Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2dfb202f-6202-48da-a3b3-94f1ac000bc9.roa
File:                     2dfb202f-6202-48da-a3b3-94f1ac000bc9.roa (raw, json)
Hash identifier:          jKy7jjj2UO3n2pjPbrDQVtKX/uSy7mB69JHf1Zdw0s0=
Subject key identifier:   47:ED:BC:F2:F0:AF:D5:A1:A1:A3:B5:97:0E:06:D6:D2:EC:05:4B:39
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       6AB78AEAFB56D6001EC17FC60C9639E758EF4E66
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2dfb202f-6202-48da-a3b3-94f1ac000bc9.roa
Signing time:             Mon 31 Mar 2025 21:01:23 +0000
ROA not before:           Mon 31 Mar 2025 21:01:23 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d050:9000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:b7:8a:ea:fb:56:d6:00:1e:c1:7f:c6:0c:96:39:e7:58:ef:4e:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 21:01:23 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:67:f6:9b:05:f5:51:9b:bd:80:04:f4:81:92:
                    7f:22:7a:81:e3:49:f1:4a:63:e6:09:b0:87:18:38:
                    14:ba:23:4a:5d:01:e6:ad:5c:73:56:be:68:e9:26:
                    02:e8:79:a2:53:2e:ad:15:71:52:ad:86:00:c6:2d:
                    66:31:24:c2:4e:99:f6:41:45:5b:eb:c8:b4:6a:49:
                    26:1a:b5:81:ce:27:d1:b5:88:b9:34:94:db:d6:1f:
                    c2:bd:7e:ad:19:af:f6:d0:81:6c:ed:0e:c8:1c:b3:
                    36:75:a7:d0:46:1d:57:7e:96:10:b8:46:f3:a1:58:
                    41:bb:ba:7f:1c:b9:e5:8c:a5:37:2e:13:81:e1:e6:
                    64:b1:90:20:5b:8f:05:0c:ea:21:3d:0b:fc:a7:c8:
                    e4:4d:83:1f:4a:31:83:9f:43:3e:05:87:7d:62:8e:
                    34:2f:9b:11:a3:32:99:b8:72:aa:2d:75:38:cf:6f:
                    c1:c5:c8:d4:7f:8a:c5:20:d3:d1:2d:80:5b:5a:ba:
                    fc:f0:f9:eb:33:61:d1:95:65:63:f5:de:13:47:8d:
                    f5:81:c6:1e:6f:1b:63:c4:92:9f:ee:62:39:21:f3:
                    36:9d:5e:7c:19:25:e7:08:31:ff:23:15:69:db:69:
                    ca:83:f9:46:00:ab:72:7a:7a:e6:79:82:65:2f:23:
                    a2:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:ED:BC:F2:F0:AF:D5:A1:A1:A3:B5:97:0E:06:D6:D2:EC:05:4B:39
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2dfb202f-6202-48da-a3b3-94f1ac000bc9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d050:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9a:e5:db:c6:fd:4e:e0:71:a4:8e:13:df:60:72:b0:2e:b8:88:
         7c:c2:9d:8e:e1:87:a6:2e:4d:8c:98:fd:29:40:77:c5:60:8d:
         9e:a4:60:3c:58:ee:bb:82:be:f9:86:77:2c:da:c1:39:c4:b6:
         85:44:39:f8:6f:42:53:7a:4f:63:91:a0:5e:01:a9:a9:fd:e0:
         94:70:dc:d1:fd:9a:6c:70:bf:ff:bb:03:41:d6:56:22:fa:72:
         02:bd:23:c0:53:4c:f1:2a:35:ca:68:1a:1d:6e:c1:a8:9b:ca:
         ba:d0:65:58:9e:b1:7a:2d:fe:ca:85:57:69:39:65:76:0d:78:
         49:78:f7:70:ca:8b:6c:df:38:e7:91:50:c2:9c:7e:05:82:dc:
         c3:5d:de:9d:96:b2:ed:e2:e6:35:ec:8b:32:d2:2f:0a:b0:6e:
         e0:23:f3:81:4e:ee:1d:b6:8b:d1:4b:57:c5:fe:4f:7a:63:03:
         92:bb:08:21:b2:59:a9:f0:60:0f:fc:e1:cf:e3:6d:20:eb:89:
         62:9d:5d:50:76:f4:f9:24:d3:b5:77:c0:5b:fa:83:5a:e0:71:
         f8:38:d5:c8:c3:31:44:f2:c0:12:07:01:5e:91:d8:d8:ae:d7:
         19:f4:65:cd:aa:f3:7f:74:b5:a1:1b:28:72:01:46:b8:5c:c0:
         f2:e0:e5:8d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUareK6vtW1gAewX/GDJY551jvTmYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMTAxMjNaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGY0ZWQ0ZWU2YWYyMjdkOTk4MzFkN2ViMDgxZGEzYjFhYjJhZDYzZjdmYjg5
OGFjMWRlNmM2ZDQ1YzFjMzgyM2ExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKZn9psF9VGbvYAE9IGSfyJ6geNJ8Upj5gmwhxg4FLojSl0B5q1cc1a+aOkm
Auh5olMurRVxUq2GAMYtZjEkwk6Z9kFFW+vItGpJJhq1gc4n0bWIuTSU29Yfwr1+
rRmv9tCBbO0OyByzNnWn0EYdV36WELhG86FYQbu6fxy55YylNy4TgeHmZLGQIFuP
BQzqIT0L/KfI5E2DH0oxg59DPgWHfWKONC+bEaMymbhyqi11OM9vwcXI1H+KxSDT
0S2AW1q6/PD56zNh0ZVlY/XeE0eN9YHGHm8bY8SSn+5iOSHzNp1efBkl5wgx/yMV
adtpyoP5RgCrcnp65nmCZS8jotsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRH7bzy
8K/VoaGjtZcOBtbS7AVLOTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MmRmYjIwMmYtNjIwMi00OGRhLWEzYjMtOTRmMWFjMDAwYmM5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FCQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCa5dvG/U7gcaSOE99gcrAuuIh8wp2O4YemLk2M
mP0pQHfFYI2epGA8WO67gr75hncs2sE5xLaFRDn4b0JTek9jkaBeAamp/eCUcNzR
/ZpscL//uwNB1lYi+nICvSPAU0zxKjXKaBodbsGom8q60GVYnrF6Lf7KhVdpOWV2
DXhJePdwyots3zjnkVDCnH4FgtzDXd6dlrLt4uY17Isy0i8KsG7gI/OBTu4dtovR
S1fF/k96YwOSuwghslmp8GAP/OHP420g64linV1QdvT5JNO1d8Bb+oNa4HH4ONXI
wzFE8sASBwFekdjYrtcZ9GXNqvN/dLWhGyhyAUa4XMDy4OWN
-----END CERTIFICATE-----