Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3ca8b07f-9b0c-4146-bf64-26b25078ba32.roa
File:                     3ca8b07f-9b0c-4146-bf64-26b25078ba32.roa (raw, json)
Hash identifier:          cHrqqZ+/bvJH5GGv7P6f2QfJuiuJpsES4yM1DNySLGM=
Subject key identifier:   ED:95:41:C8:25:A3:27:51:C4:E6:57:86:CD:19:D7:6F:8D:5A:0D:0C
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       77EC350066A735F4C5F1723ED79900A754F64BBD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3ca8b07f-9b0c-4146-bf64-26b25078ba32.roa
Signing time:             Mon 31 Mar 2025 20:30:30 +0000
ROA not before:           Mon 31 Mar 2025 20:30:30 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07b:1080::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:ec:35:00:66:a7:35:f4:c5:f1:72:3e:d7:99:00:a7:54:f6:4b:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:30:30 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:2d:36:1b:c6:36:b4:78:fd:15:27:32:46:68:
                    e0:9e:c4:11:99:92:e1:68:67:bf:9c:f3:f3:2e:d1:
                    ad:7d:fe:b1:1b:d9:22:cb:52:b4:bf:8c:ea:4f:77:
                    d3:45:68:ca:4a:30:05:4f:a3:2c:45:f1:c8:40:80:
                    cc:da:2e:91:ea:68:53:c2:20:68:db:56:1c:c0:4f:
                    cf:6b:18:2b:65:81:e6:a4:b8:4a:52:99:f4:20:86:
                    6a:9d:96:de:e3:b7:59:92:6b:7b:77:a8:62:04:37:
                    81:0d:54:98:3b:34:0c:b1:c1:27:05:22:52:b8:5a:
                    d4:7c:a9:a4:85:41:90:9b:79:aa:24:17:24:28:02:
                    48:b1:00:42:df:aa:0d:87:54:cf:e8:3c:f1:0c:88:
                    d5:37:b7:a2:71:ad:27:89:ad:64:df:6a:a3:ff:99:
                    f1:6b:02:4d:b1:ff:ea:9e:47:f0:4a:9c:64:ea:e1:
                    21:25:e4:7c:be:a6:e7:c7:89:9f:d6:46:55:06:27:
                    00:3c:a0:99:c3:f4:59:17:ac:d5:8e:12:f3:e3:75:
                    98:67:01:ce:00:7b:86:c8:6b:cd:04:66:e4:6c:02:
                    8c:3c:34:75:38:86:dc:9d:e5:41:6d:26:71:a3:db:
                    3d:d9:c7:2c:72:f8:21:f6:b8:9b:98:5a:32:03:99:
                    2b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:95:41:C8:25:A3:27:51:C4:E6:57:86:CD:19:D7:6F:8D:5A:0D:0C
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3ca8b07f-9b0c-4146-bf64-26b25078ba32.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07b:1080::/46

    Signature Algorithm: sha256WithRSAEncryption
         be:a6:b3:9b:04:da:9d:fc:d2:e6:df:7a:9d:4e:d7:8a:36:22:
         75:1f:17:74:50:50:7b:36:b5:05:da:d6:aa:6d:ba:7f:a4:b6:
         72:2c:b3:0f:22:59:af:51:e9:cf:3a:f2:51:69:dc:a4:5c:fb:
         a2:2c:6d:52:30:71:6d:3b:66:a1:36:12:44:fe:08:83:5b:f6:
         f9:e1:c6:4b:94:50:f4:d9:12:fb:8a:71:ef:d4:9f:4a:5f:75:
         7b:ba:90:0f:ea:d2:cd:10:77:60:a1:79:d7:54:d5:8c:bf:6f:
         0f:27:98:6a:56:c9:45:03:5e:19:20:77:8b:19:c5:d2:8c:b0:
         81:99:e3:eb:b5:79:10:62:a0:e7:c7:be:b5:bb:b0:9e:b4:5a:
         35:5e:03:13:ee:e8:d2:4e:3a:60:31:80:36:18:73:ef:4a:27:
         9c:00:01:ec:86:bd:72:39:a6:e4:e2:82:cd:71:c1:53:b0:6d:
         aa:7e:8b:9e:d7:e3:25:52:71:a4:4d:7a:a8:7b:c6:18:36:ce:
         36:9a:52:b3:6c:7f:79:12:4e:0b:1e:a7:cb:26:fa:d8:a0:34:
         de:01:f1:96:df:81:33:7b:4a:1a:fe:44:f6:45:08:7c:3d:1f:
         27:41:ce:be:3a:e9:ef:0c:79:95:2b:71:1b:3e:01:85:97:55:
         7c:15:6d:ef
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUd+w1AGanNfTF8XI+15kAp1T2S70wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDMwMzBaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQGM2YzlmZjUwZWE4NGNhY2U3YWRjZWFmODNlYzY5NWZlYTU4NGJhNmNhNTZj
NTI5OGY2N2NkN2E4MTFlNTM0ZWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKItNhvGNrR4/RUnMkZo4J7EEZmS4Whnv5zz8y7RrX3+sRvZIstStL+M6k93
00VoykowBU+jLEXxyECAzNoukepoU8IgaNtWHMBPz2sYK2WB5qS4SlKZ9CCGap2W
3uO3WZJre3eoYgQ3gQ1UmDs0DLHBJwUiUrha1HyppIVBkJt5qiQXJCgCSLEAQt+q
DYdUz+g88QyI1Te3onGtJ4mtZN9qo/+Z8WsCTbH/6p5H8EqcZOrhISXkfL6m58eJ
n9ZGVQYnADygmcP0WRes1Y4S8+N1mGcBzgB7hshrzQRm5GwCjDw0dTiG3J3lQW0m
caPbPdnHLHL4Ifa4m5haMgOZK8kCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTtlUHI
JaMnUcTmV4bNGddvjVoNDDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2NhOGIwN2YtOWIwYy00MTQ2LWJmNjQtMjZiMjUwNzhiYTMyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HsQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAvqazmwTanfzS5t96nU7XijYidR8XdFBQeza1
BdrWqm26f6S2ciyzDyJZr1HpzzryUWncpFz7oixtUjBxbTtmoTYSRP4Ig1v2+eHG
S5RQ9NkS+4px79SfSl91e7qQD+rSzRB3YKF511TVjL9vDyeYalbJRQNeGSB3ixnF
0oywgZnj67V5EGKg58e+tbuwnrRaNV4DE+7o0k46YDGANhhz70onnAAB7Ia9cjmm
5OKCzXHBU7Btqn6LntfjJVJxpE16qHvGGDbONppSs2x/eRJOCx6nyyb62KA03gHx
lt+BM3tKGv5E9kUIfD0fJ0HOvjrp7wx5lStxGz4BhZdVfBVt7w==
-----END CERTIFICATE-----