Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/408e49db-4fbf-4903-9de9-a7d373730676.roa
File:                     408e49db-4fbf-4903-9de9-a7d373730676.roa (raw, json)
Hash identifier:          UFJPxEugM4D5yMqO+2kcK7VQcByxKXTcU04U5fRQEjI=
Subject key identifier:   2E:A3:AA:25:5B:40:2B:B3:10:24:24:79:9D:B5:BC:96:91:E1:50:0B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       55DCCACBF09851DB55B591E9C5FE799D1457C155
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/408e49db-4fbf-4903-9de9-a7d373730676.roa
Signing time:             Mon 31 Mar 2025 20:21:02 +0000
ROA not before:           Mon 31 Mar 2025 20:21:02 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d077:90c0::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:dc:ca:cb:f0:98:51:db:55:b5:91:e9:c5:fe:79:9d:14:57:c1:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:21:02 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:13:4c:14:b8:ed:9a:0e:09:d1:01:88:e2:af:
                    49:f2:ad:ef:57:38:5e:ff:c6:9e:07:89:42:a1:54:
                    0c:ad:6d:3e:f0:4f:03:13:b8:6a:a9:8f:2c:6a:74:
                    63:06:b3:e2:c0:50:89:a6:50:e2:96:35:e9:5e:6c:
                    0b:8e:3f:46:82:58:e3:89:74:fb:00:98:12:14:6b:
                    b2:15:70:31:58:c2:b7:9c:7f:aa:3b:4b:5c:84:ff:
                    c6:5a:e6:e3:cd:92:da:da:c0:d4:c1:2a:b6:47:59:
                    65:9d:5c:c9:6b:26:ba:5f:e9:ad:63:7d:d2:06:93:
                    34:52:be:69:bc:73:a4:a6:e8:bc:ae:17:39:da:b9:
                    2a:bb:d5:5b:80:7b:56:00:35:ef:f5:ce:5e:37:ca:
                    e3:b6:ee:3a:81:a6:6a:75:38:0a:58:2b:de:6e:96:
                    ab:8d:02:c1:84:9a:bc:d9:de:e3:b4:ca:8e:fc:86:
                    fe:2c:64:40:9b:a0:3f:35:8c:1e:80:db:6d:b2:ed:
                    ed:31:a0:a8:eb:f0:68:20:f1:84:c4:92:41:be:17:
                    1c:00:be:58:4d:bd:e4:77:a5:b3:48:e5:c3:17:7c:
                    66:5c:c6:09:d6:e4:c5:be:80:ef:97:e0:40:14:b7:
                    a7:0e:a3:48:42:b0:82:a7:3c:a9:24:13:12:e1:27:
                    a6:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:A3:AA:25:5B:40:2B:B3:10:24:24:79:9D:B5:BC:96:91:E1:50:0B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/408e49db-4fbf-4903-9de9-a7d373730676.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d077:90c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         b3:c5:ce:f1:90:bb:1e:bf:5f:6e:83:b8:03:03:ef:d8:8e:ae:
         5d:8a:11:0d:ae:b9:75:0f:4e:b3:c0:ce:d8:32:80:66:b8:d2:
         5e:6f:9e:71:28:51:fa:03:11:25:be:a0:ba:52:e0:d0:a4:00:
         48:6b:11:32:64:8a:92:7c:7a:ce:af:b6:a8:ba:9d:70:44:c8:
         02:2c:f8:37:f9:8d:0c:73:17:1a:ea:0c:66:94:b9:58:3a:46:
         c0:0c:34:ec:70:7e:7e:31:35:59:09:93:66:b9:14:d2:67:f9:
         2a:7d:42:75:1a:c8:64:69:1d:34:c6:6f:8b:db:cf:78:87:a2:
         4b:0a:a4:33:44:d3:c4:c6:f4:6c:9f:bf:39:70:db:0e:6d:1e:
         99:f7:f2:35:dd:e9:5b:52:0d:78:2d:67:64:9f:67:95:51:fe:
         e8:f6:dd:87:b2:9f:3c:15:2e:12:76:ec:9e:f5:b2:d9:13:a3:
         5f:e1:1a:94:41:b9:13:f7:03:dc:98:15:1c:83:af:f8:96:52:
         78:18:0d:37:e1:4a:f1:b7:e9:37:21:2a:c7:1b:b2:5f:dc:e0:
         ec:21:be:c5:91:59:a0:25:b9:15:c7:78:48:68:84:b6:d9:a0:
         4d:ad:4d:0d:6e:3d:d9:fb:94:6f:95:47:c8:7d:8f:cb:08:bd:
         7e:2c:d0:2a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUVdzKy/CYUdtVtZHpxf55nRRXwVUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDIxMDJaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDg3MmEwMjdlYWNjZmNjYWEwY2E4YTVhZmYzOWQzNjU0Mjk1OTFhNDFkNzcz
MGRmMTAxYWNkZGI2ZmJmODc2YWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN8TTBS47ZoOCdEBiOKvSfKt71c4Xv/GngeJQqFUDK1tPvBPAxO4aqmPLGp0
Ywaz4sBQiaZQ4pY16V5sC44/RoJY44l0+wCYEhRrshVwMVjCt5x/qjtLXIT/xlrm
482S2trA1MEqtkdZZZ1cyWsmul/prWN90gaTNFK+abxzpKbovK4XOdq5KrvVW4B7
VgA17/XOXjfK47buOoGmanU4Clgr3m6Wq40CwYSavNne47TKjvyG/ixkQJugPzWM
HoDbbbLt7TGgqOvwaCDxhMSSQb4XHAC+WE295Hels0jlwxd8ZlzGCdbkxb6A75fg
QBS3pw6jSEKwgqc8qSQTEuEnpvUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQuo6ol
W0ArsxAkJHmdtbyWkeFQCzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDA4ZTQ5ZGItNGZiZi00OTAzLTlkZTktYTdkMzczNzMwNjc2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HeQ
wDANBgkqhkiG9w0BAQsFAAOCAQEAs8XO8ZC7Hr9fboO4AwPv2I6uXYoRDa65dQ9O
s8DO2DKAZrjSXm+ecShR+gMRJb6gulLg0KQASGsRMmSKknx6zq+2qLqdcETIAiz4
N/mNDHMXGuoMZpS5WDpGwAw07HB+fjE1WQmTZrkU0mf5Kn1CdRrIZGkdNMZvi9vP
eIeiSwqkM0TTxMb0bJ+/OXDbDm0emffyNd3pW1INeC1nZJ9nlVH+6Pbdh7KfPBUu
EnbsnvWy2ROjX+EalEG5E/cD3JgVHIOv+JZSeBgNN+FK8bfpNyEqxxuyX9zg7CG+
xZFZoCW5Fcd4SGiEttmgTa1NDW492fuUb5VHyH2Pywi9fizQKg==
-----END CERTIFICATE-----