Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/301d1d15-dd00-41e7-9f44-49159e46a51a.roa
File:                     301d1d15-dd00-41e7-9f44-49159e46a51a.roa (raw, json)
Hash identifier:          iVfyZHGdOuya9Q/mbdsfnAaEOYraK4CQOWRMDdVcTfM=
Subject key identifier:   ED:20:D4:B9:86:80:ED:3B:43:E4:81:6E:43:17:87:42:1C:E4:6A:52
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       51D0706962E30E4628164A97499C014A95B7EF9C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/301d1d15-dd00-41e7-9f44-49159e46a51a.roa
Signing time:             Mon 31 Mar 2025 19:31:32 +0000
ROA not before:           Mon 31 Mar 2025 19:31:32 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d000:8040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:d0:70:69:62:e3:0e:46:28:16:4a:97:49:9c:01:4a:95:b7:ef:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:31:32 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:30:b6:03:5d:57:68:03:02:4f:c5:92:40:15:
                    0b:71:bb:10:9d:a5:28:2d:07:2f:0d:db:c2:23:91:
                    46:4d:c2:e6:65:ca:3a:1d:c0:ef:52:3e:7f:17:5a:
                    32:3a:1c:63:8d:95:80:f6:e6:32:32:0b:fb:57:54:
                    87:83:72:ce:37:c9:12:0a:75:d0:8b:07:f0:f4:0b:
                    22:b4:c2:fa:0b:e0:95:3c:c8:fb:b4:02:0d:d2:c9:
                    c2:a9:e0:70:ae:39:51:9f:d7:44:47:a3:fa:27:e4:
                    df:fc:3e:50:c7:8b:b1:f9:5b:fd:b8:2e:99:8a:09:
                    a2:11:47:b5:5e:02:4c:1c:d0:b7:af:f3:3c:4a:7d:
                    3f:0a:17:05:8b:ab:7d:4b:4f:55:a2:d7:a8:72:3a:
                    b0:b8:b1:f0:4c:2d:5f:5c:46:fb:8d:c7:ca:80:49:
                    84:49:be:d9:29:d5:bb:81:92:a0:7e:20:ef:98:65:
                    12:d3:0d:e3:3e:e8:4b:1a:66:c4:e5:4b:bb:52:20:
                    5d:c0:a7:fb:27:9d:3f:e1:ec:13:09:f8:9f:4a:31:
                    8e:e4:dd:12:9f:7c:0b:83:27:95:82:22:e9:fe:5e:
                    31:2d:95:51:a5:01:f9:ab:dd:b9:71:04:ce:d8:c1:
                    20:b6:24:d1:7f:11:b9:a3:9c:6f:da:86:3b:1a:b8:
                    ca:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:20:D4:B9:86:80:ED:3B:43:E4:81:6E:43:17:87:42:1C:E4:6A:52
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/301d1d15-dd00-41e7-9f44-49159e46a51a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d000:8040::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:2c:89:c6:11:7a:43:c5:f2:c6:ab:3a:ff:32:ab:31:04:9b:
         95:f6:07:20:f2:ad:a0:74:85:68:58:04:10:cd:9f:1b:b6:21:
         6a:bd:ae:88:16:34:89:51:3e:37:27:ec:9a:9a:12:f7:d0:f2:
         74:35:cd:a7:3c:a4:30:02:c6:07:9e:b8:60:86:5a:67:f4:79:
         03:71:bf:bf:68:27:ec:88:73:b5:27:0b:9f:ce:90:64:6b:81:
         3f:5c:98:95:c3:ab:38:07:f2:80:de:2b:2b:1e:64:d6:c8:07:
         11:9f:39:dd:cf:59:67:fc:e7:61:f3:b9:6b:a7:20:e8:67:64:
         d9:b5:70:5d:bc:20:81:45:c7:10:48:f3:4d:cd:8d:78:43:72:
         42:f3:75:a2:35:e8:4e:2d:4a:1e:01:00:a9:23:6d:65:ce:5c:
         5a:32:91:dc:83:49:c2:af:ef:d4:58:76:13:75:ff:3e:65:dc:
         92:f3:dc:15:0c:8f:f9:3a:aa:a7:62:fc:8f:27:94:d5:6c:6c:
         00:c2:fe:43:dc:4b:ce:a8:e4:06:96:f6:33:d1:49:64:4d:15:
         ca:79:a7:04:34:c1:d5:bf:e1:7a:a4:ef:82:1e:5c:2b:71:37:
         5b:69:36:08:66:d2:bb:fd:2d:04:d0:3b:f3:cd:10:86:bd:98:
         0c:05:bf:0d
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUUdBwaWLjDkYoFkqXSZwBSpW375wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTMxMzJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJhMjYxZTQ2N2Y3MzI1NGJhZDdhNTI4OWIwMGI2OGRiZmNlOWM2MjcwOTBm
NzFlMzUzMzc4MzZkMmFiNzcxY2YxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOowtgNdV2gDAk/FkkAVC3G7EJ2lKC0HLw3bwiORRk3C5mXKOh3A71I+fxda
MjocY42VgPbmMjIL+1dUh4NyzjfJEgp10IsH8PQLIrTC+gvglTzI+7QCDdLJwqng
cK45UZ/XREej+ifk3/w+UMeLsflb/bgumYoJohFHtV4CTBzQt6/zPEp9PwoXBYur
fUtPVaLXqHI6sLix8EwtX1xG+43HyoBJhEm+2SnVu4GSoH4g75hlEtMN4z7oSxpm
xOVLu1IgXcCn+yedP+HsEwn4n0oxjuTdEp98C4MnlYIi6f5eMS2VUaUB+avduXEE
ztjBILYk0X8RuaOcb9qGOxq4yl0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTtINS5
hoDtO0PkgW5DF4dCHORqUjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzAxZDFkMTUtZGQwMC00MWU3LTlmNDQtNDkxNTllNDZhNTFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACA
QDANBgkqhkiG9w0BAQsFAAOCAQEAXCyJxhF6Q8Xyxqs6/zKrMQSblfYHIPKtoHSF
aFgEEM2fG7Yhar2uiBY0iVE+NyfsmpoS99DydDXNpzykMALGB564YIZaZ/R5A3G/
v2gn7IhztScLn86QZGuBP1yYlcOrOAfygN4rKx5k1sgHEZ853c9ZZ/znYfO5a6cg
6Gdk2bVwXbwggUXHEEjzTc2NeENyQvN1ojXoTi1KHgEAqSNtZc5cWjKR3INJwq/v
1Fh2E3X/PmXckvPcFQyP+Tqqp2L8jyeU1WxsAML+Q9xLzqjkBpb2M9FJZE0Vynmn
BDTB1b/heqTvgh5cK3E3W2k2CGbSu/0tBNA7880Qhr2YDAW/DQ==
-----END CERTIFICATE-----