Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4097b6b4-475f-4f96-9d5e-88c08f2c5804.roa
File:                     4097b6b4-475f-4f96-9d5e-88c08f2c5804.roa (raw, json)
Hash identifier:          o7HmbGoTbrTUwLAqesPpbpFc8FiOFSkvYX3TF/RZSpw=
Subject key identifier:   D2:63:09:57:C5:BE:8B:E6:F3:D1:3F:E8:8B:31:82:3D:E1:CF:85:30
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       23733A1C55B65FF09B1A6FAAA7CB975814553910
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4097b6b4-475f-4f96-9d5e-88c08f2c5804.roa
Signing time:             Mon 31 Mar 2025 20:10:24 +0000
ROA not before:           Mon 31 Mar 2025 20:10:24 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d035:4080::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:73:3a:1c:55:b6:5f:f0:9b:1a:6f:aa:a7:cb:97:58:14:55:39:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:10:24 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:0a:97:79:e2:13:2e:23:c4:b4:cc:bc:bf:2f:
                    cc:fe:98:0d:ee:f0:e4:16:81:fb:76:95:e1:9f:22:
                    94:ab:ff:cf:a1:8d:de:ca:55:58:42:a7:ff:0a:b1:
                    1c:d3:14:92:57:15:58:4c:1c:9c:38:9d:31:e0:a3:
                    48:16:66:02:53:df:58:71:76:0b:7b:a8:cc:55:2e:
                    b9:16:f6:3f:52:56:95:82:c5:0d:09:6e:5a:66:44:
                    f2:ad:2a:2a:4d:7d:d5:3f:67:7c:1b:99:56:05:40:
                    42:a4:04:1f:52:76:06:b5:da:60:b8:9d:e1:7b:6b:
                    93:31:15:0b:a2:99:15:d7:d7:a6:be:0d:5c:40:42:
                    fa:36:19:5d:a1:0a:b3:47:19:b6:6e:41:2c:5c:09:
                    36:ce:5c:5e:f9:96:39:97:56:ea:57:6d:51:98:9c:
                    2e:ef:96:41:b5:1f:75:2e:9d:35:93:f6:ce:c8:d0:
                    75:18:d2:99:9e:5a:9a:92:c1:da:a8:c2:1d:c3:ce:
                    c9:68:6c:43:2f:83:1f:00:57:24:22:86:e8:08:f3:
                    c2:c7:b5:3e:a3:3e:29:4b:20:f2:16:a0:f1:e4:08:
                    1f:01:60:fe:a4:9c:71:5d:29:a4:0f:b3:b2:53:87:
                    f6:d3:79:e1:4d:15:f2:38:fa:aa:fc:15:6a:6e:92:
                    ea:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:63:09:57:C5:BE:8B:E6:F3:D1:3F:E8:8B:31:82:3D:E1:CF:85:30
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4097b6b4-475f-4f96-9d5e-88c08f2c5804.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d035:4080::/46

    Signature Algorithm: sha256WithRSAEncryption
         bc:42:38:8d:d9:f1:e9:97:05:da:42:05:d6:a7:54:7c:8e:0c:
         24:f4:b9:49:60:d6:78:3c:6c:44:b6:93:b8:83:95:b5:4d:ff:
         7c:a5:f3:7a:84:ba:9b:c2:10:c7:0b:59:f8:fb:35:f2:cf:41:
         9d:06:c5:9d:2c:89:84:dd:bb:80:cc:8c:83:c1:d5:89:bb:4f:
         6c:bb:ca:63:82:bd:dd:ef:db:2c:59:f7:48:be:34:5e:94:82:
         6a:4b:87:32:6f:1c:f3:3b:43:c5:17:3e:94:df:35:f0:18:6d:
         ae:11:68:1b:d5:b4:93:fd:9d:c0:b6:87:dc:fd:7c:70:d3:a6:
         40:0d:5d:9a:df:72:fc:ab:64:c7:1f:98:14:0b:ce:d8:87:14:
         cb:35:54:6c:85:2f:7d:55:6d:9c:c6:19:67:41:ae:5a:ab:3a:
         e0:c1:ed:a1:cb:6b:43:e1:36:b8:f0:29:29:50:b6:fb:02:7e:
         19:e0:d3:d8:a4:08:d3:fc:b7:f5:c0:77:eb:5a:b6:0f:4e:9b:
         ec:57:fb:ed:4f:4a:3f:44:d7:4f:de:19:7a:19:6c:28:22:61:
         ef:65:80:30:7e:d0:59:35:ba:38:90:a5:5b:54:86:e2:94:ff:
         94:68:82:54:c8:00:13:92:27:a7:db:8e:20:71:49:42:f2:71:
         cd:22:96:5e
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUI3M6HFW2X/CbGm+qp8uXWBRVORAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDEwMjRaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDFmMmEzMjFlOGI3ZDg2MTY1Mjg3YzVmNGFmZjMwZGJlZjE3YjAxM2Y3YWU0
MWYzYmMwYWM3NGUzMjNhNjZlMTAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK4Kl3niEy4jxLTMvL8vzP6YDe7w5BaB+3aV4Z8ilKv/z6GN3spVWEKn/wqx
HNMUklcVWEwcnDidMeCjSBZmAlPfWHF2C3uozFUuuRb2P1JWlYLFDQluWmZE8q0q
Kk191T9nfBuZVgVAQqQEH1J2BrXaYLid4XtrkzEVC6KZFdfXpr4NXEBC+jYZXaEK
s0cZtm5BLFwJNs5cXvmWOZdW6ldtUZicLu+WQbUfdS6dNZP2zsjQdRjSmZ5ampLB
2qjCHcPOyWhsQy+DHwBXJCKG6Ajzwse1PqM+KUsg8hag8eQIHwFg/qSccV0ppA+z
slOH9tN54U0V8jj6qvwVam6S6tMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTSYwlX
xb6L5vPRP+iLMYI94c+FMDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDA5N2I2YjQtNDc1Zi00Zjk2LTlkNWUtODhjMDhmMmM1ODA0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DVA
gDANBgkqhkiG9w0BAQsFAAOCAQEAvEI4jdnx6ZcF2kIF1qdUfI4MJPS5SWDWeDxs
RLaTuIOVtU3/fKXzeoS6m8IQxwtZ+Ps18s9BnQbFnSyJhN27gMyMg8HVibtPbLvK
Y4K93e/bLFn3SL40XpSCakuHMm8c8ztDxRc+lN818BhtrhFoG9W0k/2dwLaH3P18
cNOmQA1dmt9y/Ktkxx+YFAvO2IcUyzVUbIUvfVVtnMYZZ0GuWqs64MHtoctrQ+E2
uPApKVC2+wJ+GeDT2KQI0/y39cB361q2D06b7Ff77U9KP0TXT94ZehlsKCJh72WA
MH7QWTW6OJClW1SG4pT/lGiCVMgAE5Inp9uOIHFJQvJxzSKWXg==
-----END CERTIFICATE-----