:94:bb:0e:29:64:68:e5:f5:c8:5f:35:23:
                    c1:b6:b8:1e:70:26:2f:3d:9c:c7:55:b7:13:78:f1:
                    9e:27:43:e7:2d:5d:6e:45:a9:95:64:97:12:12:e1:
                    63:dc:1a:89:41:4d:58:61:3b:17:02:0b:23:1e:8a:
                    30:5f:46:e1:f5:2c:6d:f9:ee:93:01:4f:28:e2:98:
                    2f:7b:e6:c1:9c:46:7f:57:9b:62:94:d9:6f:84:d5:
                    b1:04:17:0b:a3:e7:a0:df:b4:09:4a:4f:c0:f0:0d:
                    ca:54:e3:98:7b:ef:8c:c3:b6:2b:8f:80:85:7f:08:
                    f4:5d:63:3a:0f:5d:14:c8:36:07:7e:47:60:3d:03:
                    2e:73:ac:68:5d:30:4f:de:bd:a1:7e:d4:12:64:36:
                    e1:fe:10:06:d1:3c:c9:a4:f1:9a:1d:01:7c:33:ae:
                    e1:85:a4:43:4d:f4:f9:31:4c:cb:ce:7e:d4:34:e3:
                    e3:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:03:AA:EA:A3:57:4F:0E:60:A1:A7:AD:56:67:18:3D:50:80:96:5E
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2dc7b564-c3e1-49ef-a78c-f36f4139b43f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d078:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         39:db:7d:66:65:f7:a4:55:52:e1:73:e4:1b:35:e9:3c:3c:0c:
         92:45:4b:ee:e9:db:d4:b2:89:08:dd:0c:0f:be:4f:cc:c8:30:
         d6:d2:b5:e6:e3:f8:63:a8:de:bc:63:a6:14:a9:70:60:6f:66:
         33:7b:37:25:21:6d:91:a4:33:c9:62:5e:49:9e:83:fa:cb:dc:
         09:aa:77:ea:3a:62:6a:fd:01:c7:32:6f:af:8b:5e:1a:f7:ab:
         f3:48:bd:a0:77:bc:5e:3b:9a:1e:81:b6:f0:9d:66:86:d0:99:
         22:4a:2a:8f:e6:57:a7:9b:15:cb:a7:77:a7:22:07:89:f8:f2:
         c3:82:b5:6b:48:23:e7:54:ed:be:e8:5e:1a:b4:52:22:22:2c:
         6b:e7:1d:57:64:c9:39:86:18:55:fb:1b:49:a9:6e:11:ec:cf:
         a3:b0:e5:d2:ed:65:8f:42:ac:20:04:1c:ce:60:c4:fd:ef:7a:
         84:06:68:8c:2b:bc:76:b1:ce:b5:27:7a:20:a8:62:fb:cc:73:
         d1:b0:d6:4f:0d:8e:7e:63:e3:c6:4d:bd:dc:7b:eb:98:af:0a:
         9f:46:a6:ac:91:3a:3c:ff:2e:9a:ef:64:81:f1:0d:ec:ba:e7:
         2a:5c:87:2d:5f:12:54:9f:1c:b9:98:b0:39:1e:88:64:0f:17:
         49:83:71:d0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDYOAzVl1TjGZdCf0vqlnH+ZHQhgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDQxMDdaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDkwY2RlYjQzMjkzNGZhNTY4OTYzYzdkZWNkMzJmODc0MTg2NDM1ZTYyNDFj
OGE5M2ZmZTFlNzA5OTY5M2U5MDcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKB75wiimfeMeCRNAEppwq6GkdhQv8QnmXqb2cqtawWjjux7UdCJPjtq7oBU
ATH6I9qwL4g72UJxCjkepHDqqc9r2HiPQrcK+jptBr1xlLsOKWRo5fXIXzUjwba4
HnAmLz2cx1W3E3jxnidD5y1dbkWplWSXEhLhY9waiUFNWGE7FwILIx6KMF9G4fUs
bfnukwFPKOKYL3vmwZxGf1ebYpTZb4TVsQQXC6PnoN+0CUpPwPANylTjmHvvjMO2
K4+AhX8I9F1jOg9dFMg2B35HYD0DLnOsaF0wT969oX7UEmQ24f4QBtE8yaTxmh0B
fDOu4YWkQ030+TFMy85+1DTj49kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRmA6rq
o1dPDmChp61WZxg9UICWXjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MmRjN2I1NjQtYzNlMS00OWVmLWE3OGMtZjM2ZjQxMzliNDNmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hig
MA0GCSqGSIb3DQEBCwUAA4IBAQA5231mZfekVVLhc+QbNek8PAySRUvu6dvUsokI
3QwPvk/MyDDW0rXm4/hjqN68Y6YUqXBgb2YzezclIW2RpDPJYl5JnoP6y9wJqnfq
OmJq/QHHMm+vi14a96vzSL2gd7xeO5oegbbwnWaG0JkiSiqP5lenmxXLp3enIgeJ
+PLDgrVrSCPnVO2+6F4atFIiIixr5x1XZMk5hhhV+xtJqW4R7M+jsOXS7WWPQqwg
BBzOYMT973qEBmiMK7x2sc61J3ogqGL7zHPRsNZPDY5+Y+PGTb3ce+uYrwqfRqas
kTo8/y6a72SB8Q3suucqXIctXxJUnxy5mLA5HohkDxdJg3HQ
-----END CERTIFICATE-----