Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/424c40d4-9e1c-4cf2-a7bd-10475b0c2837.roa
File:                     424c40d4-9e1c-4cf2-a7bd-10475b0c2837.roa (raw, json)
Hash identifier:          TvXINkfbTOk2c8VOYJH358Kco9/SYVStELqDFSqPn5E=
Subject key identifier:   9F:12:75:AC:87:74:FC:14:DE:F5:78:E6:D6:AC:AC:7F:6F:3A:87:86
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       4BAF4E8986F6CD5FE4F3E94F2791DF2D161D89C0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/424c40d4-9e1c-4cf2-a7bd-10475b0c2837.roa
Signing time:             Mon 31 Mar 2025 20:21:49 +0000
ROA not before:           Mon 31 Mar 2025 20:21:49 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07b:9040::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:af:4e:89:86:f6:cd:5f:e4:f3:e9:4f:27:91:df:2d:16:1d:89:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 20:21:49 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c0:62:34:64:98:a8:50:93:ea:e9:55:25:94:
                    ed:3c:13:6d:50:47:1e:06:fe:56:fe:5d:98:24:68:
                    51:4b:4a:e4:bd:38:23:eb:c1:5e:a1:e5:59:c8:fe:
                    88:eb:16:1f:99:a6:1a:f2:d7:b3:0e:92:48:51:c4:
                    09:77:ff:3f:cf:40:c5:e8:e6:5a:47:c9:9b:ab:a7:
                    0f:8a:4a:74:d4:c0:34:b3:a6:94:12:c9:1a:7c:b1:
                    27:a9:a6:33:da:65:52:19:84:2f:ff:bb:0e:b0:12:
                    70:5e:89:c1:1b:64:75:47:c8:ea:94:2a:f9:32:77:
                    df:9b:ba:a5:e8:4d:cf:f0:3e:80:8b:1c:b8:7e:45:
                    da:74:d7:2a:85:7f:25:7a:de:c4:d7:9b:4b:66:dc:
                    84:8b:f1:6b:1c:b5:21:6d:2c:65:32:8c:6b:85:21:
                    34:f1:23:70:c5:a0:7d:bb:09:70:52:64:76:06:09:
                    d1:e2:98:4e:28:be:cb:85:d0:42:54:13:a4:17:20:
                    e3:e7:d5:96:20:60:d6:f8:6c:23:03:d7:83:38:25:
                    84:6f:f3:77:09:38:0d:81:fb:f8:7e:b2:58:54:46:
                    1a:60:57:eb:da:08:8e:f1:8a:b8:29:47:c3:1b:12:
                    f4:9c:e2:18:57:8c:a3:65:04:e9:c0:6b:e5:45:a9:
                    9d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:12:75:AC:87:74:FC:14:DE:F5:78:E6:D6:AC:AC:7F:6F:3A:87:86
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/424c40d4-9e1c-4cf2-a7bd-10475b0c2837.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07b:9040::/46

    Signature Algorithm: sha256WithRSAEncryption
         45:65:2f:4b:fe:b0:80:f1:e6:c4:d0:47:3a:38:b6:30:b7:fd:
         94:16:bc:de:f6:9f:d4:8c:85:c9:70:4d:a1:17:f7:e2:73:45:
         d2:d8:0d:0b:e6:46:85:e8:55:df:b7:8f:73:21:7a:26:fb:ac:
         7f:07:26:d8:12:73:62:c7:cc:e8:88:4c:0c:64:d6:6d:3c:a9:
         86:a8:f8:2e:d1:9c:49:e3:d1:3e:ab:57:ff:54:96:a8:53:fc:
         5e:e6:d0:3e:5c:24:53:7a:34:8a:94:95:ca:d2:0f:5b:e5:81:
         a9:85:f1:93:f2:a4:4f:83:7c:ef:1f:d7:af:43:4c:0d:1f:b9:
         27:6f:cb:02:e8:aa:17:8b:36:67:30:fe:cd:e0:39:85:95:69:
         99:4a:ae:63:bf:39:08:42:97:8d:f1:07:e4:cd:3b:31:33:44:
         ee:9a:ed:ea:30:31:15:2b:9a:06:2f:61:d1:2d:5a:58:5d:bb:
         7d:6c:15:cc:9d:9b:93:a8:2e:d7:25:6a:b9:03:ee:dc:8c:86:
         ef:88:e7:7f:b0:ce:4a:91:0c:13:3b:4d:a8:b7:91:65:12:4e:
         d9:f6:b9:e6:3c:16:d2:44:f6:be:33:c7:6e:a7:8e:f3:6d:28:
         76:b3:61:be:7d:83:ae:b2:53:c9:b6:9f:cc:bd:dc:6e:01:58:
         55:90:3c:f1
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUS69OiYb2zV/k8+lPJ5HfLRYdicAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzEyMDIxNDlaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDhkNGU1ZWViY2NhZWZmYmEwY2I4YThjM2JkNmY2MTZkZGU2YWRmMDQ4MTBi
OTgyNTY4OGNkMWRhZDUyM2QzMDYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALbAYjRkmKhQk+rpVSWU7TwTbVBHHgb+Vv5dmCRoUUtK5L04I+vBXqHlWcj+
iOsWH5mmGvLXsw6SSFHECXf/P89AxejmWkfJm6unD4pKdNTANLOmlBLJGnyxJ6mm
M9plUhmEL/+7DrAScF6JwRtkdUfI6pQq+TJ335u6pehNz/A+gIscuH5F2nTXKoV/
JXrexNebS2bchIvxaxy1IW0sZTKMa4UhNPEjcMWgfbsJcFJkdgYJ0eKYTii+y4XQ
QlQTpBcg4+fVliBg1vhsIwPXgzglhG/zdwk4DYH7+H6yWFRGGmBX69oIjvGKuClH
wxsS9JziGFeMo2UE6cBr5UWpnXsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSfEnWs
h3T8FN71eObWrKx/bzqHhjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDI0YzQwZDQtOWUxYy00Y2YyLWE3YmQtMTA0NzViMGMyODM3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HuQ
QDANBgkqhkiG9w0BAQsFAAOCAQEARWUvS/6wgPHmxNBHOji2MLf9lBa83vaf1IyF
yXBNoRf34nNF0tgNC+ZGhehV37ePcyF6Jvusfwcm2BJzYsfM6IhMDGTWbTyphqj4
LtGcSePRPqtX/1SWqFP8XubQPlwkU3o0ipSVytIPW+WBqYXxk/KkT4N87x/Xr0NM
DR+5J2/LAuiqF4s2ZzD+zeA5hZVpmUquY785CEKXjfEH5M07MTNE7prt6jAxFSua
Bi9h0S1aWF27fWwVzJ2bk6gu1yVquQPu3IyG74jnf7DOSpEMEztNqLeRZRJO2fa5
5jwW0kT2vjPHbqeO820odrNhvn2DrrJTybafzL3cbgFYVZA88Q==
-----END CERTIFICATE-----